Glossary
Sophos Endpoint Security and Control
Glossary
- adware and PUAs
- Adware displays advertising, for example, pop-up messages, which affects user
productivity and system efficiency. A potentially unwanted application (PUA) is
an application that is not inherently malicious but is generally considered
unsuitable for the majority of business networks.
- application rule
- A rule that applies only to packets of data transferred over the
network to or from a particular application.
-
- Authorization manager
- The module that enables you to authorize adware and PUAs, suspicious files, and applications that exhibit suspicious behavior and buffer overflows.
- automatic cleanup
- Cleanup that is performed without any intervention or acceptance by you.
- blocked
- A status showing that applications (including hidden processes),
connections, protocols, ICMP messages, and so on have been refused network
access.
-
- buffer overflow detection
- Detects buffer overflow attacks.
-
- checksum
- Each version of an application has a unique checksum. The firewall
can use this checksum to decide whether an application is allowed or not.
-
- cleanup
- Cleanup eliminates threats on your computer by removing a virus from a file or
boot sector, moving or deleting a suspicious file, or deleting an item of adware
or PUA. It is not available for threats that are detected by web page scanning
because the threats are not downloaded to your computer. Therefore, there is no
need to take any action.
- Content Control List (CCL)
- A set of conditions that specify file content, for example, credit
or debit card numbers, or bank account details near to other forms of
personally identifiable information. There are two types of Content Control
List: SophosLabs Content Control List and custom Content Control List.
-
- content rule
- A rule that contains one or more Content Control Lists and
specifies the action that is taken if the user attempts to transfer data that
matches all the Content Control Lists in the rule to the specified destination.
-
- controlled application
- An application that is prevented from running on your computer by
your organisation's security policy.
-
- custom rule
- A rule created by the user to specify the circumstances under which
an application is allowed to run.
-
- data control
- A feature to reduce accidental data loss from workstations. It
works by taking action when a workstation user tries to transfer a file that
meets criteria defined in the data control policy and rules. For example, when
a user attempts to copy a spreadsheet containing a list of customer data to a
removable storage device or upload a document marked as confidential into a
webmail account, data control will block the transfer, if configured to do so.
-
- data view
- The view that displays different data depending on the item
selected in the tree view.
-
- description bar
- A bar in the log viewer which appears above the data view and
contains the name of the currently selected item in the tree view.
-
- device control
- A feature to reduce accidental data loss from workstations and
restrict introduction of software from outside of the network. It works by
taking action when a workstation user tries to use an unauthorized storage
device or networking device on their workstation.
-
- extensive scanning
- Scans every part of every file.
- firewall event
- A situation that occurs when an unknown application, or the
operating system, on one computer tries to communicate with another computer
over a network connection in a way that was not specifically requested by the
applications running on the other computer.
-
- firewall policy
- The settings issued by the management console which the firewall
uses to monitor the computer's connection to the internet and other networks.
-
- global rules
- Rules that are applied to all network connections and applications
which do not already have a rule. They take lower priority than the rules set
on the LAN page. They also take lower priority than application rules (unless
the user specifies otherwise).
-
- hidden process
- An application sometimes launches a hidden process to perform some
network access for it. Malicious applications may use this technique to evade
firewalls: they launch a trusted application to access the network rather than
doing so themselves.
-
- high-priority global rule
- A rule that is applied before any other global or application rule.
-
- Host Intrusion Prevention System (HIPS)
- Overall term for pre-execution behavior analysis and runtime
behavior analysis.
-
- ICMP
- Abbreviation for "Internet Control Message Protocol." A
network-layer internet protocol that provides error correction and other
information relevant to IP packet processing.
-
- ICMP settings
- The settings that specify which types of network management
communication are allowed.
-
- instant messaging
- A category of controlled applications that includes instant
messaging client applications (e.g. MSN).
-
- interactive mode
- The mode in which the firewall displays one or more learning dialogs when it detects network traffic for which
it has no rule. This feature applies only to Sophos Client Firewall for Windows 7 and earlier.
-
- learning dialog
- A dialog box that asks the user to choose whether to allow or block network activity when an unknown application
requests network access. This feature applies only to Sophos Client Firewall for Windows 7 and earlier.
-
- log cleanup settings
- The settings that control when records are deleted.
-
- log viewer
- A form where users can view details from the event database, such
as connections that have been allowed or blocked, the system log and any alerts
that have been raised.
-
- manual cleanup
- Cleanup that is performed by using special disinfectors or utilities, or by deleting files manually.
- match
- Equal the content that is defined in a Content Control List.
-
- NetBIOS
- Abbreviation for "Network Basic Input/Output System." Software that
provides an interface between the operating system, the I/O bus, and the
network. Nearly all Windows-based LANs are based on NetBIOS.
- network protocol
- A set of rules or standards designed to enable computers to connect
with one another over a network and to exchange information with as little
error as possible.
-
- non-interactive mode
- The mode in which the firewall either blocks or allows all network
traffic for which it has no rule.
-
- normal scanning
- Scans only those parts of each file that are likely to be infected with a virus.
- on-access scan
- Your main method of protection against threats. Whenever you copy, move, or open a file, or
start a program, Sophos Anti-Virus scans the file or program and grants access
to it only if it does not pose a threat to your computer or has been authorized
for use.
- on-demand scan
- A scan that you initiate. You can use an on-demand scan to scan anything from a single file to everything on your computer that you have permission to read.
- primary configuration
- The firewall configuration used for the corporate network that the
user connects to for their day-to-day business.
- process settings
- The settings that specify whether modified or hidden processes
should be allowed network access.
-
- Quarantine manager
- The module that enables you to view and deal with items that have been quarantined.
- rawsocket
- Rawsockets allow processes to control all aspects of the data they
send over the network and can be used for malicious purposes.
-
- right-click scan
- A scan of file(s) in Windows Explorer or on the desktop that you run using the shortcut menu.
- rootkit
- A Trojan or technology that is used to hide the presence of a
malicious object (process, file, registry key, or network port) from the
computer user or administrator.
-
- runtime behavior analysis
- Dynamic analysis performed by suspicious behavior detection and
buffer overflow detection.
-
- scanning error
- An error in scanning a file, e.g. access denied.
- scheduled scan
- A scan of your computer, or parts of your computer, that runs at set times.
- secondary configuration
- The firewall configuration used when users are not connected to
the main corporate network, but to another network such as a hotel or airport
wireless network or another corporate network.
-
- spyware
- A program that installs itself onto a user’s computer by stealth, subterfuge, or
social engineering, and sends information from that computer to a third party
without the user’s permission or knowledge.
-
- Sophos Live Protection
- A feature that uses in-the-cloud technology to instantly decide
whether a suspicious file is a threat and take action specified in the Sophos
anti-virus cleanup configuration.
- stateful inspection
- Firewall technology that keeps a table of active TCP and UDP
network connections. Only packets matching a known connection state will be
allowed by the firewall; others will be rejected.
-
- storage device
- Removable storage devices (for example, USB flash drives, PC Card
readers, and external hard disk drives), CD/DVD drives, floppy disk drives, and
secure removable storage devices (for example, SanDisk Cruzer Enterprise,
Kingston Data Traveller, IronKey Enterprise, and IronKey Basic USB flash drives
with hardware encryption).
-
- suspicious behavior detection
- Dynamic analysis of the behavior of all programs running on the
system in order to detect and block activity which appears to be malicious.
- suspicious file
- A file that exhibits a combination of characteristics that are commonly, but not
exclusively, found in viruses.
-
- system memory
- The memory that acts as a bridge between applications and the
actual data processing done at the hardware level. It is used by the operating
system.
- system rule
- A rule that will be applied to all applications and will allow or
block low-level system network activity.
-
- tamper protection
- A feature that prevents unauthorized users (local administrators
and users with limited technical knowledge) and known malware from uninstalling
Sophos security software or disabling it through the Sophos Endpoint Security
and Control interface.
- threat event
- Detection or disinfection of a threat.
- tree view
- The view that controls what data the log viewer displays in its
data view.
-
- true file type
- The file type that is ascertained by analyzing the structure of a
file as opposed to the filename extension. This is a more reliable method.
-
- trusted application
- An application that is allowed full and unconditional access to the
network.
-
- unidentified virus
- A virus for which there is no specific identity.
-
- unknown traffic
- A form of network access by an application or service for which the firewall has no rule.
-
- virus identity file (IDE)
- A file that enables Sophos Anti-Virus to detect and disinfect a particular
virus, Trojan, or worm.
- Voice over IP
- A category of controlled applications that includes Voice over IP
client applications.
-
- working mode
- The setting that determines whether the firewall applies actions with input from the user (interactive mode) or
automatically (the non-interactive modes). The interactive mode was removed in Sophos Client Firewall for Windows 8.
-