In Endpoint Protection (SEP) agent version 14.3 RU4, the Attack Surface Reduction log maximum size is 5MB (5,120kb), even though the Security and Risk Logs Maximum Size in Client Log settings is configured to less than 5,120 KB. If the value is larger than 5,120 KB, then it will adhere to the value.
14.3 RU4 Endpoint agent.
The Attack Surface Reduction log (ASRman.log) contains more events than other Security and Risk logs (avman.log, tdadman.log, etc), so a larger default size is required to retain sufficient events.
The 5MB minimum is a temporary measure until a configurable value for Attack Surface Reduction is added to the Client Log settings. Until then, the log will either be 5mb or match the value configured in Security and Risk log (whichever is larger).