About the sample policies

The sample policies that are included with Symantec ESM are already configured to assess a wide range of potential network vulnerabilities. You can use them with a minimum amount of setup time to discover and fix the most serious and the easily corrected problems first. You can then move on to progressively more sophisticated problems and resolutions.

However, sample policies are not intended for long-term use. Every time you download a security update, sample policies are overwritten and you lose important template and snapshot data and settings.

Note:

You should duplicate sample policies and save them with new names before you download a security update from the Symantec Web site. Security updates overwrite sample policy files, which causes loss of snapshot and other data information.

Six of the seven sample policies run on all supported operating systems. The Dynamic Assessment policy runs only on Windows or UNIX operating systems.

The sample policies include the following:

Phase 1 policy modules	Report the most important and the easily resolved security problems on a computer.
Phase 2 policy modules	Include checks from all available modules, but only the key checks in each module are enabled.
Phase 3 policy modules	Include the following: A relaxed version, which is identical to the Phase 2 policy. A cautious version, which has additional checks enabled. A strict version, which has the remaining critical security checks enabled in all modules.
Queries policy modules	Report information about users, accounts, and computers with installed Symantec ESM and Symantec Intruder Alert components.
Dynamic Assessment policy modules	Runs only on computers with UNIX and Windows operating systems. The Dynamic Assessment policy has one module, the Integrated Command Engine (ICE) module. This module reports the vulnerabilities that are detected by any executables, scripts, or templates that you provide.