Synchronized Application Control
Synchronized Application Control monitors all applications on endpoints connected through Security Heartbeat.
You can see newly detected applications, hide known applications, sort applications into categories, and control their traffic through application filters. Synchronized Application Control supports up to 15,000 applications.
Note
If you're using Synchronized Application Control for the first time, you must turn it on from Sophos Central.
Application categories and labels
Sophos Firewall comes with a default set of categories that includes the most common applications. When Sophos Firewall detects a known application, it categorizes the application accordingly. Detected unknown applications are added to the category SyncAppCtl discovered. You can rename and customize those applications. Assign applications to application filters to control their traffic.
Expand the application view to see all locations on all the endpoints where Sophos Firewall has detected the application.
Applications have the following labels, which you can see in the Manage column:
- New: Newly-detected applications unknown to Sophos Firewall.
- Mapped: Detected applications that have been mapped automatically to an application category.
- Customized: Applications that have been mapped manually.
Managing applications
Acknowledge: Acknowledge new applications to indicate that you’ve seen them and don’t want to change their attributes. This option is useful for applications you don't want to customize and no longer want Sophos Firewall to label as New. Their new label will also be Customized.
Customize: Customize (or change) the application name and its category. Afterwards, the application’s label will be Customized. You can always change these attributes. To customize an application, click More options in the Manage column and select Customize.
Hide/Show: Hide applications you don't want to see any longer. You can then see them only when you select Hidden applications. To see them again on other views, click Show.
Delete: Deleting applications will also remove them from application filters. If Sophos Firewall detects a deleted application again on an endpoint, the application reappears on the application list.
Searching for applications
You can search for applications by the application name, path, category, or endpoints. To control the scope of the search, select an option from the list. Example: System applications.
Application data retention
Synchronized Application Control records the data for all applications detected on all endpoints connected through Security Heartbeat.
In 20.0 MR1 and later versions, the firewall only keeps the last five occurrences of each application per endpoint to conserve storage space. When you migrate to 20.0 MR1 and later versions, the firewall keeps the five most recent occurrences. All older application data is deleted.
Note
During migration to 20.0 MR1 and later versions, the automatic cleanup of Synchronized Application Control data may fail due to low storage space. If this happens, contact Sophos Support.
More resources