Basic policy is just protect DCS resources and well known OS processes.
The main question is what do you mean by software installation?
The java console allows you to manage policies. Usually you would create a folder for your policies in the policies/prevention view. Make a copy of a stock policy in the Symantec folder and drag it into your folder. To edit a policy you can right click and select Edit. This is the same as you do for Detection policies.
To start with prevention policies, the first thing is to go to the global options and disable prevention. This allows you to test policies without breaking things. Depending on the policy version, you may have to click on the Advanced button to see most option.
In the global options, you would initially also check the allow all users to run eventviewer and disable prevention. Also add Administrator to the list of users who can run the DCS tools.
Home/Sandboxes shows the pre-built sandboxes, Home/My Custom Sandboxes allows you to create your own.