This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 89%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
I have create two rules in ASR in one rule i have set audit and in other rule i have set block for same configuration
Block executable files from running unless they meet a prevalence, age, or trusted list criterion
but when i see report from defender its show off
so is it set to eb only one either audit or block for same device ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Muhammad Zeeshan, Thanks for posting in Q&A. In General, Attack surface reduction rules support a merger of settings from different policies, to create a superset of policy for each device. Settings that aren't in conflict are merged, while settings that are in conflict aren't added to the superset of rules.
And it is not recommended to set both audit and block mode for the same rule on the same device. This can cause conflicts and unexpected behavior. It's best to choose one mode or the other for each rule on each device. If you want to test a rule before enabling it, it's recommended to use audit mode first.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi i have applied i want to test is it working or not which exe or dll i need to run and we can check its blocking or not
@Muhammad Zeeshan, Thanks for the reply. When you set the setting as blocked, it will block launching untrusted or unknown executable files. This rule uses cloud-delivered protection to update its trusted list regularly. As test, you can run some unknown exe to see if it works.
can you recommend some exe that need to be run
@Muhammad Zeeshan, Thanks for the reply. I am sorry we don't have recommend on unknown exe. You can search in Google or develop one exe by yourself to test.