Glossary
- Active Directory synchronization event
- An event that occurs during synchronization with Active Directory.
- active sub-estate
- A sub-estate displayed in the Groups pane.
- advanced Content Control List editor
- An editor that enables a user to create a custom Content Control List that
consists of a score, maximum count, regular expression, and a trigger score that
must be reached before the Content Control List is matched.
- Application manager
- A dialog box that enables you to allow or create new rules for applications that
have been blocked by Sophos Client Firewall.
- auditing
- A feature that enables you to monitor changes in Enterprise Console
configuration and other user and system actions.
- automatic protection
- Deployment of security software (installation and policy enforcement) on all the
computers in an Active Directory container as soon as they are synchronized with
Enterprise Console.
- category
- A specific tag that is used to classify SophosLabs Content Control Lists
according to their type, regulation that defines their contents, or region they
apply to.
- Content Control List (CCL)
- A set of conditions that specify file content, for example, credit or debit card
numbers, or bank account details near to other forms of personally identifiable
information. There are two types of Content Control List: SophosLabs Content
Control List and custom Content Control List.
- content rule
- A rule that contains one or more Content Control Lists and specifies the action
that is taken if the user attempts to transfer data that matches all the Content
Control Lists in the rule to the specified destination.
- controlled application
- A non-malicious application that an organization might want to detect or block
because it undermines productivity or network performance.
- controlled data
- Files that meet data control conditions.
- controlled device
- A device that is subject to device control.
- critical level
- A value that triggers the change of an item’s security status to Critical.
- custom Content Control List
- A Content Control List that has been created by a Sophos customer. There are two
ways to create a custom Content Control List: create a simple list of search
terms with a specified search condition, such as “any of these terms,” or use an
advanced Content Control List editor.
- Dashboard
- An at-a-glance view of the network’s security status.
- Dashboard event
- An event in which a dashboard health indicator exceeds critical level. An email
alert is generated when a dashboard event occurs.
- data control
- A feature to reduce accidental data loss from workstations. It works by taking
action when a workstation user tries to transfer a file that meets criteria
defined in the data control policy and rules. For example, when a user attempts
to copy a spreadsheet containing a list of customer data to a removable storage
device or upload a document marked as confidential into a webmail account, data
control will block the transfer, if configured to do so.
- data loss prevention (DLP)
- See data control.
- database
- The component of Sophos Enterprise Console that stores details about computers
on the network.
- Default sub-estate
- A sub-estate that has as its root the server root node of the group tree and the
Unassigned group. It is displayed by default when you
open Enterprise Console for the first time.
- device control
- A feature to reduce accidental data loss from workstations and restrict
introduction of software from outside of the network. It works by taking action
when a workstation user tries to use an unauthorized storage device or
networking device on their workstation.
- download reputation
- Reputation of a file downloaded from the
internet. The reputation is calculated based on
the file's age, source, prevalence, deep content
analysis and other characteristics. It helps to
establish whether the file is safe or is a
potential risk and may harm a user's computer if
downloaded.
- estate
- See IT estate.
- exempt device
- A device that is explicitly excluded from device control.
- expression
- See regular expression.
- file matching rule
- A rule that specifies the action that is taken if the user attempts to transfer
a file with the specified file name or of the specified file type to the
specified destination, for example, block the transfer of databases to removable
storage devices.
- group
- A group of managed computers defined in Sophos Enterprise Console.
- health indicator
- Generic term for icons depicting security status of a dashboard section or item,
or the overall health status of the network.
- Host Intrusion Prevention System (HIPS)
- A security technology that protects computers from suspicious files,
unidentified viruses, and suspicious behavior.
- IT estate
- The company IT environment, including computers, network, and so on.
- Malicious Traffic Detection
- A feature that detects communications between compromised computers and attackers' command and
control servers.
- managed computer
- A computer that has Remote Management System (RMS) installed and on which Sophos
Enterprise Console can report and install and update software.
- management console
- The component of Sophos Enterprise Console that enables you to protect and
manage computers.
- management server
- The component of Sophos Enterprise Console that handles updating and
communications with networked computers.
- maximum count
- The maximum number of matches for a regular expression that can be counted
towards the total score.
- out-of-date computer
- A computer that has not got up-to-date Sophos software.
- patch assessment
- Evaluates computers for installed patches and identifies missing patches.
- policy
- A group of settings, for example, for updating, applied to a group or groups of
computers.
- potentially unwanted application (PUA)
- An application that is not inherently malicious but is generally considered
unsuitable for the majority of business networks.
- quantity
- The volume of the Content Control List key data type that must be found in a
file before the Content Control List is matched.
- quantity key
- The key type of data defined in a Content Control List, to which the quantity
setting is applied. For example, for a Content Control List containing credit or
debit card numbers, the quantity specifies how many credit or debit card numbers
must be found in a file before the Content Control List is matched.
- region
- The scope of a SophosLabs Content Control List. The region either specifies the
country the Content Control List applies to (for country-specific Content
Control Lists) or shows “global” (for global Content Control Lists that apply to
all countries).
- regular expression
- A search string that uses special characters to match a text pattern in a file.
Data control uses Perl 5 regular expression syntax.
- right
- A set of permissions to perform certain tasks in Enterprise Console.
- role
- A set of rights that determines access to Enterprise Console.
- role-based administration
- A feature that allows you to specify which computers a user can access and which
tasks they can carry out, depending on their role in your organization.
- rootkit
- A Trojan or technology that is used to hide the presence of a malicious object
(process, file, registry key, or network port) from the computer user or
administrator.
- rule
- A rule specifies the action that is taken if a file meets certain conditions.
There are two types of data control rule: file matching rule and content rule.
- score
- The number that is added to the total score for a Content Control List when a
regular expression is matched.
- server root node
- The topmost node of the group tree in the Groups pane,
which includes the Unassigned group.
- Sophos Live Protection
- A feature that uses in-the-cloud technology to instantly decide whether a
suspicious file is a threat and take action specified in the Sophos anti-virus
cleanup configuration.
- Sophos Update Manager (SUM)
- A program that downloads Sophos security software and updates from Sophos or
another update server to shared update locations.
- Sophos-defined rule
- A rule that has been provided by Sophos as an example. Sophos-defined rules are
not updated by Sophos.
- SophosLabs Content Control List
- A Content Control List that has been provided and is managed by Sophos. Sophos
can update SophosLabs Content Control Lists or create new Content Control Lists
and make them available in Enterprise Console. The contents of SophosLabs
Content Control Lists cannot be edited. However, the quantity can be set for
each such Content Control List.
- sub-estate
- A named part of the IT estate, containing a subset of the computers and groups.
- sub-estate administration
- A feature that restricts the computers and groups that are available to perform
operations on.
- software subscription
- A set of versions of software for a variety of platforms, selected by the user,
that Update Manager will download and keep updated. One version can be specified
for each supported platform (for example, “Recommended” for Windows).
- suspicious behavior detection
- Dynamic analysis of the behavior of all programs running on the system in order
to detect and block activity which appears to be malicious.
- suspicious file
- A file that exhibits a combination of characteristics that are commonly, but not
exclusively, found in viruses.
- synchronization interval
- The period after which a synchronization point in Enterprise Console is
synchronized with the selected Active Directory container.
- synchronization point (for an Active Directory tree)
- A Sophos Enterprise Console group into which the contents of a selected Active
Directory container (groups and computers or groups only) will be added for
synchronization, their structure preserved.
- synchronization with Active Directory
- A one-way synchronization of Sophos Enterprise Console group(s) with Active
Directory organizational units, or containers.
- synchronized group
- Any group below the synchronization point.
- System Administrator
- A preconfigured role that has full rights to manage Sophos security software on
the network and roles in Enterprise Console.
- The System Administrator role cannot be deleted or have its rights or name
changed, and the Sophos Full Administrators Windows group cannot be removed from
it. Other users and groups can be added to or removed from the role.
- tag
- A descriptor applied to a SophosLabs Content Control List to identify the
contents or scope of the Content Control List. There are three types of tag:
type, regulation, and region.
- tamper protection
- A feature that prevents known malware and unauthorized users (local
administrators and users with limited technical knowledge) from uninstalling
Sophos security software or disabling it through the Sophos Endpoint Security
and Control interface.
- threshold level
- A value that triggers the change of an item’s security status to Warning or
Critical.
- total score
- The sum of the scores for a Content Control List, according to the content that
has been matched.
- trigger score
- The number of times a regular expression must be matched before a Content
Control List is matched.
- true file type
- The file type that is ascertained by analyzing the structure of a file as
opposed to the filename extension. This is a more reliable method.
- type
- The criteria according to which SophosLabs Content Control Lists are classified,
for example, a Content Control List defining passport details, postal addresses,
or email addresses belongs to the Personally Identifiable Information type.
- update manager
- See Sophos Update Manager.
- warning level
- A value that triggers the change of an item’s security status to Warning.
- web control
- A feature that allows you to set and enforce web access policies for your
organization, and to view reports on web browsing usage. You can allow or block
user access to certain categories of websites, and users can also be warned
whether visiting a website will violate your policies.
- web protection
- A feature that detects threats in web pages. This feature blocks sites that have
hosted malicious content in the past and also prevents malicious downloads. Web
protection is part of the anti-virus and HIPS policy.