There are the 3 types of Policies for Unix in Symantec Data Center Security –
1) The UNIX Null prevention policy provides no protection for an agent computer. The Null policy does not log policy violations. The policy is automatically applied to every agent when it registers with the Symantec Data Center Security Server management server. The Null policy works with all supported Solaris and Linux operating systems.
sym_unix_null_sbp v5_0_0 r12 summary.html is policy attached.
2) The UNIX Protection Prevention policy
This is a general integrity protection policy for UNIX machines. It confines many of the Daemons running on the system as well as common applications. In the event that one or more of these services becomes compromised, this policy will limit their ability to harm the integrity of other services or of the operating system itself. By default the root user is also confined.
sym_unix_protection_sbp v5_2_9 r260 summary.html is policy attached.
3) The Unix Targeted Prevention Policy is designed to allow access and modifications to all resources by default, and to only block access or modifications to resources as configured in the policy options. The Unix Targeted Prevention policy is suitable for all Unix systems supported by Symantec Data Center Security Server.
sym_unix_targeted_prevention_sbp v5_2_9 r30 summary.html is attached policy.
There are the 9 types of Policies for Windows in Symantec Data Center Security –
1)The Windows Null prevention policy provides no protection for an agent computer. The Null policy does not log policy violations. The policy is automatically applied to every agent when it registers with the Symantec Data Center Security Server management server. The Null policy works with all supported Windows operating systems.
sym_win_null_sbp v5_0_0 r12 summary.html is attached policy.
2)The 6.0 Windows Prevention policy combines the "Protected Whitelisting" feature with the features of the legacy Core, Strict, and Limited Execution policies into a single policy. The selection of the strategy from the Policy Builder is used to define the default behavior of the policy, and to configure a corresponding set of options within the policy. These behavior settings and option configuration can be modified as needed after the strategy is selected.
sym_win_basic_sbp v6_0_0 r108 summary.html is attached policy.
3)The 6.0 Windows Hardened Prevention policy combines the "Protected Whitelisting" feature with the features of the legacy Core, Strict, and Limited Execution policies into a single policy. The selection of the strategy from the Policy Builder is used to define the default behavior of the policy, and to configure a corresponding set of options within the policy. These behavior settings and option configuration can be modified as needed after the strategy is selected.
sym_win_hardened_sbp v6_0_0 r108 summary.html is attached policy.
4)The Windows Core prevention policy provides basic protection for the operating system and common applications, while providing a highly compatible environment for all other programs. The Core policy gives safe privileges to default services and default interactive programs, and safe privileges to the Windows administrators group. It provides specific behavior controls for Microsoft Outlook and Outlook Express, Microsoft Office, and Microsoft Internet Explorer. It provides specific behavior controls for core operating system services, Microsoft Exchange Server, Microsoft SQL Server, and Microsoft Internet Information Server. The policy prevents remote computers from making inbound network connections to an agent computer; exception lists allow specific remote computers to make inbound network connections. The policy enables buffer overflow detection for host security programs (such as Symantec AntiVirus), core OS and default services, and interactive programs; exception lists allow disabling of buffer overflow detection for specific programs. The Core policy is suitable for most servers and workstations, and works with Windows 2000, Windows Server 2003, Windows XP Professional operating systems, Windows Vista, Windows 2008 and windows 2012.
sym_win_protection_core_sbp v5_2_9 r573 summary.html is attached policy.
5)The Windows Limited Execution prevention policy blocks the execution of all interactive applications, except those applications that are explicitly listed by the Symantec Data Center Security Server administrator. The policy enforces strict restrictions on the interactive applications that are allowed to run, including blocking networking, blocking modification of executable files, and treating Windows administrators as normal users. The Limited Execution policy does not permit Microsoft Outlook, Outlook Express, or Microsoft Office to run. The Windows Limited Execution policy is suitable for dedicated workstations on which few applications are used. It works with Windows 2000, Windows Server 2003, Windows XP Professional operating systems, Windows Vista, Windows 2008 and windows 2012.
sym_win_protection_ltd_exec_sbp v5_2_9 r517 summary.html is attached policy.
6)The Windows Strict prevention policy provides all the protection of the Core prevention policy, and provides additional restrictions on interactive applications. The Strict policy gives standard privileges to default services and default interactive programs. It gives no special privileges to Windows administrators; you must use policy options to set privileged users and user groups. The policy restricts the types of e-mail attachments that can be opened, and denies interactive programs from writing executable files on disk. Except for specific ports, the policy denies network access from default services and default interactive programs; arbitrary programs trying to access the Internet are blocked unless specified in an exception list. The policy protects auto-start locations as read-only; because many programs attempt to write to these auto-start locations in their normal operations, some commands and functions (for example, chkdsk command) will not work under the Strict policy. The Strict policy is suitable for most servers and workstations, and works with Windows 2000, Windows Server 2003, Windows XP Professional operating systems, Windows Vista, Windows 2008 and windows 2012.
sym_win_protection_strict_sbp v5_2_9 r555 summary.html is attached policy.
7)The Windows Targeted Prevention policy does not block anything out of the box and allows the user to turn on only the aspects of prevention that they want. The Targeted Prevention policy is suitable for most servers and workstations, and works with Windows 2000, Windows Server 2003, Windows XP Professional operating systems, Windows 2008, Windows 7 and Windows server 2012.
sym_win_targeted_prevention_sbp v5_2_9 r59 summary.html is attached policy.
8)The 6.0 Windows Targeted Prevention policy does not block anything out of the box and allows the user to turn on only the aspects of prevention that they want. The Targeted Prevention policy is suitable for most servers and workstations, and works with Windows 2000, Windows Server 2003, Windows XP Pro, Windows 2008, Windows 7 and Windows server 2012.
sym_win_targeted_prevention_sbp v6_0_0 r30 summary.html is attached policy.
9)The 6.0 Windows Prevention policy combines the "Protected Whitelisting" feature with the features of the legacy Core, Strict, and Limited Execution policies into a single policy. The selection of the strategy from the Policy Builder is used to define the default behavior of the policy, and to configure a corresponding set of options within the policy. These behavior settings and option configuration can be modified as needed after the strategy is selected.
sym_win_whitelisting_sbp v6_0_0 r108 summary.html is attached policy.
For more information on Policies, I would suggest readers to go through the Symantec documentation -
Symantec™ Data Center Security: Server Advanced v6.5 - Documentation Set
http://www.symantec.com/docs/DOC7979