To finally bring computers into conformance with your organization's security policy, you need to resolve the security problems that the policy runs identify.

Symantec ESM installs with a set of default policies. You should start by running the Phase 1 security policy on your network resources. This policy consists of the modules that check the most significant and potentially problematic security areas of a computer.

When you resolve the problems that the Phase 1 policy identifies, you can move on to the Phase 2 policy. This policy includes all of the available modules but only the key security checks in each module are enabled.

After you resolve the problems that the Phase 2 policy identifies, continue with the Phase 3 policy. This policy has three levels. You can choose the level that raises your network resources to the relaxed, moderate, or strict-level security environment.

The ESM console provides functions to help you resolve the security problems that the policy run reports. The ESM console also lets you modify the checks in the modules to exclude specific items from reports. On occasions, your modifications may affect areas of the computer that should be reported. In these instances, you can use alternative functions to fine-tune your modifications.

The following process outlines how to bring computers into conformance: