Reports threats without blocking or disinfecting files.

The situation described is about seeing threats and gathering information without taking any automatic action. In Audit Mode, the endpoint security system detects and reports threats, but it does not block files, quarantine, or disinfect them. This mode is used to observe how threats would be handled and to generate detailed reports for administrators, without impacting user files or network activity. It’s the best fit for “reports threats without blocking or disinfecting files,” because the emphasis is on visibility and data collection rather than enforcement. Exclusions affect what is scanned or considered safe but don’t by themselves define a reporting-only stance. Linux Operating Mode isn’t relevant to the general concept of how threats are handled on the endpoint. Report Blocking to Users implies some form of user-facing blocking or prompts, which involves action beyond merely reporting, so it doesn’t match the described behavior of not blocking or disinfecting.