1 of 1 people found this helpful
We do weekly a scan on our servers with the Mcafee Virussan Entreprise.
On one of our servers we got a message in the log folder:
Detected cookies: 5
Cleaned cookies: 0
In the report it says that there has been a detection.
What do we have to do with the detected cookies?
My suggestion (regarding cookies): Do nothing (unless you are some 3 letter government/security agency). Ten years ago, malicious/tracking cookies might be a problem, but today, malware use so many other methods, that cookies are irrelevant. The fact that cookies were not deleted, is nothing I would be concerned about today.
However, the fact that a Server has cookies indicates that this server is being used to access the Internet and the sites are storing cookies. This is not a Best Practice for a Server. It is not a workstation, nor should it be used as a workstation. I might review the server in question and how users/admins are using it. Though cookies are not the concern, malware is a concern. Keep scanning it, but check how the server is getting used.
If this is a Terminal Server, than this is normal, but otherwise, I would be concerned on who has access to use the server as a workstation.
Hope this is helpful,
Thank you rmetzger for the answer!
We are speaking about a terminal server.
Sometimes we use the server to go on the internet. But you recommened not to do that?
I do weekly a scan of our servers. In total we have five servers, all with the Mcafee Anti Virusscan Entreprise on it. Is the for our server situation the best programm? Or is there another better product from McAfee?
As a terminal server, users will use it as needed. Access to the Internet is possibly a requirement and expected. Your needs will vary from mine, but I expect most people will access the Internet as a part of normal operations.
However, I might restrict Where they go on the Internet, by putting in stricter rules from HIPS (or firewall), limiting Internet access use to business purposes.
Tracking Cookies are just a mild symptom, not a problem. If you are finding users are going to more dangerous sites, than I would be concerned, but at this point, unless you are having other issues, I would not be alarmed or make massive changes just because of some tracking cookies. To be sure, I would read the tracking cookies that you are detecting and find out what sites they are referring to and determine whe\ther there is a business need for those sites. Follow up with the user and find out if that site is needed or intended for business use. Often, the fact that you noticed this, is enough to let the user know that their access is being Watched, and will stop the less than perfect behaviour.
Good catch, by the way.