Great question! I've also experienced the frustration of QV cookies. After much digging, I discovered that the qlikmachineid cookie is created during one of the function calls embedded in AccessPoint.dll. The text in the dll is partially encrypted, so decompiling and recompiling is not an option because the encryption algorithm is not known. So modifying the process of the cookie creation is not an option unfortunately.
Although you can probably just disable cookies altogether using IE security settings, I suspect that this will cause problems accessing the AccessPoint altogether, although it's certainly worth a shot. By default, there are 2 settings in the Intranet zone for IE that are relevant to you: (1) cookies, and (2) sending user credentials. You can try disabling them both, and if that fixes your problem then push that out to your users via a GPO.
In any event, you need to make sure you are forcing anonymous authentication in QEMC --> System --> QlikView Servers, as well as in IIS (by enabling Anonymous and disabling Windows) if relevant.