We migrated ticketing systems!

If you would like to check on the status of a ticket, please visit huntress.zendesk.com.

For the time being, our documentation will stay the same, we will make a hard cutover when all the documentation is ready. The Huntress Support site will continue to be support.huntress.io, it will just come with a new look and feel.

Click here to check the status of a ticket



Top

What does "Audit the Directory" Mean?

In the remediation details section of an incident report, you may see "audit the directory X".

Often malware will create its own directories. Since the Huntress Agent only enumerates auto-starting applications, we need to make sure that the file is removed. We mention "auditing" these folder locations because other artifacts may be present (a password dump file for example). Something "suspicious" would be anything that is not there by default and is not "business-related". In most cases, the directory only contains a single malicious file and if that directory doesn't contain anything "user/business" related, it's safe to assume the malware created that directory.