Performing the tasks that are common to all policies

Your security policies define how the protection technologies protect your computers from known and unknown threats.
You can manage your
Symantec Endpoint Protection
security policies in many ways. For example, you can create copies of the security policies and then customize the copies for your specific needs. You can lock and unlock certain settings so that users cannot change them on the client computer.
Tasks common to all policies
Add a policy
If you do not want to use one of the default policies, you can add a new policy.
You can add shared policies or non-shared policies.
If you add or edit shared policies in the
page, you must also assign the policies to a group or location. Otherwise those policies are not effective.
Lock and unlock policy settings
You can allow or prevent client users from configuring some policy settings and client user interface settings.
Edit a policy
If you want to change the settings in an existing policy, you can edit it. You can increase or decrease the protection on your computers by modifying its security policies. You do not have to reassign a modified policy unless you change the group assignment.
Assign a policy
To put a policy into use, you must assign it to one or more groups or locations.
Test a policy
Symantec recommends that you always test a new policy before you use it in a production environment.
Update the policies on clients
Based on the available bandwidth, you can configure a client to use push mode or pull mode as its policy update method.
Replace a policy
You can replace a shared policy with another shared policy. You can replace the shared policy in either all locations or for one location.
Copy and paste a policy
Instead of adding a new policy, you may want to copy an existing policy to use as the basis for the new policy.
You can copy and paste policies on either the
page or the
tab on the
You can also copy all the policies in a group and paste them into another group, from the
tab on the
Convert a shared policy to a non-shared policy
You can copy the content of a shared policy and create a non-shared policy from that content.
A copy enables you to change the content of a shared policy in one location and not in all other locations. The copy overrides the existing non-shared policy.
You can convert a shared policy to a non-shared policy if the policy no longer applies to all the groups or all the locations. When you finish the conversion, the converted policy with its new name appears under Location-specific Policies and Settings.
Export and import a policy
You can export an existing policy if you want to use it at a different site or management server. You can then import the policy and apply it to a group or to a specific location.
Withdraw a policy
If you delete a policy,
Symantec Endpoint Protection Manager
removes the policy from the database. If you do not want to delete a policy, but you no longer want to use it, you can withdraw the policy instead.
You can withdraw any type of policy except a
Virus and Spyware Protection policy
and a
LiveUpdate Settings policy
Delete a policy
If a policy is assigned to one or more groups and locations, you cannot delete it until you have unassigned it from all the groups and locations. You can also replace the policy with another policy
Check that the client has the latest policy
You can check whether the client has the latest policy. If not, you can manually update the policy on the client.