Symantec ESM groups security checks into modules, and modules into policies. When a policy runs on an agent, the checks that are enabled in the modules examine the agent computer and report detected vulnerabilities.