Forum Discussion
ASR rule - Block persistence through WMI event subscription
Hi, I have a question on ASR rules. In the Security and Compliance - Reports section there is a nice overview of the rules with status of audit / blocked / not present etc. For 14 out of the 15 ASR...
Hi and thank you.
My question is more on after audit mode is enabled, where can I see the number of events generated ?
"security.microsoft.com/reports" provides a nice overview of many of the ASR rules, but not not for "Block persistence through WMI event subscription". So how can I use the audit mode to evaluate the impact is my question :).
Vytas_Boyev
Microsoft
Microsoftsintra3000 That rule should audit in that portal as well - just yesterday saw this rule firing audits there. If it isn't - I would think that may be cause for a support ticket.