Win - OIB - ES - Attack Surface Reduction - D - ASR Rules (Audit Mode) - v3.1 #173

markpartridge212 · 2026-01-31T02:15:15Z

markpartridge212
Jan 31, 2026

Hi there this audit mode where would I find the audit logs to go through for audit mode or what is the purpose of the audit mode. I presume it would be to check the impact it would have on production devices if using the non audit mode but i cant seem to find any audit logs. Thanks in advance.

Answered by markpartridge212

Jan 31, 2026

Thanks for the response much appreciated

View full answer

incedIT · 2026-01-31T08:19:17Z

incedIT
Jan 31, 2026

If you go to the Security Portal, Reports, ASR then you can see what has been running but would be blocked if the rules were enforced. Then you can make any exceptions you need to in the block policy before enabling.

1 reply

markpartridge212 Jan 31, 2026
Author

Thanks for the response much appreciated

Answer selected by markpartridge212

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Win - OIB - ES - Attack Surface Reduction - D - ASR Rules (Audit Mode) - v3.1 #173

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Win - OIB - ES - Attack Surface Reduction - D - ASR Rules (Audit Mode) - v3.1 #173

Uh oh!

markpartridge212 Jan 31, 2026

Replies: 1 comment · 1 reply

Uh oh!

incedIT Jan 31, 2026

Uh oh!

markpartridge212 Jan 31, 2026 Author

markpartridge212
Jan 31, 2026

Replies: 1 comment 1 reply

incedIT
Jan 31, 2026

markpartridge212 Jan 31, 2026
Author