Video Screencast Help

SEP SBE Cloud - Prevent Cookie Deletion?

Created: 14 Mar 2013 | 3 comments

Can't figure this one out.  SEP-SBE.Cloud deletes browser cookies on scans.  Not a problem so much for me, but my users are up in arms. 

Disable Anti-Spyware in Policy settings?

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

Malicious Cookies are part of the Risk profile and will be detected. I know in SEP 12.1 you can set an Exception to exclude Tracking cookies these if you wish. Unfortunately I don't know SBE 2013 Cloud very well but I would start with the Exception policy and check to see if you can exclude Known Risks. Check in the Known Risks for Tracking Cookies and if they're there, you should be able to exclude.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

It's by design. SEP will delete the browser cookies on scans and it's recommended not to change those settings.

Tracking Cookies are used by Legitmate web sites to track how many times you access their sites.  Web sites that use this type of cookie usually require a log in to access the site.  

Best to verify if this is being caused by the user is to perform a full scan, remove the threat and then reboot the machine. Once the machine is rebooted, then perform another full scan. If the full scan does not find the Tracking Cookie at that time, this means it is being placed there during the day while the user is working on the computer.

Run  the Full scan in Safe Mode with System Restore turned Off

Tracking Cookies - Check this: 

http://www.symantec.com/security_response/writeup.jsp?docid=2006-080217-3524-99

BLOG with Video:

https://www-secure.symantec.com/connect/blogs/tracking-cookies

Refer this thread: https://www-secure.symantec.com/connect/forums/sep-121-detecting-lot-tracking-cookies

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

JasonPeters's picture

I also have a user that accesses a lot of non secure sites that do require login.  Every week the scan removes the tracking cookies.  Support's answer is not to run a full weekly scan.  This is unacceptable.