diff --git a/semanage.conf b/semanage.conf
index bc9d4ac..1dce37b 100644
--- a/semanage.conf
+++ b/semanage.conf
@@ -36,9 +36,10 @@ module-store = direct
 # version is necessary.
 #policy-version = 19
 
-# expand-check check neverallow rules when executing all semanage commands.
-# Large penalty in time if you turn this on.  
-expand-check=0
+# expand-check check neverallow rules when executing all semanage
+# commands. There might be a penalty in execution time if this
+# option is enabled.
+expand-check = 1
 
 # usepasswd check tells semanage to scan all pass word records for home directories
 # and setup the labeling correctly.  If this is turned off, SELinux will label /home