|Setting up Enterprise Console / Creating and using policies|
When you install Enterprise Console,“default” policies are created for you. These policies are applied to any groups you create.
The default policies offer a basic level of security, but to use features like network access control or application control you need to create new policies or change the default policies.
The default updating policy sets endpoints to check for updates to the recommended subscription every 10 minutes from the default software distribution UNC share. To change subscriptions, update locations and other settings, configure update policies as described in Configuring the updating policy.
The default anti-virus and HIPS policy protects computers against viruses and other malware. However, to enable detection of other unwanted/suspicious applications or behavior, you may want to create new policies, or change the default policy. See Anti-virus and HIPS policy.
To define and block unauthorized applications, configure application control policies as described in Application control policy.
To allow bona-fide applications access to a network, configure firewall policies as described in Set up a basic firewall policy.
By default, data control is turned off. To restrict data leakage, configure data control policies as described in Data control policy.
By default, device control is turned off. To restrict allowed hardware devices, configure device control policies as described in Device control policy.
By default, patch assessment is turned off. For new patch policies, assessment is turned on. Once patch assessment is turned on, computers are assessed daily for missing patches (unless you have changed the patch assessment interval). To turn patch assessment on or off or to change the assessment interval, configure patch policies as described in Patch policy.
By default, tamper protection is turned off. To enable tamper protection, configure tamper policies as described in Tamper protection policy.
By default, web control is turned off. To turn on web control, and configure web control policies, see Web control policy.
By default, exploit prevention is turned on. To configure exploit prevention policies, see Exploit prevention policy.