Default Policies

Default policies enable you to set policies for privileged applications that are not handled by any other policy, ensuring that all your organizational applications are managed as soon as you deploy EPM.


The Default Policies page enables you to set any of the policies in a single click, in any of the relevant modes, and gives you an at-a-glance view of the current default policies.

You can also edit the default policies if you have the relevant permission. All the policies are displayed on the Default Policies page, but those that you cannot set or edit appear disabled.

By default, all the default policies are disabled after installation. However, after upgrade, any default policies that have been modified maintain their status and do not need to be reset.


The following tables describe the default policies and their possible settings.

Privilege Management

Privilege Threat Protection

Application Control

Set default policies

  1. From the CyberArk Endpoint Privilege Manager Management Console, expand Policies, then select Default Policies.

    The Default Policies page displays the policies and the modes you can set.

  2. Set the default policies to apply.

  3. Each time you set a default policy, the following message appears:

    • Click Yes to set the Policy mode using the default policy options and targets.

    • Click Customize policy options to open a specific policy page and customize the policy options and targets. See below for more details.

Customize the 'Control unhandled privileged applications' policy

When you confirm that you want to change the 'Control unhandled privileged applications' policy mode to Detect or Elevate, click Customize policy options to access the policy and change specific settings.

Customize all other policies

  1. Click Customize policy options to open the specific policy page. The policy options that are displayed depend on the default mode you set. You will see that the default policy settings are applied.

  2. Customize the policy settings, then click Save.