Endpoint Security Complete

I feel ignorant even asking this, but in SEPM it was super obvious. When you modified an audit signature from something other than Log, you could pick Block or Allow. In the cloud portal this is changed to Enable or Disable, and I just want to be clear which one blocks and which one allows. I feel like Enable could be mean "Allow" or "Enable the rule for blocking" and vice versa for Disable.

It is as I thought. Enable definitely means block. The rule I was interested in used was set to Enable and I have a ton of IPS block events now.
Original Message:
Sent: May 31, 2022 08:05 PM
From: Jesse Kozikowski
Subject: IPS Audit Signatures - Enable vs Disable

I feel ignorant even asking this, but in SEPM it was super obvious. When you modified an audit signature from something other than Log, you could pick Block or Allow. In the cloud portal this is changed to Enable or Disable, and I just want to be clear which one blocks and which one allows. I feel like Enable could be mean "Allow" or "Enable the rule for blocking" and vice versa for Disable.