Endpoint Protection

 View Only

  • 1.  Skimresources

    Posted Nov 12, 2013 11:31 AM

    Has anyone seen or know anything about this particular cookie/site? I've seen that it is used to send tracking data to skimlinks but recently our DLP system flagged these transmissions back to the skim mothership due to requests regarding user IDs passwords. We are using SEP; is there a way to block or remove these cookies?



  • 2.  RE: Skimresources
    Best Answer

    Posted Nov 12, 2013 11:32 AM

    SEP can already block certain cookies for which it has a signature, have you checked your Risk log for anything?

    I would suggest submitting it to security response:

    http://www.symantec.com/security_response/submitsamples.jsp

    You can block the traffic to the site using the firewall.

    Blocking a Website using Symantec Endpoint Protection

    Article:TECH92405  |  Created: 2009-01-16  |  Updated: 2012-08-22  |  Article URL http://www.symantec.com/docs/TECH92405

     



  • 3.  RE: Skimresources

    Posted Nov 12, 2013 11:44 AM

    Brian,

    Thanks for the response. Nothing is showing up in the Risk logs. This came to me only because our DLP monitor sent me the report. We are not currently using the SEP firewall. I have submitted this to our networking team to have the site blocked at the domain level.

    Eric



  • 4.  RE: Skimresources

    Trusted Advisor
    Posted Nov 12, 2013 11:57 AM

    Hello,

    Tracking Cookies are used by Legitmate web sites to track how many times you access their sites.  Web sites that use this type of cookie usually require a log in to access the site.  

    Best to verify if this is being caused by the user is to perform a full scan, remove the threat and then reboot the machine. Once the machine is rebooted, then perform another full scan. If the full scan does not find the Tracking Cookie at that time, this means it is being placed there during the day while the user is working on the computer.

    Run  the Full scan in Safe Mode with System Restore turned Off

    Tracking Cookies - Check this: 

    http://www.symantec.com/security_response/writeup.jsp?docid=2006-080217-3524-99

    BLOG with Video:

    https://www-secure.symantec.com/connect/blogs/tracking-cookies

    Tracking_Cookies.jpg

     

     

    Now your issue: 

    Tracking cookies are, for the most part, completely harmless. As a result they will no be deleted or detected by auto-protect, however during a full scan the cookies are usually found and then deleted. 

    In general this doesn't do any harm to the computer or user. Cookies are usually used by websites to track information about you. Usually the biggest reason people don't want cookies deleted is because that is how websites store their automatic log-in and password information when you click on "remember this password...". If you would like to hear more information on the subject or if you still have more questions please create a new thread.

    Again, if you are annoyed with the notification being displayed, then disable the notification.

    How to disable/enable Startup and Quick Scans within the Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=TECH103044

    In case if you have applied policy for receiving Notification, then you would surely receive Notification for ALL Risks.

    At this point there is no way you could just exclude 1 type of Threat for not receiving Notification.

    However, you could exclude Tracking cookie for being scanned, which would be then be not detected as a Threat.

    OR create a Centralized Risk Exception.

    How to add a Centralized Exception for a detection that is not included with Known Security Risk Exceptions in the Centralized Exception Policy.

    http://www.symantec.com/docs/TECH106170

    Hope this may help you explaining the same!!!