From f71f47da3406968059b22506aac169e552c106cd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 20 Nov 2019 11:13:59 -0800 Subject: [PATCH] Update troubleshoot-asr.md --- .../microsoft-defender-atp/troubleshoot-asr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index a3dda43322..963402fe1d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -64,7 +64,7 @@ Follow these instructions in [Use the demo tool to see how attack surface reduct 2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed). -3. [Review the attack surface reductio rule event logs](attack-surface-reduction.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**. +3. [Review the attack surface reduction rule event logs](attack-surface-reduction.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**. If a rule is not blocking a file or process that you are expecting it should block, first check if audit mode is enabled.