Do I need to create my own policies?
When you install Sophos Enterprise Console,“default” policies are created for you. These policies are applied to any groups you create.
The default policies offer a basic level of security, but to use features like network access control or application control you need to create new policies or change the default policies.
Updating policy
The default updating policy sets endpoints to check for updates to the recommended subscription every 10 minutes from the default software distribution UNC share. To change subscriptions, update locations and other settings, you can configure update policies.
Anti-virus and HIPS
The default anti-virus and HIPS policy protects computers against viruses and other malware. However, to enable detection of other unwanted or suspicious applications or behavior, you may want to create new policies, or change the default policy.
Application control
To define and block unauthorized applications, you can configure application control policies.
Firewall policy
To allow bona-fide applications access to a network, you can configure firewall policies.
Data control
By default, data control is turned off. To restrict data leakage, you can configure data control policies.
Device control
By default, device control is turned off. To restrict allowed hardware devices, you can configure device control policies.
Patch
By default, patch assessment is turned off. For new patch policies, assessment is turned on. Once patch assessment is turned on, computers are assessed daily for missing patches (if you haven't changed the patch assessment interval). To turn patch assessment on or off or to change the assessment interval, you can configure patch policies.
Tamper protection
By default, tamper protection is turned off. To enable tamper protection, you can configure tamper policies.
Web control
By default, web control is turned off. You can turn on web control, and configure web control policies.
Exploit prevention
By default, exploit prevention is turned on. You can configure exploit prevention policies.