I followed the remediation steps, how do I verify the footholds have been removed?

If you remediated a host and want to verify the reported footholds are no longer present,** click the report subject line on the  list:

On the report page, click the Remaining Footholds tabs to view the footholds that were present at the time of the last survey:

Note: Because the agent scans at regular intervals and sends the data to the cloud for analysis, it may take a few minutes for the console to reflect that the footholds have been removed.

You can also view when the host last checked in (LAST SEEN) and last surveyed (LAST SURVEY) by clicking the Host to go to the agent view:

** Remember that Huntress specifically looks for malware that auto-starts at boot/user login. Depending on the malware, there may be other files that do not auto-start and would therefore not be seen by Huntress. That is why we typically recommend wiping the host and restoring from backup when malware is found.

Still need help? Contact Us Contact Us