As cookies are basically a method of tracking your web use, some will be detected by VSE if cookie scanning is enabled.
You can disable cookie scanning in "On-Access General Policies" (in 8.7, not sure if it's the same in 8.8) if you don't want to scan them.
Well... The only thing that bothers me, that theese events are showing in EPO threat event log.
Is it possible to filter them? I would like filter just for cookies, not also for all the other things...
I would highly recommend you edit the queries to remove events where
threat type = cookie and
threat type = access protection
Those aren't virii and they should probably be treated differently than regular events.
Is it possible to do this in event filtering? I haven't found anything with cookie detection there
From a risk perspective I think it would probably be okay to filter them at the event forwarding level. At the moment I don't see great harm in deleting cookies and then just not reporting on it. My personal preference would be to collect them and then delete them after a short period of time. That way I could see if there are semi-dangerous web sites my users are visiting. But that's my view.
Petersimmons thank you for your reply.
If you have time, I would be very kind if you could provide any quick step-by-step how to achieve that cookies are not displayed in audit log. As I have mentioned before I did not find any settings for hidding cookies in even filtering.
1 of 1 people found this helpful
This is an example of the typical filters I use to eliminate noise and get straight to virus events. Unfortunately the events table inside ePO has almost 20 years of history. So there are things that need filtering. But this type of filtering should give you a good handle on the true threats you want to take a look at.
Thank you very much for your reply.
Another thing or suggestion from you would be more then appreciated.
I have managed to prepare the query you have suggested, but I have two more wishes.
-Is it possible that this query would be run once a 10days and send the report to some mailing group?
-I have choosen a PIE CHART but I see it is not visible good enough cause 99,999% are uncompliant and thoose 0,11% which are compliant are not show, well you need to click the compliant word on the right side of window too see those.
Can you suggest me what would be the best approach for charts. I would like to receive a report only from thoose who had viruses not also from others who are not compremised.
(see the attachment bellow)
with best regards,
Message was edited by: bostjanc on 10/24/11 10:47:16 AM GMT+01:00
Untitled.png 69.7 K