Skip to content

Fix Endpoint Threat Protection policy

Ensure your Endpoint Threat Protection policies use the recommended settings.


The recommended settings offer the best security. If you must change settings to fix issues, change as few as you can and apply them to as few devices as you can.

If Account Health Check warns that policies have settings that differ from Sophos recommendations, you can fix this automatically or manually.

Fix automatically

If you choose to fix your policies automatically, we apply our recommended settings for all options in your endpoint threat protection policies to your affected computers. You can review the changes in your audit log.

To fix your policies automatically, do as follows:

  1. Click Fix automatically in the warning.

    Fix endpoint policies.

  2. Confirm that you want to apply our recommended settings.

Fix manually

To fix your policies manually, do as follows:

  1. Click the policy name in the warning.

    Policy health warning.

  2. The Settings tab on the policy page opens. A warning shows at the top of the tab and settings that differ from our recommendations are highlighted in red.

    • If the policy is the Base Policy, as in the example shown here, click Reset to reapply the recommended settings.
    • For any other policy, or if you want to reapply recommendations manually, so you can check each one, go to each highlighted setting and turn it on or reconfigure it.

    A reset turns on all settings except device isolation and SSL/TLS decryption of HTTPS websites (turn these on manually if you want them).

    Policy settings tab.

  3. Click Save at the top of the policy page.

  4. The Settings tab now shows that you have the recommended protection.

    Policy settings tab.