When I change policies, the outcome doesn't match what I would expect, but would explain why so many rules are commented out when I look at the rules file.
When I submit Expert in the gui, the last one in the log snapshot, it seems apply a disabled policy even though it lists 18 thousand odd rules as enabled.
I wouldn't expect Security to disable all the rules.
-=Begin Changes Logged for Thu Jan 7 00:57:47 2016 GMT=-
Set Policy: connectivity
Rule Totals
New:-------0
Deleted:---0
Enabled:---0
Dropped:---0
Disabled:--23078
Total:-----23078No IP Blacklist Changes
-=End Changes Logged for Thu Jan 7 00:57:47 2016 GMT=-
-=Begin Changes Logged for Thu Jan 7 00:58:41 2016 GMT=-
Set Policy: balanced
Rule Totals
New:-------0
Deleted:---0
Enabled:---0
Dropped:---0
Disabled:--23078
Total:-----23078No IP Blacklist Changes
-=End Changes Logged for Thu Jan 7 00:58:41 2016 GMT=-
-=Begin Changes Logged for Thu Jan 7 01:00:07 2016 GMT=-
Set Policy: security
Rule Totals
New:-------0
Deleted:---0
Enabled:---0
Dropped:---0
Disabled:--23078
Total:-----23078No IP Blacklist Changes
-=End Changes Logged for Thu Jan 7 01:00:07 2016 GMT=-
-=Begin Changes Logged for Thu Jan 7 01:00:35 2016 GMT=-
Set Policy: Disabled
Rule Totals
New:-------0
Deleted:---0
Enabled:---18920
Dropped:---0
Disabled:--4158
Total:-----23078No IP Blacklist Changes
-=End Changes Logged for Thu Jan 7 01:00:35 2016 GMT=-