I'm not sure how cookies could be used for phishing. They are essentially a method of storing data and don't execute any code or have the ability to spread malware. Do you have an example of the larger problem you are trying to solve?
simply I want to block all cookies and alow only those we realy need.
Needed cookies could bo those for shopping sites.
No I do not have a rule set that removes all cookies. :-(
It will help me a lot if you could tell me how such a rule set has to look like in MWG 7 .
I am aware that there is rest of risk of cookies generated by script.
when a web site tries to set a cookie it will send a "Set-Cookie" header in the response. You could try to use the "Header.RemoveAll" event to remove the header before a response makes it to the client. So the client will not be instructed to set a cookie.
You can apply this for all web sites and use the rule criteria to set exceptions, for example only execute the rule if the web site is NOT in the shopping category.