Active Directory synchronization event
An event that occurs during synchronization with Active Directory.
active sub-estate
A sub-estate displayed in the Groups pane.
advanced Content Control List editor
An editor that enables a user to create a custom Content Control List that consists of a score, maximum count, regular expression, and a trigger score that must be reached before the Content Control List is matched.
Application manager
A dialog box that enables you to allow or create new rules for applications that have been blocked by Sophos Client Firewall.
A feature that enables you to monitor changes in Enterprise Console configuration and other user and system actions.
automatic protection
Deployment of security software (installation and policy enforcement) on all the computers in an Active Directory container as soon as they are synchronized with Enterprise Console.
A specific tag that is used to classify SophosLabs Content Control Lists according to their type, regulation that defines their contents, or region they apply to.
Content Control List (CCL)
A set of conditions that specify file content, for example, credit or debit card numbers, or bank account details near to other forms of personally identifiable information. There are two types of Content Control List: SophosLabs Content Control List and custom Content Control List.
content rule
A rule that contains one or more Content Control Lists and specifies the action that is taken if the user attempts to transfer data that matches all the Content Control Lists in the rule to the specified destination.
controlled application
A non-malicious application that an organization might want to detect or block because it undermines productivity or network performance.
controlled data
Files that meet data control conditions.
controlled device
A device that is subject to device control.
critical level
A value that triggers the change of an item’s security status to Critical.
custom Content Control List
A Content Control List that has been created by a Sophos customer. There are two ways to create a custom Content Control List: create a simple list of search terms with a specified search condition, such as “any of these terms,” or use an advanced Content Control List editor.
An at-a-glance view of the network’s security status.
Dashboard event
An event in which a dashboard health indicator exceeds critical level. An email alert is generated when a dashboard event occurs.
data control
A feature to reduce accidental data loss from workstations. It works by taking action when a workstation user tries to transfer a file that meets criteria defined in the data control policy and rules. For example, when a user attempts to copy a spreadsheet containing a list of customer data to a removable storage device or upload a document marked as confidential into a webmail account, data control will block the transfer, if configured to do so.
data loss prevention (DLP)
See data control.
The component of Sophos Enterprise Console that stores details about computers on the network.
Default sub-estate
A sub-estate that has as its root the server root node of the group tree and the Unassigned group. It is displayed by default when you open Enterprise Console for the first time.
device control
A feature to reduce accidental data loss from workstations and restrict introduction of software from outside of the network. It works by taking action when a workstation user tries to use an unauthorized storage device or networking device on their workstation.
download reputation
Reputation of a file downloaded from the internet. The reputation is calculated based on the file's age, source, prevalence, deep content analysis and other characteristics. It helps to establish whether the file is safe or is a potential risk and may harm a user's computer if downloaded.
See IT estate.
exempt device
A device that is explicitly excluded from device control.
See regular expression.
file matching rule
A rule that specifies the action that is taken if the user attempts to transfer a file with the specified file name or of the specified file type to the specified destination, for example, block the transfer of databases to removable storage devices.
A group of managed computers defined in Sophos Enterprise Console.
health indicator
Generic term for icons depicting security status of a dashboard section or item, or the overall health status of the network.
Host Intrusion Prevention System (HIPS)
A security technology that protects computers from suspicious files, unidentified viruses, and suspicious behavior.
IT estate
The company IT environment, including computers, network, and so on.
Malicious Traffic Detection
A feature that detects communications between compromised computers and attackers' command and control servers.
managed computer
A computer that has Remote Management System (RMS) installed and on which Sophos Enterprise Console can report and install and update software.
management console
The component of Sophos Enterprise Console that enables you to protect and manage computers.
management server
The component of Sophos Enterprise Console that handles updating and communications with networked computers.
maximum count
The maximum number of matches for a regular expression that can be counted towards the total score.
out-of-date computer
A computer that has not got up-to-date Sophos software.
patch assessment
Evaluates computers for installed patches and identifies missing patches.
A group of settings, for example, for updating, applied to a group or groups of computers.
potentially unwanted application (PUA)
An application that is not inherently malicious but is generally considered unsuitable for the majority of business networks.
The volume of the Content Control List key data type that must be found in a file before the Content Control List is matched.
quantity key
The key type of data defined in a Content Control List, to which the quantity setting is applied. For example, for a Content Control List containing credit or debit card numbers, the quantity specifies how many credit or debit card numbers must be found in a file before the Content Control List is matched.
The scope of a SophosLabs Content Control List. The region either specifies the country the Content Control List applies to (for country-specific Content Control Lists) or shows “global” (for global Content Control Lists that apply to all countries).
regular expression
A search string that uses special characters to match a text pattern in a file. Data control uses Perl 5 regular expression syntax.
A set of permissions to perform certain tasks in Enterprise Console.
A set of rights that determines access to Enterprise Console.
role-based administration
A feature that allows you to specify which computers a user can access and which tasks they can carry out, depending on their role in your organization.
A Trojan or technology that is used to hide the presence of a malicious object (process, file, registry key, or network port) from the computer user or administrator.
A rule specifies the action that is taken if a file meets certain conditions. There are two types of data control rule: file matching rule and content rule.
The number that is added to the total score for a Content Control List when a regular expression is matched.
server root node
The topmost node of the group tree in the Groups pane, which includes the Unassigned group.
Sophos Live Protection
A feature that uses in-the-cloud technology to instantly decide whether a suspicious file is a threat and take action specified in the Sophos anti-virus cleanup configuration.
Sophos Update Manager (SUM)
A program that downloads Sophos security software and updates from Sophos or another update server to shared update locations.
Sophos-defined rule
A rule that has been provided by Sophos as an example. Sophos-defined rules are not updated by Sophos.
SophosLabs Content Control List
A Content Control List that has been provided and is managed by Sophos. Sophos can update SophosLabs Content Control Lists or create new Content Control Lists and make them available in Enterprise Console. The contents of SophosLabs Content Control Lists cannot be edited. However, the quantity can be set for each such Content Control List.
A named part of the IT estate, containing a subset of the computers and groups.
sub-estate administration
A feature that restricts the computers and groups that are available to perform operations on.
software subscription
A set of versions of software for a variety of platforms, selected by the user, that Update Manager will download and keep updated. One version can be specified for each supported platform (for example, “Recommended” for Windows).
suspicious behavior detection
Dynamic analysis of the behavior of all programs running on the system in order to detect and block activity which appears to be malicious.
suspicious file
A file that exhibits a combination of characteristics that are commonly, but not exclusively, found in viruses.
synchronization interval
The period after which a synchronization point in Enterprise Console is synchronized with the selected Active Directory container.
synchronization point (for an Active Directory tree)
A Sophos Enterprise Console group into which the contents of a selected Active Directory container (groups and computers or groups only) will be added for synchronization, their structure preserved.
synchronization with Active Directory
A one-way synchronization of Sophos Enterprise Console group(s) with Active Directory organizational units, or containers.
synchronized group
Any group below the synchronization point.
System Administrator
A preconfigured role that has full rights to manage Sophos security software on the network and roles in Enterprise Console.
The System Administrator role cannot be deleted or have its rights or name changed, and the Sophos Full Administrators Windows group cannot be removed from it. Other users and groups can be added to or removed from the role.
A descriptor applied to a SophosLabs Content Control List to identify the contents or scope of the Content Control List. There are three types of tag: type, regulation, and region.
tamper protection
A feature that prevents known malware and unauthorized users (local administrators and users with limited technical knowledge) from uninstalling Sophos security software or disabling it through the Sophos Endpoint Security and Control interface.
threshold level
A value that triggers the change of an item’s security status to Warning or Critical.
total score
The sum of the scores for a Content Control List, according to the content that has been matched.
trigger score
The number of times a regular expression must be matched before a Content Control List is matched.
true file type
The file type that is ascertained by analyzing the structure of a file as opposed to the filename extension. This is a more reliable method.
The criteria according to which SophosLabs Content Control Lists are classified, for example, a Content Control List defining passport details, postal addresses, or email addresses belongs to the Personally Identifiable Information type.
update manager
See Sophos Update Manager.
warning level
A value that triggers the change of an item’s security status to Warning.
web control
A feature that allows you to set and enforce web access policies for your organization, and to view reports on web browsing usage. You can allow or block user access to certain categories of websites, and users can also be warned whether visiting a website will violate your policies.
web protection
A feature that detects threats in web pages. This feature blocks sites that have hosted malicious content in the past and also prevents malicious downloads. Web protection is part of the anti-virus and HIPS policy.