cancel
Showing results for 
Search instead for 
Did you mean: 
qgudex
Level 7
Report Inappropriate Content
Message 1 of 5

Can I separate Cookie Detections from Other PUP's (VirusScan 8.8p1)

Jump to solution

I've recently started rolling out VirusScan 8.8p1 in our environment (currently on 8.7p4).  I have the new VirusScan option to scan cookies turned on (and I turned off the end-user pop-up for cookie detections since there are so many of them).  My problem is, I've noticed in EPO, that cookie detections are classified as "potentially unwanted programs".  I would like to continue to report on all other PUP's besides the cookie detections, but I'm not sure how.  It appears cookie PUP's use the same event IDs as other PUPs.  Is there a way to do this?  If not, does McAfee have any plans to separate these types of detections in the future?

1 Solution

Accepted Solutions

Re: Can I separate Cookie Detections from Other PUP's (VirusScan 8.8p1)

Jump to solution

You can go to Menu > Reporting > Queries. Select your desired query, for example, VSE: Threats Detected in the Last 24 Hours, click on Edit, then go to Filter tab. On the left corner, select Threat Name. Select the Comparision as does not contain and the Value must be cookie

4 Replies

Re: Can I separate Cookie Detections from Other PUP's (VirusScan 8.8p1)

Jump to solution

You can still forward the events to ePO and exclude cookies for any report queries

qgudex
Level 7
Report Inappropriate Content
Message 3 of 5

Re: Can I separate Cookie Detections from Other PUP's (VirusScan 8.8p1)

Jump to solution

How?  Like I said, it appears cookie PUP's use the same event ID as other PUP's.  Can you explain how you would do this?  Maybe I'm missing something obvious.

Re: Can I separate Cookie Detections from Other PUP's (VirusScan 8.8p1)

Jump to solution

You can go to Menu > Reporting > Queries. Select your desired query, for example, VSE: Threats Detected in the Last 24 Hours, click on Edit, then go to Filter tab. On the left corner, select Threat Name. Select the Comparision as does not contain and the Value must be cookie

qgudex
Level 7
Report Inappropriate Content
Message 5 of 5

Re: Can I separate Cookie Detections from Other PUP's (VirusScan 8.8p1)

Jump to solution

Right!  I see every cookie event has a threat name that starts with "Cookie".  Thanks for your help.