Forum Discussion

stever3901's avatar
stever3901
Copper Contributor
Dec 22, 2021

How to show devices that would be impacted by ASR setting

I have the ASR rule "Block persistence through WMI event subscription" set to audit and it shows that enabling it will be ok for 400 of 410 computers.  IT also shows which computers are not set as recommended... Is there a way to a list of computers that it WILL impact?  I would like to look at the impacted computers to see what makes them different than the other 400.

 

The recommendation also shows "open remediation for safe devices' as though there is a way to enable it for only the devices that would not be impacted by the change. Is there a way to enable ASR rules only on devices that the audit shows will not be impacted?

Resources