documentation.HELP! Sophos Endpoint Security and Control Documentation

Glossary

Sophos Endpoint Security and Control

previous page next page

Glossary

adware and PUAs

Adware displays advertising, for example, pop-up messages, which affects user productivity and system efficiency. A potentially unwanted application (PUA) is an application that is not inherently malicious but is generally considered unsuitable for the majority of business networks.

application rule

A rule that applies only to packets of data transferred over the network to or from a particular application.

Authorization manager

The module that enables you to authorize adware and PUAs, suspicious files, and applications that exhibit suspicious behavior and buffer overflows.

automatic cleanup

Cleanup that is performed without any intervention or acceptance by you.

blocked

A status showing that applications (including hidden processes), connections, protocols, ICMP messages, and so on have been refused network access.

buffer overflow detection

Detects buffer overflow attacks.

checksum

Each version of an application has a unique checksum. The firewall can use this checksum to decide whether an application is allowed or not.

cleanup

Cleanup eliminates threats on your computer by removing a virus from a file or boot sector, moving or deleting a suspicious file, or deleting an item of adware or PUA. It is not available for threats that are detected by web page scanning because the threats are not downloaded to your computer. Therefore, there is no need to take any action.

Content Control List (CCL)

A set of conditions that specify file content, for example, credit or debit card numbers, or bank account details near to other forms of personally identifiable information. There are two types of Content Control List: SophosLabs Content Control List and custom Content Control List.

content rule

A rule that contains one or more Content Control Lists and specifies the action that is taken if the user attempts to transfer data that matches all the Content Control Lists in the rule to the specified destination.

controlled application

An application that is prevented from running on your computer by your organisation's security policy.

custom rule

A rule created by the user to specify the circumstances under which an application is allowed to run.

data control

A feature to reduce accidental data loss from workstations. It works by taking action when a workstation user tries to transfer a file that meets criteria defined in the data control policy and rules. For example, when a user attempts to copy a spreadsheet containing a list of customer data to a removable storage device or upload a document marked as confidential into a webmail account, data control will block the transfer, if configured to do so.

data view

The view that displays different data depending on the item selected in the tree view.

description bar

A bar in the log viewer which appears above the data view and contains the name of the currently selected item in the tree view.

device control

A feature to reduce accidental data loss from workstations and restrict introduction of software from outside of the network. It works by taking action when a workstation user tries to use an unauthorized storage device or networking device on their workstation.

extensive scanning

Scans every part of every file.

firewall event

A situation that occurs when an unknown application, or the operating system, on one computer tries to communicate with another computer over a network connection in a way that was not specifically requested by the applications running on the other computer.

firewall policy

The settings issued by the management console which the firewall uses to monitor the computer's connection to the internet and other networks.

global rules

Rules that are applied to all network connections and applications which do not already have a rule. They take lower priority than the rules set on the LAN page. They also take lower priority than application rules (unless the user specifies otherwise).

hidden process

An application sometimes launches a hidden process to perform some network access for it. Malicious applications may use this technique to evade firewalls: they launch a trusted application to access the network rather than doing so themselves.

high-priority global rule

A rule that is applied before any other global or application rule.

Host Intrusion Prevention System (HIPS)

Overall term for pre-execution behavior analysis and runtime behavior analysis.

ICMP

Abbreviation for "Internet Control Message Protocol." A network-layer internet protocol that provides error correction and other information relevant to IP packet processing.

ICMP settings

The settings that specify which types of network management communication are allowed.

instant messaging

A category of controlled applications that includes instant messaging client applications (e.g. MSN).

interactive mode

The mode in which the firewall displays one or more learning dialogs when it detects network traffic for which it has no rule. This feature applies only to Sophos Client Firewall for Windows 7 and earlier.

learning dialog

A dialog box that asks the user to choose whether to allow or block network activity when an unknown application requests network access. This feature applies only to Sophos Client Firewall for Windows 7 and earlier.

log cleanup settings

The settings that control when records are deleted.

log viewer

A form where users can view details from the event database, such as connections that have been allowed or blocked, the system log and any alerts that have been raised.

manual cleanup

Cleanup that is performed by using special disinfectors or utilities, or by deleting files manually.

match

Equal the content that is defined in a Content Control List.

NetBIOS

Abbreviation for "Network Basic Input/Output System." Software that provides an interface between the operating system, the I/O bus, and the network. Nearly all Windows-based LANs are based on NetBIOS.

network protocol

A set of rules or standards designed to enable computers to connect with one another over a network and to exchange information with as little error as possible.

non-interactive mode

The mode in which the firewall either blocks or allows all network traffic for which it has no rule.

normal scanning

Scans only those parts of each file that are likely to be infected with a virus.

on-access scan

Your main method of protection against threats. Whenever you copy, move, or open a file, or start a program, Sophos Anti-Virus scans the file or program and grants access to it only if it does not pose a threat to your computer or has been authorized for use.

on-demand scan

A scan that you initiate. You can use an on-demand scan to scan anything from a single file to everything on your computer that you have permission to read.

primary configuration

The firewall configuration used for the corporate network that the user connects to for their day-to-day business.

process settings

The settings that specify whether modified or hidden processes should be allowed network access.

Quarantine manager

The module that enables you to view and deal with items that have been quarantined.

rawsocket

Rawsockets allow processes to control all aspects of the data they send over the network and can be used for malicious purposes.

right-click scan

A scan of file(s) in Windows Explorer or on the desktop that you run using the shortcut menu.

rootkit

A Trojan or technology that is used to hide the presence of a malicious object (process, file, registry key, or network port) from the computer user or administrator.

runtime behavior analysis

Dynamic analysis performed by suspicious behavior detection and buffer overflow detection.

scanning error

An error in scanning a file, e.g. access denied.

scheduled scan

A scan of your computer, or parts of your computer, that runs at set times.

secondary configuration

The firewall configuration used when users are not connected to the main corporate network, but to another network such as a hotel or airport wireless network or another corporate network.

spyware

A program that installs itself onto a user’s computer by stealth, subterfuge, or social engineering, and sends information from that computer to a third party without the user’s permission or knowledge.

Sophos Live Protection

A feature that uses in-the-cloud technology to instantly decide whether a suspicious file is a threat and take action specified in the Sophos anti-virus cleanup configuration.

stateful inspection

Firewall technology that keeps a table of active TCP and UDP network connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.

storage device

Removable storage devices (for example, USB flash drives, PC Card readers, and external hard disk drives), CD/DVD drives, floppy disk drives, and secure removable storage devices (for example, SanDisk Cruzer Enterprise, Kingston Data Traveller, IronKey Enterprise, and IronKey Basic USB flash drives with hardware encryption).

suspicious behavior detection

Dynamic analysis of the behavior of all programs running on the system in order to detect and block activity which appears to be malicious.

suspicious file

A file that exhibits a combination of characteristics that are commonly, but not exclusively, found in viruses.

system memory

The memory that acts as a bridge between applications and the actual data processing done at the hardware level. It is used by the operating system.

system rule

A rule that will be applied to all applications and will allow or block low-level system network activity.

tamper protection

A feature that prevents unauthorized users (local administrators and users with limited technical knowledge) and known malware from uninstalling Sophos security software or disabling it through the Sophos Endpoint Security and Control interface.

threat event

Detection or disinfection of a threat.

tree view

The view that controls what data the log viewer displays in its data view.

true file type

The file type that is ascertained by analyzing the structure of a file as opposed to the filename extension. This is a more reliable method.

trusted application

An application that is allowed full and unconditional access to the network.

unidentified virus

A virus for which there is no specific identity.

unknown traffic

A form of network access by an application or service for which the firewall has no rule.

virus identity file (IDE)

A file that enables Sophos Anti-Virus to detect and disinfect a particular virus, Trojan, or worm.

Voice over IP

A category of controlled applications that includes Voice over IP client applications.

working mode

The setting that determines whether the firewall applies actions with input from the user (interactive mode) or automatically (the non-interactive modes). The interactive mode was removed in Sophos Client Firewall for Windows 8.

previous page start next page

Get in touch

Submit feedback about this site to:

• [email protected]