We migrated ticketing systems!

If you would like to check on the status of a ticket, please visit huntress.zendesk.com.

For the time being, our documentation will stay the same, we will make a hard cutover when all the documentation is ready. The Huntress Support site will continue to be support.huntress.io, it will just come with a new look and feel.

Click here to check the status of a ticket


What files does Huntress collect?

Collected files are opened in read-only mode by the Huntress Agent to send a "copy" to the cloud for analysis by our ThreatOps team. The original file remains on the host. We do not remove files when collecting them.

You may have noticed the "Collected Files" section within your Huntress Dashboard and wonder what it referred to. As stated in our Privacy Policy, Huntress collects files associated with auto-starting applications:

For additional examination the User agrees that the Huntress software automatically provides to us files (executable files and/or associated libraries, and scripts) for applications configured to start when the computer boots or when a user logs in that Huntress Labs has not catalogued.

The collected files are used to determine the validity of an autorun (auto-starting application). The examination of these files provide the analyst with the evidence to support whether an autorun is Reputable or Malicious. If the file is malicious, we use details learned from analyzing it to help develop the remediation instructions.

We believe in being transparent, therefore we show all files that were collected by Huntress from your computers on the "Collected Files" page.