Audit mode

Audit mode monitors the processes run on Windows, macOS, and Linux computers, and detects and notifies threats.

Enabling Audit mode for a settings profile does not change the overall status of the protections applied to the computers that receive the settings. Nor does it change the configuration of the protections in the web console. Threats continue to be detected and reported, but they are not blocked or deleted.

We recommend that you limit the use of Audit mode as much as possible to minimize the time your computers are exposed to the threats detected.

To enable Audit mode:

• Select Settings from the top menu. Select Workstations and servers from the side menu.

• Select the settings profile for which you want to enable Audit mode. To create a settings profile, see Creating and managing settings profiles.

• Select Audit mode. Enable the toggle.

• Click Save. A message appears at the top of the Edit settings page, indicating that you have enabled Audit mode for the settings profile and the risk it entails.

Viewing computers in Audit mode

The Protection status widget shows the number of computers that have Audit mode enabled. Click the text on the widget to go to the Risks by computer list filtered by the Audit mode enabled risk.

For more information, see Security module panels/widgets and Risk assessment module lists.