Adware displays advertising, for example, pop-up
messages, which affects user productivity and system efficiency. A
potentially unwanted application (PUA) is an application that is
not inherently malicious but is generally considered unsuitable for
the majority of business networks.
application rule
A rule that applies only to packets of data
transferred over the network to or from a particular
application.
Authorization manager
The module that enables you to authorize adware and
PUAs, suspicious files, and applications that exhibit suspicious
behavior and buffer overflows.
automatic cleanup
Cleanup that is performed without any intervention
or acceptance by you.
blocked
A status showing that applications (including hidden
processes), connections, protocols, ICMP messages, and so on have
been refused network access.
buffer overflow detection
Detects buffer overflow attacks.
checksum
Each version of an application has a unique
checksum. The firewall can use this checksum to decide whether an
application is allowed or not.
cleanup
Cleanup eliminates threats on your computer by
removing a virus from a file or boot sector, moving or deleting a
suspicious file, or deleting an item of adware or PUA. It is not
available for threats that are detected by web page scanning
because the threats are not downloaded to your computer. Therefore,
there is no need to take any action.
Content Control List (CCL)
A set of conditions that specify file content, for
example, credit or debit card numbers, or bank account details near
to other forms of personally identifiable information. There are
two types of Content Control List: SophosLabs Content Control List
and custom Content Control List.
content rule
A rule that contains one or more Content Control
Lists and specifies the action that is taken if the user attempts
to transfer data that matches all the Content Control Lists in the
rule to the specified destination.
controlled application
An application that is prevented from running on
your computer by your organisation's security policy.
custom rule
A rule created by the user to specify the
circumstances under which an application is allowed to run.
data control
A feature to reduce accidental data loss from
workstations. It works by taking action when a workstation user
tries to transfer a file that meets criteria defined in the data
control policy and rules. For example, when a user attempts to copy
a spreadsheet containing a list of customer data to a removable
storage device or upload a document marked as confidential into a
webmail account, data control will block the transfer, if
configured to do so.
data view
The view that displays different data depending on
the item selected in the tree view.
description bar
A bar in the log viewer which appears above the data
view and contains the name of the currently selected item in the
tree view.
device control
A feature to reduce accidental data loss from
workstations and restrict introduction of software from outside of
the network. It works by taking action when a workstation user
tries to use an unauthorized storage device or networking device on
their workstation.
extensive scanning
Scans every part of every file.
firewall event
A situation that occurs when an unknown application,
or the operating system, on one computer tries to communicate with
another computer over a network connection in a way that was not
specifically requested by the applications running on the other
computer.
firewall policy
The settings issued by the management console which
the firewall uses to monitor the computer's connection to the
internet and other networks.
global rules
Rules that are applied to all network connections
and applications which do not already have a rule. They take lower
priority than the rules set on the LAN page. They also take lower
priority than application rules (unless the user specifies
otherwise).
hidden process
An application sometimes launches a hidden process
to perform some network access for it. Malicious applications may
use this technique to evade firewalls: they launch a trusted
application to access the network rather than doing so
themselves.
high-priority global rule
A rule that is applied before any other global or
application rule.
Host Intrusion Prevention System (HIPS)
Overall term for pre-execution behavior analysis and
runtime behavior analysis.
ICMP
Abbreviation for "Internet Control Message
Protocol." A network-layer internet protocol that provides error
correction and other information relevant to IP packet
processing.
ICMP settings
The settings that specify which types of network
management communication are allowed.
instant messaging
A category of controlled applications that includes
instant messaging client applications (e.g. MSN).
interactive mode
The mode in which the firewall displays one or more
learning dialogs when it detects network traffic for which it has
no rule.
learning dialog
A dialog box that asks the user to choose whether to
allow or block network activity when an unknown application
requests network access.
log cleanup settings
The settings that control when records are
deleted.
log viewer
A form where users can view details from the event
database, such as connections that have been allowed or blocked,
the system log and any alerts that have been raised.
manual cleanup
Cleanup that is performed by using special
disinfectors or utilities, or by deleting files manually.
match
Equal the content that is defined in a Content
Control List.
NetBIOS
Abbreviation for "Network Basic Input/Output
System." Software that provides an interface between the operating
system, the I/O bus, and the network. Nearly all Windows-based LANs
are based on NetBIOS.
network protocol
A set of rules or standards designed to enable
computers to connect with one another over a network and to
exchange information with as little error as possible.
non-interactive mode
The mode in which the firewall either blocks or
allows all network traffic for which it has no rule.
normal scanning
Scans only those parts of each file that are likely
to be infected with a virus.
on-access scan
Your main method of protection against threats.
Whenever you copy, move, or open a file, or start a program, Sophos
Anti-Virus scans the file or program and grants access to it only
if it does not pose a threat to your computer or has been
authorized for use.
on-demand scan
A scan that you initiate. You can use an on-demand
scan to scan anything from a single file to everything on your
computer that you have permission to read.
primary configuration
The firewall configuration used for the corporate
network that the user connects to for their day-to-day
business.
process settings
The settings that specify whether modified or hidden
processes should be allowed network access.
Quarantine manager
The module that enables you to view and deal with
items that have been quarantined.
rawsocket
Rawsockets allow processes to control all aspects of
the data they send over the network and can be used for malicious
purposes.
right-click scan
A scan of file(s) in Windows Explorer or on the
desktop that you run using the shortcut menu.
rootkit
A Trojan or technology that is used to hide the
presence of a malicious object (process, file, registry key, or
network port) from the computer user or administrator.
runtime behavior analysis
Dynamic analysis performed by suspicious behavior
detection and buffer overflow detection.
scanning error
An error in scanning a file, e.g. access
denied.
scheduled scan
A scan of your computer, or parts of your computer,
that runs at set times.
secondary configuration
The firewall configuration used when users are not
connected to the main corporate network, but to another network
such as a hotel or airport wireless network or another corporate
network.
spyware
A program that installs itself onto a user’s
computer by stealth, subterfuge, or social engineering, and sends
information from that computer to a third party without the user’s
permission or knowledge.
Sophos Live Protection
A feature that uses in-the-cloud technology to
instantly decide whether a suspicious file is a threat and take
action specified in the Sophos anti-virus cleanup
configuration.
stateful inspection
Firewall technology that keeps a table of active TCP
and UDP network connections. Only packets matching a known
connection state will be allowed by the firewall; others will be
rejected.
storage device
Removable storage devices (for example, USB flash
drives, PC Card readers, and external hard disk drives), CD/DVD
drives, floppy disk drives, and secure removable storage devices
(for example, SanDisk Cruzer Enterprise, Kingston Data Traveller,
IronKey Enterprise, and IronKey Basic USB flash drives with
hardware encryption).
suspicious behavior detection
Dynamic analysis of the behavior of all programs
running on the system in order to detect and block activity which
appears to be malicious.
suspicious file
A file that exhibits a combination of
characteristics that are commonly, but not exclusively, found in
viruses.
system memory
The memory that acts as a bridge between
applications and the actual data processing done at the hardware
level. It is used by the operating system.
system rule
A rule that will be applied to all applications and
will allow or block low-level system network activity.
tamper protection
A feature that prevents unauthorized users (local
administrators and users with limited technical knowledge) and
known malware from uninstalling Sophos security software or
disabling it through the Sophos Endpoint Security and Control
interface.
threat event
Detection or disinfection of a threat.
tree view
The view that controls what data the log viewer
displays in its data view.
true file type
The file type that is ascertained by analyzing the
structure of a file as opposed to the filename extension. This is a
more reliable method.
trusted application
An application that is allowed full and
unconditional access to the network.
unidentified virus
A virus for which there is no specific
identity.
unknown traffic
A form of network access by an application or
service for which the firewall has no rule.
virus identity file (IDE)
A file that enables Sophos Anti-Virus to detect and
disinfect a particular virus, Trojan, or worm.
Voice over IP
A category of controlled applications that includes
Voice over IP client applications.
working mode
The setting that determines whether the firewall
applies actions with input from the user (interactive mode) or
automatically (the non-interactive modes).