Using Assisted Remediation (Beta)
Assisted Remediation is currently in beta.
Assisted Remediation automates the execution of customized remediation actions provided by Huntress. Upon approval, the Huntress Agent will perform the remediation actions on your behalf. Prior to Assisted Remediation, an IT support technician would manually perform the remediation. This required connecting to the host via a remote support utility and carrying out the remediation instructions provided by Huntress. In some cases, it also required coordinating with the end-user. Now, on eligible steps in an incident, a button will appear in the Huntress Portal, allowing technicians to approve and automate the commands required to remediate.
If an incident is reported where assisted remediation is available a button labeled "Review Remediation Plan" will be visible in the Huntress Portal. Please note, there are cases were manual remediation may be required.
After reviewing the remediation plan, the technician can choose to either approve or reject the listed steps for remediation:
If for some reason the remediation plan is not approved, it can be rejected. As part of the rejection process, you can provide details about why it isn’t approved. This allows Huntress to conduct further investigation and make the suggested corrections and re-issue the incident report:
Certain incidents cannot be handled through Assisted Remediation. These incidents will display a red "x" on the "Review Remediation Plan" button and must be remediated by performing the tasks described in the incident report. Some cases where manual intervention is required:
- Malware that has modified system files and removing those files may leave the system unusable
- Malware that has modified an existing registry value rather than creating a new value
NOTE: There are cases where the remediation may fail. Most often due to a process using the file that is to be removed. The agent will attempt to stop services and scheduled tasks, but it does not explicitly terminate processes. If the process is running it may prevent the associated file from being removed, in these cases, manual remediation will be required.