|Setting up Enterprise Console / Creating and using policies|
When you install Enterprise Console, default policies are created for you.
The default updating policy in a fresh installation of Enterprise Console provides:
The default anti-virus and HIPS policy in a fresh installation of Enterprise Console provides:
For a full list of the default settings for the Anti-virus and HIPS policy in a fresh installation of Enterprise Console, go to knowledgebase article 27267.
By default, all applications and application types are allowed. On-access scanning for applications you may want to control on your network is disabled.
By default, the Sophos Client Firewall is enabled and blocks all non-essential traffic. Before you use it throughout your network, you should configure it to allow the applications you want to use. See Set up a basic firewall policy.
For a full list of the default firewall settings, see knowledgebase article 57757.
By default, data control is turned off and no rules are specified to monitor or restrict the transfer of files to the internet or storage devices.
By default, device control is turned off and all devices are allowed.
By default, patch assessment is turned off. For new patch policies, assessment is turned on. Once patch assessment is turned on, computers are assessed daily for missing patches (unless you have changed the patch assessment interval).
By default, tamper protection is turned off and no password is specified to allow authorized endpoint users to re-configure, disable or uninstall Sophos security software.
By default, web control is turned off, and users can visit any site that is not restricted as part of Enterprise Console's web protection. See Web protection.
By default, exploit prevention is turned on. See Exploit prevention policy.