Do I really need to wipe the host?

We recommend wiping a host whenever it has been compromised by malware. This is especially important in cases where the malware runs under an account with administrative privileges. You never know what else may have been changed. Since Huntress only looks at auto-starting applications, we do not see operating system files that may have changed, malicious files that do not automatically start, or user accounts that may have been created. 

We do realize, however, that is not always possible to wipe a host which is why additional remediation suggestions are included in each of the incident reports. The majority of our partners remediate rather than wipe the host, but it all depends on your level of comfort and acceptance of risk.

Device Still Shows in Portal after Wiping

If you wipe/remove a host without installing the Huntress Agent first, you will need to manually uninstall the agent from the Huntress Dashboard following the Remote Uninstallation

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us