Do I need to create my own policies?

When you install Sophos Enterprise Console,“default” policies are created for you. These policies are applied to any groups you create.

The default policies offer a basic level of security, but to use features like network access control or application control you need to create new policies or change the default policies.

Note When you change the default policy, the change applies to all new policies you create.
Note If you use role-based administration, you must have a respective Policy setting right to create or edit a policy. For example, you must have the Policy setting - anti-virus and HIPS right to create or edit an anti-virus and HIPS policy.

Updating policy

The default updating policy sets endpoints to check for updates to the recommended subscription every 10 minutes from the default software distribution UNC share. To change subscriptions, update locations and other settings, you can configure update policies.

Anti-virus and HIPS

The default anti-virus and HIPS policy protects computers against viruses and other malware. However, to enable detection of other unwanted or suspicious applications or behavior, you may want to create new policies, or change the default policy.

Application control

To define and block unauthorized applications, you can configure application control policies.

Firewall policy

To allow bona-fide applications access to a network, you can configure firewall policies.

Data control

By default, data control is turned off. To restrict data leakage, you can configure data control policies.

Device control

By default, device control is turned off. To restrict allowed hardware devices, you can configure device control policies.

Patch

By default, patch assessment is turned off. For new patch policies, assessment is turned on. Once patch assessment is turned on, computers are assessed daily for missing patches (if you haven't changed the patch assessment interval). To turn patch assessment on or off or to change the assessment interval, you can configure patch policies.

Tamper protection

By default, tamper protection is turned off. To enable tamper protection, you can configure tamper policies.

Web control

By default, web control is turned off. You can turn on web control, and configure web control policies.

Exploit prevention

By default, exploit prevention is turned on. You can configure exploit prevention policies.