Based on the article we know that the cookie TSPD_101 can be set by ASM even there's no Proactive Bot Defence or DoS-Profile aktive.
We have set the type of the cookie with name: * to Enfored, which means that a cookie set (at server side) may not be changed by the client. Interesting is that ASM complains about TSPD_101 has been modified.
Do we have to define the TSPD_101 cookie explicit with type Allowed?
The cookie should not be modified by the client. If you find that the client is modifying the TSPD_101 cookie, I would take an httpwatch capture and open a case with support.
Thanks for your answer. I think that the cookie isn't modified by the client but attached to the requests. If the option "Detect Session Hijacking by Device ID Tracking" is responsible for creating the TSPD_101 cookie, then the Violations appears because we have disabled it now and the clients are still sending the cookie along with the requests.
That cookie should not be modified by the client. If your client is modifying your TSPD_101 cookie, we are probably correctly saying something bad is happening: