Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Why does it find tracking cookies when I do a manual full scan but not a scheduled full scan?

Created: 01 Oct 2012 | 8 comments

Everytime I do a full scan manually it find a tracking cookie.  Fine.  (Amusing enough since I'm IT.)

But if the full scan is running on a schedule, why doesn't that full scan also find the tracking cookie?  I'm getting a tracking everytime I run the scan.  It's safe to assume there are tracking cookies on the computers I have set for a scheduled scan but don't do a manual full scan on.

Is the scheduled full scan not really scanning everything?  I'm certain there are more tracking cookies -- Not just in my user folder, but in regular users too.  I find one tracking cookie under my profile every single time I've run a manual full scan.  Why not any from regular users?  And why only when I do a manual full scan?

Comments 8 CommentsJump to latest comment

pete_4u2002's picture

are the cookies present when scheduled scan is started?

have you excluded the folder in scheduled scan?

rmoc's picture

I would assume other users have similar tracking cookies. 

It only happens when I run a scan myself.   I did noticed when I do an internet search I'm using IE9 and I start typing Google.com in the address bar, but I usually type goo and it finds the rest for me.  When it does that it adds a tracking cookie.  It's possible no one else does that, but I imagine someone else here has tracking cookies under their profile. 

I'm leaning towards the full scan not really scanning everything.  I haven't tried running a full scan under a user's profile, just my own when I'm logged in.

Not a huge issue.  It's just ironic that I've got 20+ virus catching events in the SEP events list and the status reports each week.

I don't want to exlude those.  It's great to remove them.  I'd like everyone's tracking cookies removed though, not just mine.

.Brian's picture

It's because cookies cannot execute so they can't be caught by auto-protect. They will only be caught by the scheduled scan.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rmoc's picture

Why doesn't it catch other users' tracking cookies though?  They must be there.  I'm sure I'm not the only one with tracking cookies. 

.Brian's picture

What catches it? Scheduled scan?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rmoc's picture

The scheduled scans don't catch tracking cookies.  It's just when I do a manual scan (so I'm logged in).  From the poster above my tracking cookies are active since I'm logged in.  That would explain why it only catches my tracking cookies.

I'd rather it catches all the tracking cookies if it sees them as a threat (or nuisance).  It's not a huge concern though.  It's just amusing that I'm IT and we get notifications and reports with just my tracking cookies.  "Nothing from the users, but this IT guy has 9 tracking cookies again this week...."

JH-Analyst's picture

From an analyst perspective, is the value of finding those tracking cookies worth the time it takes to invest in dealing with them? Anything detected as a tracking cookie is simply that, a nonmalicious cookie that identifies the user for trending at the source. Modern web presence and marketing equates to tracking cookies being placed onto your computer on a daily basis and most of those that I see are from reputable advertising vendors that have contracts with your typical bigtime high volume sites that either deal in dynamic advertising adverts, session-specific variables, or shopping activities.

Also, the bottom line is that if you found a cookie during a manual scan or even a scheduled scan, the cookie has already done its job if its been there for more than a few seconds. Yes, it is wise to remove them on a frequent basis

---------

Now here's a guess as to what you can look into for the differences in the scanning:

Scheduled scans typically run with fewer resource consumption and are designed to scan files for a specific threat value or threshold. Since tracking cookies are extremely low threat, perhaps your issue is that the scheduled scan setting is of a higher "threat" threshold than your manual scan is set to run at.

This will cause your manual scan to run with more scrutiny and find files that the scheduled scan either chose not to scan or decided it was not of high enough threat to consider.

Let me know if that is what you find, enjoy.

Symantec Tracking Cookie defined: http://www.symantec.com/security_response/writeup.jsp?docid=2006-080217-3524-99

rmoc's picture

I don't really care too much about the tracking cookies.  It's more of a nuisance factor.  And I wonder why it only tells me about mine and doesn't find everyone's -- I wouldn't mind tweaking it to find and delete everyone's tracking cookies.

Ideally I'd like it to just stay quiet and delete them if it considers that much of a threat.  But I'd like it to find all of them and not just mine.