Default Policies

Default policies enable you to set policies for privileged applications that are not handled by any other policy, ensuring that all your organizational applications are managed as soon as you deploy EPM.

Overview

The Default Policies page enables you to set any of the policies in a single click, in any of the relevant modes, and gives you an at-a-glance view of the current default policies.

You can also edit the default policies if you have the relevant permission. All the policies are displayed on the Default Policies page, but those that you cannot set or edit appear disabled.

By default, all the default policies are disabled after installation. However, after upgrade, any default policies that have been modified maintain their status and do not need to be reset.

Policies

The following tables describe the default policies and their possible settings.

Privilege Management

Description

Manages privileged applications that are not managed by any other policy.

Settings

Off - Allows applications to run normally, with no policy.

Detect - Applications can only run in detect mode. For more details, see Detect mode.

Elevate - Applications can only run in elevated mode. For more details, see Elevate mode.

Description

Manages credentials by changing them at regular intervals. EPM can integrate with PVWA to manage credentials that are not always accessible from the network. For more details, see Credentials Rotation Policy.

Settings

Enable - Opens the credentials rotation policy page, where you can create a policy.

On - Applies all credential rotation policies.

Off - Deactivates all credential rotation policies.

Privilege Threat Protection

Description

Policies that protect against threats to Microsoft Windows operating systems, Web browsers, and remote access and IT applications. For more details, see Credentials theft and lateral movement.

Settings

Detect - Monitors threat detection events

Block - Prevents potential threats from being run

Description

Policies that create lures in endpoints to deceive attackers and report them. Activities that are detected from this policy are displayed as attacks in the Threat Protection Inbox.

Settings

Detect - Monitors credential lures and activities performed by attackers with those fake credentials

Block - Terminates processes that tried to authenticate with the fake credentials

Application Control

Description

Controls and monitors events triggered by installation and launch of applications downloaded from the internet. This policy also controls access to the internet, intranet, network shares and memory of other processes.

Settings

Detect - Monitors activities of applications, but does not apply any restrictions

Restrict - Allows applications downloaded from the internet to run with limited capabilities

Block - Prevents applications downloaded from the internet from being run

Description

Controls and monitors events triggered by installation and launch of unhandled applications.

This policy also controls access to the internet, intranet, network shares and memory of other processes.

Settings

Detect - Monitors activities of unhandled applications, but does not apply any restrictions.

Restrict - Allows unhandled applications to run with limited capabilities

Description

Protects against ransomware, a malicious software that holds data files hostage while hackers demand payment to restore access.

This policy is disabled when "Control unhandled applications" is set to "Off" or the "Block all unhandled applications" policy is set to "On".

Settings

On - Applies the ransomware policy.

Off - Deactivates the ransomware policy.

Description

Blocks applications for which no explicit behavior has been defined in Trusted sources or Advanced Windows Application Policies. Unmanaged applications that are currently running will be terminated silently.

Settings

On - Disables all Application Control policies and the Control unhandled privileged applications policy.

Off - Deactivates the Block all unhandled applications policy.

Set default policies

  1. From the CyberArk Endpoint Privilege Manager Management Console, expand Policies, then select Default Policies.

    The Default Policies page displays the policies and the modes you can set.

  2. Set the default policies to apply.

  3. Each time you set a default policy, the following message appears:

    • Click Yes to set the Policy mode using the default policy options and targets.

    • Click Customize policy options to open a specific policy page and customize the policy options and targets. See below for more details.

Customize the 'Control unhandled privileged applications' policy

When you confirm that you want to change the 'Control unhandled privileged applications' policy mode to Detect or Elevate, click Customize policy options to access the policy and change specific settings.

  1. Click Customize policy options to open the Control unhandled privileged applications - Detect page.

  2. Under Policy options, set the following:

    Option

    Description

    Event types

    The event types to collect. Possible options are:

    • Events triggered by end user actions

    • All events

    Collection options

    How the events will be collected. Set the following:

    • Notification method

    • The message displayed to Windows users

    • The message displayed to macOS users

    Click Preview to see each message.

  3. Under Policy targets , set the following:

    Table

    Description

    Apply policy to

    Targets to which the policy will be applied. This includes specific computers, Active Directory security groups, and OS users and groups.

    Exclude policy from

    Targets from which the policy will be excluded. This includes specific computers and Active Directory security groups.

    Click Edit to change each target.

  4. Click Save to save your changes, or click Revert to default to revert to the default settings.

  1. Click Customize policy options to open the Control unhandled privileged applications - Elevate page.

  2. Under Policy options, set the elevation options. For each item that you select, set the message to display. Click Preview to see the message.

  3. Under Policy targets , set the following:

    Table

    Description

    Apply policy to

    Targets to which the policy will be applied. This includes specific computers, Active Directory security groups, and OS users and groups.

    Exclude policy from

    Targets from which the policy will be excluded. This includes specific computers and Active Directory security groups.

    Click Edit to change each target.

  4. Click Save to save your changes,

    or,

    Click Revert to default to revert to the default settings.

Customize all other policies

  1. Click Customize policy options to open the specific policy page. The policy options that are displayed depend on the default mode you set. You will see that the default policy settings are applied.

  2. Customize the policy settings, then click Save.