Do I need to create my own policies?

When you install Sophos Enterprise Console,“default” policies are created for you. These policies are applied to any groups you create.

The default policies offer a basic level of security, but to use features like network access control or application control you need to create new policies or change the default policies.

Note When you change the default policy, the change applies to all new policies you create.
Note If you use role-based administration, you must have a respective Policy setting right to create or edit a policy. For example, you must have the Policy setting - anti-virus and HIPS right to create or edit an anti-virus and HIPS policy. For more information, see Managing roles and sub-estates.

Updating policy

The default updating policy sets endpoints to check for updates to the recommended subscription every 10 minutes from the default software distribution UNC share. To change subscriptions, update locations and other settings, configure update policies as described in Configuring the updating policy.

Anti-virus and HIPS

The default anti-virus and HIPS policy protects computers against viruses and other malware. However, to enable detection of other unwanted/suspicious applications or behavior, you may want to create new policies, or change the default policy. See Anti-virus and HIPS policy.

Application control

To define and block unauthorized applications, configure application control policies as described in Application control policy.

Firewall policy

To allow bona-fide applications access to a network, configure firewall policies as described in Firewall policy.

Data control

By default, data control is turned off. To restrict data leakage, configure data control policies as described in Data control policy.

Device control

By default, device control is turned off. To restrict allowed hardware devices, configure device control policies as described in Device control policy.


By default, patch assessment is turned off. For new patch policies, assessment is turned on. Once patch assessment is turned on, computers are assessed daily for missing patches (unless you have changed the patch assessment interval). To turn patch assessment on or off or to change the assessment interval, configure patch policies as described in Patch policy.

Tamper protection

By default, tamper protection is turned off. To enable tamper protection, configure tamper policies as described in Tamper protection policy.

Web control

By default, web control is turned off. To turn on web control, and configure web control policies, see Web control policy.

Exploit prevention

By default, exploit prevention is turned on. To configure exploit prevention policies, see Exploit prevention policy.