Glossary

The recurring fictional MSP customer used across this site's lessons, a single company that scales from small business to mid-market to enterprise across the Beginner, Intermediate, and Advanced courses.

An explicit list of domains, IPs, applications, or senders that should be permitted even when broader rules would block them.

A routing technique where the same IP address is announced from many physical locations, and the network sends each user to the nearest one.

DNSFilter's feature that maps DNS activity to known applications, surfacing app usage and shadow IT through the filter.

A default-deny posture where only explicitly approved binaries are allowed to execute. Anything else (script, installer, dropped DLL) is blocked at the kernel before it runs.

A configuration mode where rules are evaluated and logged but NOT enforced. Lets you see what would happen before turning enforcement on.

An explicit list of domains, IPs, applications, or senders that should always be blocked regardless of broader category rules.

An Exclaimer asset library holding fonts, colours, logo, icon, banner, meeting background, and disclaimer text that signatures inherit from.

An Exclaimer time-boxed banner image with a hyperlink and start/end dates, appended after a signature; one Campaign at a time, server-side only on Gmail.

The web page that public Wi-Fi networks force users through before letting their device reach the internet.

A label DNSFilter (and similar tools) assigns to a domain so policies can block or allow whole groups of sites at once instead of one-by-one.

ThreatLocker's 24/7 managed approval service. Cyber Hero engineers triage end-user approval requests on the customer's behalf, replying within ThreatLocker's published SLA.

Plain-text legal text appended to outbound email after the signature, configurable as a standalone Disclaimer object, a Disclaimer signature element, or text inside the template.

Domain Name System, the internet's phonebook. Translates human-readable names like "example.com" into IP addresses computers actually connect to.

Blocking risky or policy-violating domains at the DNS resolver layer, before a TCP connection is ever attempted.

A DNS transport that wraps queries inside HTTPS, encrypting them and making them indistinguishable from normal web traffic.

The DNS server a device asks for name-to-IP lookups. Whoever controls the resolver controls (and sees) everything.

A service that maps a fixed hostname to an IP address that changes, typically used when a network's public IP isn't static.

Endpoint Detection and Response, agent-based security that watches process, file, and network behaviour for malicious patterns and gives a SOC the ability to isolate or roll back.

Per-application local-admin elevation that lets a standard user run a specific approved app with admin rights, without giving the user admin rights generally.

An EDR containment action that cuts a compromised endpoint off from partner networks while keeping it reachable for SOC investigation. Limits an attacker's ability to spread laterally without losing forensic visibility.

Identity Threat Detection and Response. Detection and response capabilities focused on the identity layer (Microsoft 365, Google Workspace), watching for compromised credentials, malicious inbox rules, suspicious sign-ins, and rogue OAuth apps.

A signed, base64-encoded token format used to authenticate API calls and pass identity claims between systems.

A ThreatLocker maintenance state where the agent observes execution and auto-creates applications and policies for what it sees, without blocking anything yet.

A security service where humans (a SOC) actively monitor your EDR/SIEM and respond to incidents on your behalf, 24/7.

An Exclaimer Pro feature that applies branded nametag overlays and backgrounds to user video calls in Microsoft Teams, Google Meet, and Zoom.

Requiring a second factor (app code, hardware key, biometric) beyond the password to verify identity.

Microsoft's bundled cloud productivity suite. Exchange Online, SharePoint, OneDrive, Teams, and the Office desktop apps, identity-anchored in Entra ID.

Managed Service Provider, a company that delivers ongoing IT services to client businesses for a recurring fee, typically per-user or per-device.

An identity layer on top of OAuth 2.0 that lets a relying app verify who a user is by trusting an external Identity Provider's token.

A reusable bundle of rules, what to block, what to allow, what to log, applied to one or more groups of users, devices, or sites.

The software that translates an application's print output into the printer's native command language.

A logical destination on a computer that maps a printer name to a print driver and a target device, where jobs wait before they print.

A virtual print queue that lets a user roam between Printix-managed printers and release the same document at whichever one they walk up to.

A vendor application that installs on a printer's touchscreen so users sign in with a card or ID code and release jobs without a phone.

Huntress's process-monitoring service. The agent ships process activity to the platform; the SOC analyses it for malicious or suspicious behaviour using rules mapped against frameworks like MITRE ATT&CK.

Professional Services Automation, the ticketing, time-tracking, billing, and client/contract system of record for an MSP.

Decoy files Huntress drops on protected endpoints to detect ransomware. When a ransomware encryptor touches one, the agent fires an early signal before the encryptor reaches real customer data.

Constraining what an allowed application can do. ThreatLocker's term for application-level boundaries on file access, network reach, registry, and child processes.

Remote Monitoring & Management, agent-based software an MSP installs on every endpoint to inventory, patch, alert, automate, and run scripts at scale.

Security Awareness Training. Scheduled training assignments and simulated phishing campaigns delivered to end users to reduce the human-error surface in a security stack.

Hold a print job in a queue until the user authenticates at the printer, so the document only comes out when they are standing there.

Print infrastructure delivered without an on-prem print server, with drivers, queues, and routing handled in the cloud and a workstation agent.

A platform that ingests security-relevant logs from many sources (firewalls, endpoints, identity, OS event logs) for correlation, alerting, retention, and investigation.

A condition on an Exclaimer signature controlling whether it applies to a given email, evaluated across Senders, Exceptions, Recipients, Date/Time, and Advanced Rules tabs.

An Exclaimer simulator that walks a chosen sender and recipient against every enabled signature and reports which rules passed or failed, without sending real mail.

Returning a deliberately wrong answer (or a controlled IP) for a DNS query so the client never reaches the real (malicious) destination.

A contracted commitment to a measurable response or resolution time, scoped by ticket priority and business hours.

A staffed team that monitors security telemetry around the clock, triages alerts, investigates suspected compromise, and contains active threats. The "managed" part of MDR / Managed EDR.

A VPN configuration that routes only some traffic through the VPN and the rest directly through the local network.

Granular access policy for removable media and file shares. Lets you allow specific USB device serials or specific UNC paths while denying the rest.

A logically-isolated customer environment inside a multi-tenant SaaS, your DNSFilter org, the client's M365 tenant, the RMM customer object.

ThreatLocker's telemetry-driven detection module. Rules evaluate event-log, network, and policy signals to fire alerts or automated responses when defined conditions appear.

A unit of trackable work in the PSA, every customer interaction, alert response, or request becomes one.

ThreatLocker's central activity log. Every policy match across every module (Application Control, Storage, Network, Elevation) lands here with a Permit, Deny, or Ringfenced verdict.

In DNSFilter, an organisation-wide allow or block list whose entries apply to every Filtering Policy in that organisation.

Huntress ITDR feature for managing logins from unfamiliar countries and VPNs. Login events that don't match a user's Microsoft Entra usage location or an Expected rule become escalations the partner resolves by creating a rule.

Reselling a service under your own brand, your logo, your domain, your customer-facing identity, with the underlying vendor invisible.