Skip to main content

Huntress Release Notes and Agent Version

Melissa
  • Updated

Summary: Huntress updates detailed with features and bug fixes for all Huntress products

  • Huntress Managed Endpoint Detection and Response (EDR)
  • Huntress Managed Identity Threat Detection and Response (ITDR)
  • Huntress Managed Security Awareness Training (SAT)
  • Huntress Managed Security Information and Event Management (SIEM) 

 

Table of Contents

Agent Version

Recent Release Information:

2025   Jan   Feb   Apr

Historical Versions:

2024   Jan   Feb   Mar   Apr   May   Jun   Jul   Aug   Sep   Oct   Nov   Dec

For 2021-2023, see Historical Huntress Agent and Platform Release Notes

 

Agent Version

Current release version

      Windows: 0.14.18

      macOS: 0.14.10

      Rio (service): 0.7.4

Hosts running an unsupported version of the agent will be marked as "Outdated" in the Huntress portal. 

As Huntress Agent updates roll out over time in batches, agent versions may appear behind but are still considered supported. Agents are set to update automatically given the host is online, agent services are running, and the agent is able to check in to the Huntress portal. Additional action is generally not required to update an active agent.

 

Agent versions older than the below are considered outdated: 

      Windows: 0.13.254

      macOS: 0.13.228

Recent Release Information 

Release Date: April 2025

Features:

Platform:

  • SOC Platform - Partners can now leave comments on Incident Reports. Partners can now comment on Incident Reports! This is useful when partner techs use our portal to triage incidents and want to leave context for other partner techs on an incident - whether due to a shift change, long running investigation, a ticket number or just for additional context. This feature is one-way for internal partner use only and is not responded to by Huntress SOC or Support teams.

SIEM

  • Huntress Managed SIEM Now Uses Custom Syslog Collection Ports. Huntress Managed SIEM now has the ability to assign custom syslog collection ports during configuration. This allows users to flexibly deploy the Huntress SIEM agent in environments with existing syslog collectors or where other applications are utilizing the default syslog port of 514.

Bug Fixes:

  • N/A

___________________________________________________________________

Historical Release Notes

Release Date: February 2025

Features:

EDR:

  • Mac Configuration Wizard released! 
    Deployment of Mac agents requires some extra work after installation, due to Apple requirements. Partners are often unaware of these requirements. This release provides a Wizard - integrated into the Huntress app in the Applications folder - that can help walk through the configuration process for manual installs or installs via RMM, with the goal of ensuring our partners are fully protected.

  • Improvements to Mac status visibility in the Huntress Platform
    • A warning banner was added if there is at least one Mac endpoint with EDR not fully configured
    • A new macOS Fleet Readiness widget has replaced the old macOS Status widget in the Command Center, making it easier to see the enablement status of all Huntress Agents for macOS at a glance
    • The macOS Fleet Readiness widget has been moved higher in the Command Center to ensure it is visible without scrolling

Security Awareness Training (SAT)

  • SAT Assignments UX Improvement 
    We've made enhancements to the admin experience when choosing episodes for a new assignment:
    1. It now defaults to newest episode first
    2. You can now sort episodes for newest to oldest or oldest to newest
    3. You can now filter for All Episodes, Custom only, Curricula Originals only
    4. There is now search/filter by name and episode description.

  • Microsoft Teams notifications for SAT are in ungated early access
    Partners and customers have been asking for notifications in Microsoft Teams rather than email or Slack. This feature has been successfully validated in a private preview and is now in the open 'early access' phase of our product lifecycle. In other words, we are confident in the functionality but still want to encourage feedback on additional functionality.

Bug Fixes:

  • N/A

Release Date: January 2025

Features:

EDR:

  • Defender Exclusion Management and Detection
    We’ve done more work to notify partners of the conflicts and raise awareness around conflicting management between partner tools (GPO / PowerShell) and Huntress management tools. Huntress has also unified the management of exclusion at all levels (account, organization, and agent) into a single UI. This new UI also allows partners to view the prevalence of an exclusion across their fleet.

Security Awareness Training (SAT)

  • Huntress Managed Learning launch time is now configurable
    Historically, all Huntress Managed Learning Assignments went out at the same time. This new feature allows admins to configure the time of day the enrollment goes out in their own time zone. This is particularly useful for customers and partners in Europe, Australia, and New Zealand. To configure this go to Assignments -> Learning plan and hit the gear icon in the upper-right area.
  • SAT MSP Phishing UI: Group by campaign
    The multitenant 'Phishing' UI is powerful in showing all MSP level and customer level phishing campaigns in one view - however it can be overwhelming when each multitenant campaign shows each customer as a row. Now, admins can use the "Group by Campaign" toggle to collapse all the child campaigns into a single row.

Bug Fixes:

  • N/A

 

Release Date: December 2024

Features:

EDR:

  • SOC Phone Support from Huntress Portal goes GA!
    As of 12/3 all Managed EDR partners can now request SOC Support for critical EDR incidents right from the Huntress Portal. This allows partners to communicate via a live chat - or request a callback from the Huntress SOC Support - via a button on the top right of all Managed EDR critical incident reports.

    Feature Details:
    If you select the callback option, all you need to do is input your phone number, name, email, and a brief description of what you need assistance with - the Huntress SOC Support team will call you directly to address your concerns or questions around the associated critical incident report. Each organization in an account is limited to one phone support request at a time.

    This feature is currently only enabled for EDR. Once we get an accurate measure on partner demand we will consider enabling this feature for Critical ITDR incidents.

     

  • Business Platform - Password-less login now available for all Trials (GA)
    I'm excited to announce that we'll be taking our first step on the Product Led Growth journey by making some changes to our trial signup forms

    1. We will now only require a business email address to setup a Huntress Trial!
    a. The rest of the info we currently ask for, will be immediately sourced from our data enrichment vendor 
    b. We will only prompt for any pieces of missing data
    2. We now support Magic Link login! 
    a. Folks will get a one-time use link in their email which can be used to login
    3. Passwords are now optional (but recommended) 
    a. Unless trial users become paid customers, or want to view self-serve pricing, we will not enforce the password/MFA flow - use magic link to login!
    These changes are meant to make it drop-dead easy to start a trial, without compromising quality or changing any other lead workflows.

     

Security Awareness Training (SAT)

  • Newly created SAT groups default to magic link
    To improve usability and security, newly created groups will default to using magic links rather than access codes. This will make it easier for learners to login directly from the email rather than having to copy-paste codes. Existing groups will not be impacted.

  • SAT Dashboard page in GA
    The dashboard page with the phishing over time graph is now in general availability and available to all customers and partners. This page helps admins observe improvement in avoiding simulated compromise over time based on attempt number.

  • Ability to rename Huntress Managed Learning Plan is in GA
    Partners have asked for ways to rename "Huntress Managed Learning - " to something that best reflects their own brand. Now they can! When they go to the Managed Learning Plan page, they can now hit the gear icon and rename future assignments. We also have a beta feature we can enable to customize the time of day that learning plans launch to best support international audiences in EMEA and ANZ.

  • PDF Attachment Phishing GA 
    After a successful Huntress-internal beta, we are excited to share the release of PDF attachment simulated phishing within Huntress Managed SAT. This means that the emails will have an attachment with a bait-link (normal link or QR code) inside to mimic tradecraft observed in the wild.

 

Bug Fixes:

  • N/A

Release Date: November 2024

Features:

EDR

  • MacOS Sequoia 15.1 support is now GA. If you are running 15.0, please update to 15.1 at your earliest convenience. 
  • MacOS Monterey 12 has reached end of life with Apple. While the Huntress Agent may continue to run and be installed at this time, please update to a newer macOS to ensure continued support and future updates. 

  • Request SOC Phone Support from the Huntress Portal (Closed Beta)
    Managed EDR partners can now request SOC Support for critical EDR incidents right from the Huntress Portal.

    This allows partners to communicate via a live chat - or request a callback from the Huntress SOC Support - via a button on the top right of all Managed EDR critical incident reports.

    This will be a Phased Rollout to ensure SOC Support processes are crisp and partner demand is sufficiently managed
    • Today 11/18 - 25% account will have the feature enable
    • Monday 11/25 - 50% account will have the feature enable
    • Monday 12/2 - GA to coincide with Marketing Launch
    Feature Details:
    If you select the callback option, all you need to do is input your phone number, name, email, and a brief description of what you need assistance with - the Huntress SOC Support team will call you directly to address your concerns or questions around the associated critical incident report. Each organization in an account is limited to one phone support request at a time.

    This feature is currently only enabled for EDR. Once we get an accurate measure on partner demand we will consider enabling this feature for Critical ITDR incidents.

     

Security Awareness Training (SAT)

  • SAT multi-language support is no longer behind a feature flag
    Before, admins had to submit a support ticket to get access to multi-language subtitles and notifications. This feature is now un-gated and available to all without having to request it from support.

  • Huntress Managed Learning Plan can be renamed (Closed Beta)
    Many learners/humans don't know who Huntress is, so they are more likely to ignore notification that they are enrolled in "Huntress Managed Learning Plan November 2024."
    Beta participants are now able to rename their plan so the title going forward will be "MSP X November 2024" or "Company Y November 2024."
    We hope this will increase participation in managed learning. The feature is available for beta now and will go to General Availability once we have successfully seen this go out on the December managed learning.
    Existing assignments may now be renamed (GA).

Bug Fixes:

  • N/A

Release Date: October 2024

Features:

Security Awareness Training (SAT)

  • New learner dashboard. The new and vastly improved learner dashboard is now in general availability for all leaders. This new and improved experience is not only much more visually pleasing but also highlights the time remaining per assigned episode to help learners prioritize better.

  • Huntress SAT now has an opt-in open beta for leaderboards. This new feature aims to make learning a bit more fun through a competitive points system to reward top performers. For full details including the steps on how to enable the feature and the point values, check out the Managed SAT Leaderboards KB

Bug Fixes:

  • N/A

Release Date: September 2024

Features:

Security Awareness Training (SAT)

  • SAT now has self-service "Manual Push" for notifications. We occasionally hear that admins want to resend enrollment notifications and reminders for assignments. This happens because there may have been a security tool that wasn't properly configured to allow our emails through or because employees weren't made aware that their company moved to SAT so they deleted the initial email as junk. Admins can now trigger manual pushes in the assignment "Advanced" tab. If you have Manager Notifications enabled via Feature Flag, you can also trigger them from the same place!

  • New beautiful SAT completion certificates. SAT completion certificates have been redesigned and look great now.

  • Improved learner "Guided Tour" experience. Ever accidentally start an episode and when prompted if you want a guided tour of the UI accidentally clicked on "Let's Go" when you intended to skip the tour? We've changed the interface to clearly show "Start Tour" on the left and "Skip" on the right. If you do complete the tour, you now also get opted out of future tours by default.

  • Learners "All" groups option. The Learners page now defaults to "All" groups instead of one group at a time! In the past, learners could only be viewed one group at a time. This was because export and import were buttons on that page and we needed to keep the admin constrained. Those options are now in a modal that selects a specific group allowing us to display all learners in one page.

  • Custom Content Creator: Markdown block. The new "Markdown" block type for SAT custom content creator is now available. This block type allows for greater control over the formatting of slides as well as the ability to embed YouTube, Vimeo, and Loom videos in Huntress SAT custom content.

  • Manager Notifications are now available. Huntress Managed SAT’s most highly requested feature is here! With Manager Notifications, admins can forget about generating and sending reports, and instead let managers know which of their direct reports have incomplete assignments through automated and manually triggered alerts. On top of that, managers also receive magic links that allow them to check on their employees’ progress in real-time. This leads to higher completion rate and less toil for administrators.

  • Pre-configured OAuth providers in SAT. Admins who wish to use the zero-config "Log in with Microsoft" or "Log in with Google" as their primary login, can now choose "Pre-configured OUth providers" and select Microsoft or Google as authentication for the group. Once selected, learner notifications emails and slack messages links will point to a page that only has the Microsoft or Google logins. This can be a great shortcut to skip the tedious SAML SSO process.

Bug Fixes:

  • N/A

Release Date: August 2024

Features:

Incident Reports

  • Automatically log actions on PSAs. When partners approve or reject a remediation plan on an incident report, Huntress now will automatically update the existing PSA ticket with which user or system action took the remediation action and what actions they took. This works for all 4 of our key PSAs (ConnectWise, Autotask, Syncro, Halo) and streamlines the incident workflow further for our partners.

Security Awareness Training (SAT)

  • PDF block in custom content creator is GA (GA). SAT partners often use the custom content creator to send policy documents like acceptable use policies. Historically, they've done that using a link to a PDF on a file share - but this is annoying to manage at scale. Now, you can create a new type of block/slide called "PDF" which allows you to upload a PDF that will be opened in a new browser tab. They can also make clicking this link mandatory before moving on to the next slide
  • Custom Content - Markdown Block with embedded video support (Open Beta). Ever wanted to use in a SAT Custom Content block? Or to embed videos from YouTube, Vimeo, or Loom? Well, now you can. This new block type is live in production as an open beta! Everyone can use it but it does say "Beta" in the UI.

  • Slack Manager Notifications in SAT (Closed Beta). Accounts using the beta manager notifications feature can now get notifications via Slack (as long as they have the Slack integration enabled). More details can be found here.

Bug Fixes:

  • N/A

Release Date: July 2024

Features:

Host Isolation

  • With Huntress agent version 0.13.192, when the portal isolates a host or if additional IP-blocking rules are added to the host, they only exist for as long as the Huntress Agent is running. If the agent is shutdown, isolation and blocking will go away. When a host is rebooted, and no release task has been sent, the host will eventually (within a few minutes) re-apply the isolation and IP-blocking rules. For releasing a host, you can now simply shut the service down. If that's not possible, you can remove the following files, and restart the host.
    [HuntressInstallationDirectory]\huntress-isolation-rule-file
    [HuntressInstallationDirectory]\huntress-ip-blocking-rule-file

Incident Reports

  • Want to see what a Critical Incident Report looks like before ever experiencing one in real life? Now you can! Huntress can now simulate a Critical level incident, including generating a report, isolating a host, and approving/rejecting incident report remediation steps. This is available for both our Managed EDR and Managed ITDR tools. More information can be found here. 

Security Awareness Training (SAT)

  • Mapping of Curricula sub-accounts to Huntress orgs is in GA. We now allow partners to map curricula customer sub-accounts to existing Huntress portal orgs or create new ones. We are doing this in order to support having SAT metrics in the Huntress command center and in preparation for a future where we have a much more tightly integrated multi-product experience.

Bug Fixes:

  • N/A

Release Date: June 2024

Features:

Portal

  • Session Idle Time. Users are often annoyed at how frequently they have to re-authenticate into Huntress. While we don’t want to compromise our security practices, we’ve added a setting to allow users to lengthen their idle time from 30 minutes to 60 minutes. In addition, MSPs that like having the Huntress dashboard up on their main screens can now keep the Command Center dashboard up - it will auto-refresh and keep their session alive.
  • Partners can inform the SOC if the findings in a rejected incident were useful. The Portal now captures usefulness data from partners when they reject a report. Why? We know rejection rates have been on the rise, but we don’t really know if partners find the reported findings useful. This information will help us make data-backed decisions when prioritizing SOC Escalation use cases.
  • Analyst first names and investigative comments are partner visible! The Huntress Brand is all about “Human-Powered Threat Hunting”.
    • In the past, autorun specific investigations would show the name of the analyst and the investigative comment they left. This feature made partners feel good knowing that Huntress had actual humans supporting them 24x7, 365. Unfortunately, Huntress strayed away from this user experience as we scaled EDR from 1 data source (autoruns) to many (antivirus, process, etc.). We strayed further as we grew into a multi-product platform. We're correcting that now! 
  • Left Navigation Update. This update consolidates the left navigation icons into their respective products: one for EDR, one for ITDR and one for SAT. This cleans up our sidebar and prepares us for further navigation streamlining in the future.

  • Managed EDR & Managed ITDR Incident Simulation. You can now simulate incidents for EDR and Microsoft 365! This feature lets you experience the Huntress incident response workflow as if a critical-severity incident was occurring in your network or Microsoft 365 tenant. Incident simulation aims to answer the question of "Is this thing on?", but can also be used during tabletop exercises to test security response protocols.

Security Awareness Training

  • Huntress Phishing Defense Coaching is now enabled for all customers and partners. This means that when their learners click on a simulated phishing message and the scenario within that scenario has been enabled with coaching, the learner will go through this experience rather than the legacy Phishing Recovery episode. 
  • New Phishing Campaign Report is in GA. The new and vastly improved phishing campaign report that includes data on responses from Phishing Defense Coaching is now in GA. This report is available at the MSP and customer level. It also includes new multi-select filters as well as the ability to expand/close all the cards! This will make it easier to find actionable data from phishing campaigns.

Bug Fixes:

N/A

  • N/A

Release Date: May 2024

Features:

Portal

  • Multi-Org Host Isolation is now available! This enables Partner Admin user roles to isolate endpoints across multiple organization within a single Huntress account from the organizations page. This is useful when multiple clients of an MSP have been hacked and we need to act quickly to quarantine the infected networks. This feature also enables isolation release across multiple organizations.
  • Customers can now map Huntress Portal organizations to SAT. Previously, there was no linkage between Huntress Portal and the SAT Portal aside from SSO. With this update, we allow customers to link their data together. This will enable future cross-product features on the Huntress Portal: e.g. SAT phishing or training based on events within Managed EDR or Managed ITDR, or monthly PDF reports that also include SAT.
  • Account Settings are now tabbed. Our Account Settings page was getting out of hand: one massive page of all sorts of settings. This update brings logical grouping to users updating their Huntress settings.
  • The Reported Incidents table has been restructured to make it easier for partners and Huntress Staff to filter for and find reports of interest. Users can now clearly see when an incident report has been previously rejected and the reason for its rejection. If a report is in the process of being re-reviewed by the Huntress SOC you will be made aware. This will streamline partner operations and eliminate confusion amongst MSP and MM team members working in the Huntress Portal.

Security Awareness Training

  • Microsoft 365 groups in selectable drop down. Rather than having to copy-paste the GUID of an Microsoft 365 group, you can now scroll or use type-ahead search to select a group.
  • SAT Google sync now supports groups. Google Workspace integrations now allows admins to limit the scope of Google directory sync to a specific group. This is particularly useful for admins who have a group like 'full time employees' or 'security training' within Google.

macOS

  • New macOS Agent Setup Summary Page. We've added a page where you can see all of your macOS agents and their setup status in bulk. Now you don't have to click through each agent to see if they are set up to run our new EDR for macOS. This status page also updates in real-time so you don't have to wait 10-15min to see if your setup worked.

Bug Fixes:

N/A

Release Date: April 2024

Features:

Security Awareness Training

  • Forward Reported Phishing Attempts. SAT Admins who use the 'report phishing' service can now have reported phishing attempts that are not from Huntress be forwarded to a designated email address. This is most commonly used to forward messages to an internal security team or to email security vendors.
  • SAT Learners - Log in with Google. SAT learners can now log in with their Google Workspace account on MyCurricula.com using OAuth without any work/setup required from admins. Admins can opt out of the feature if desired. This is also usable for Huntress employees for our own security awareness training.
  • SAT Locked Learner Status. All SAT admins can now 'lock' a learner's status as active or inactive to prevent directory syncs from changing that state. This eliminates the need to apply the workaround of creating new groups.
  • Microsoft 365 groups in selectable drop down. Rather than having to copy-paste the GUID of an Microsoft 365 group, you can now scroll or use type-ahead search to select a group.

Managed ITDR

  • Improved Managed ITDR Onboarding. Onboarding Microsoft tenants is now more resilient and consistently successful. Over the past few weeks, we’ve rolled out a new backend system to better handle the timeouts and errors that often occur during the 11-step Microsoft tenant integration process. We tested this with new tenants first and then reprocessed existing tenants to address any gaps. While these changes might not be noticeable to most partners, some partners received new incident reports or escalations. These related to existing issues that needed to be corrected or things that we did not have visibility into previously, such as existing ”historic” inbox rules, due to incomplete onboarding.

macOS

  • Agent Installer page updated to streamline the full install of Huntress' agent for macOS. With the addition of Huntress EDR for macOS, we've updated the Agent Installer page to show everything that is needed to install the Huntress agent, System Extension, and grant the required permissions.

  • New macOS Agent Setup Summary Page. We've added a page where you can see all of your macOS agents and their setup status in bulk. Now you don't have to click through each agent to see if they are set up to run our new EDR for macOS. This status page also updates in REAL-TIME so you don't have to wait 10-15min to see if your setup worked. This new page is found by clicking on the macOS Endpoint Setup widget on the Command Center.
    • This page is in the process of being updated with:
      • The ability to filter by setup status
      • The ability to export the list to CSV
      • The ability to install the System Extension in bulk
      • Other minor UX improvements.

Bug Fixes:

Security Awareness Training

  • Custom Content Creator can now handle larger files. Historically, the SAT custom content creator would encounter errors for files over 200mb or so. Note that there is a cap, and files should be at or lower than 999mb. 

 

Release Date: March 2024

Features:

Managed ITDR

  • Partners can now revoke existing sessions for / log out identities that are synced from on-prem AD, even though we can't disable them. For hybrid environments where identities are based in an on-premises directory and sync to the cloud, attempts to disable identities on the cloud side are quickly overwritten by sync. We've revised our product to reflect this; for synced users, the "Revoke and Disable" button is now simply titled "Revoke" and we are no longer attempting to disable them.

  • New "Refresh Identities" button. While Huntress refreshes information about identities automatically from Microsoft on a nightly basis, sometimes it would be helpful to force a refresh manually. We've now enabled this by adding a "Refresh Identities" button to the Microsoft 365 User page. It is most useful when partners or customers have made changes to identities in Microsoft and want to see those changes reflected in Huntress immediately, or if there's a recently-added identity that doesn't have full information in Huntress yet. Huntress automatically adds new users as soon as we see events from them, and product functionality will operate correctly without manually refreshing so this is an option feature.
  • Detection improvements for compliant endpoints. We've updated our detections for Microsoft 365 for activity involving devices that are considered "compliant" and "managed" by Microsoft. Typically these are endpoints being managed with Microsoft Intune that are compliant with security policies. Because activity from these devices is more likely to be from a legitimate user, we now are less likely to issue incident reports for events from them, helping ensure that our detections are as accurate as possible.
  • Re-enable isolated identities. You can now release an identity from isolation manually by using the new "Enable" button on the Microsoft 365 user overview page. This will enable a disabled cloud identity after an incident has been remediated without having to separately log into Microsoft, saving clicks and helping partner and customer technicians work more efficiently. This button will not appear for disabled hybrid identities synced to the cloud from an on-prem Active Directory server; such identities must be re-enabled on-prem.

Platform

  • We now support sending Huntress usage to Autotask! Partners that use Autotask will now be able to save time on operations every month. Instead of manually tracking Managed EDR and Managed ITDR usage on Huntress each month, the integration will do it on their behalf. This is currently a BETA Feature reach out to your Huntress account rep to enable this. 

Bug Fixes:

N/A

 

Release Date: February 2024

Features:

Windows EDR

  • Black Hunt Ransomware Vaccine. Vaccination for Black Hunt ransomware. Huntress will prevent current variants of Black Hunt from executing.
  • IP Allow List for Isolated Endpoints. We now support the configuration of a list of IP addresses that isolated endpoints can connect to. This advanced feature enables partners who do incident response regularly to work more efficiently by remotely investigating and remediating isolated hosts using their self-hosted RMM or other tooling. This feature supports static IP addresses only and will not work with cloud RMM or other tools which use dynamic IP addresses for agent connectivity. See Host Isolation IP Allowlist.

  • Managed Antivirus policy settings are slightly adjusted. When settings/exclusions are set manually or locally via the Defender GUI or tools such as Intune, it creates a conflict with the settings/exclusions set through the Huntress dashboard. When this case is detected, Huntress will stop attempting to overwrite the local host settings/exclusions, and will display noncompliant for the Policy Status. The MAV status will display as Protected.

  • A tooltip has been added for Managed Antivirus Tamper Protection to guide partners on how to enable Tamper Protection if it is disabled.
    • "Microsoft Defender tamper protection settings cannot be managed by Huntress and must be managed through Microsoft. You can manage them at the tenant level through the Microsoft Defender portal or for specific users with Intune. If your team needs it off to complete a task, consider using troubleshooting mode instead" 

macOS

  • Command Center Widget for macOS Agent Setup. We created a new Command Center widget to show how many Huntress agents for macOS still need additional setup to be fully protected. Clicking on this widget will show a list of agents that require additional setup. Clicking into a specific agent will have a checklist to show the exact setup that is missing.

  • EDR Version column on agent table updated to support EDR for macOS. The EDR Version column on the agent table will now show 'Enabled' for any macOS endpoints running Huntress' Beta EDR for macOS. We are looking to expand the Huntress EDR for macOS Beta and this will make it possible to see if EDR for macOS is running or not.

Platform

  • Prospects can now seamlessly try any Huntress product. Before, partners had to follow a convoluted process to get SAT started on the portal. Along with the recent changes to streamline SAT trial issues, it’s easier than ever for customers to see the power of our platform.
  • Partners are required to set defaults when setting up a PSA so that Huntress always knows where to send tickets to. This feature improve our ability to automatically send our partners incident reports in the future by enforcing the selection of defaults across all PSAs. 

Managed ITDR

  • Microsoft License View. User Identities now have a view dedicated to the Microsoft licenses they hold, and which Huntress bills for and does not.

Security Awareness Training

  • SAT customers and partners can now access data on simulated phishing via the API. Documentation has been added to Stoplight API docs.

 

Bug Fixes:

Platform

  • Fix display of Invoices older than 30 days. Previously, to view any invoice older than 30 days, customers had to follow a convoluted process: getting blocked in the portal, sending an email to Huntress, and then having Huntress Finance generate a link for them manually. All invoices can now be easily accessed.
  • Partners that have large PSA implementations can now use auto-map successfully. We saw cases where auto-map was not functioning correctly for partners with a lot of organizations. It would time out and fail to map. This fixes auto-map for all PSAs.

Security Awareness Training

  • SAT trials now start successfully in almost all scenarios. Previously, we saw many instances where customers could not start SAT trials easily. Visibility into error messaging was poor. We’ve resolved most of these cases going forward.\

Release Date: January 2024

Features:

Windows EDR

  • Improved Handling of Microsoft Updates. We continue to invest in our ability to scale our services. When we do this well, it should be invisible to our partners and customers, but we are sharing because a “peek behind the curtain” can be interesting. In this case, we’ve dramatically reduced the quantity of agent surveys (updates sent to our servers when there’s a meaningful security change on an endpoint) we normally receive when Microsoft Updates are rolled out, particularly following “Patch Tuesday”. This has been the source of our peak processing loads and generated extra SOC work. This efficiency increase enables us to continue to keep our pricing low as we serve more and more customers.

macOS

  • Added a new macOS Agent Readiness checklist on the agent detail page for macOS endpoints. This allows partners to quickly understand how to setup a Huntress agent for a macOS endpoint and troubleshoot any issues with that setup.

Platform

  • Auto-map PSA Organizations: Partners can now map organizations for ConnectWise, Autotask, and HaloPSA in two clicks, speeding up onboarding and ongoing management.

  • Enabled SAT for Direct Customers. Direct customers with Huntress can now trial and purchase SAT, simplifying the experience. Previously, customers had to go to the legacy Curricula.com website and create a separate account.

  • Updated cover page of Threat Summary Report PDF. This gives partners more visibility into the value that Huntress provides, adding signals investigated data that was previously unavailable.

Security Portal

  • Signals investigated and incidents reported shown from the the Command Center now highlight 180 days of data rather than 30 days. This enables partners to get a complete picture of what the Huntress 24x7 SOC has done for them lately.

  • Added filtering and export features to the Signals Investigated table. This allows partners to filter data in the portal and then export it for sharing purposes (audit, incident response, etc.).
  • Updated the Weekly/Monthly Account & Organization Summary Emails with Signals Investigated and a link to the new Command Center dashboard. This new data replaced autorun specific investigations and a link to the EDR specific dashboard, because the Huntress Platform is now multi-product (Microsoft 365 and EDR).

Infrastructure and Developer Experience (IDEX)

  • Enabled static outbound IPs. Security-conscious Huntress partners that self-host their PSAs can now use Huntress integrations to improve their workflows. Our knowledge base has been updated to reflect these IP addresses.

Security Awareness Training

  • Forward phishing emails that weren’t from us in Beta. Admins using the Huntress report a phish service but want to receive copies of the emails that aren’t from us can now specify a destination. This feature is still beta but can be enabled for any admins who request it from their account manager.

  • Update to Huntress Managed Learning. We received feedback that learners need more time to catch up on learning assignments if they fall behind. In response, we’ve pushed the end of a learning assignment to the end of the month following the one in which it was assigned.

  • User-configurable time zones. All administrators can now change the time zone in their profile, which makes it much easier for them to schedule tasks like learner reminders and makes reading reports easier.

  • New cards created to help admins onboard in a comprehensive way. These cards remind admins to launch “New Learner Essentials” and Managed Phishing.

Managed ITDR

  • Per user license view: New option in the Microsoft 365 identity left navigation view to view the Microsoft licenses assigned to the identity. Each license lists if it is qualified for billing by Huntress or not. This should help support and partners know which licenses Microsoft has assigned and the reasons Huntress bills for the identity or not.

  • Now tracking VPN usage per identity. As users use VPNs to interact with Microsoft, we begin tracking and building a profile of their VPN usage. With this, we can determine if a new VPN interaction is suspicious or just typical usage for that user. TLDR: Expect more detections on suspicious VPN usage and less on company enforced/sponsored VPN usage.

  • No more duplication of inbox rules. Security will now see inbox rule events only for new or updated rules. This feature also builds the ground work for better tracking of inbox rules and re-ingestion.
  • Added NONPROFIT_PORTAL to non-billable list. Partners will no longer be billed for this license. (They will be billed if the user has other billable licenses.)

 

Bug Fixes:

Windows EDR

  • We addressed an issue where some agents could silently be in an bad state; they will now correctly show as needing to be repaired. 
  • Addressed an issue where under certain conditions, agents might not correctly report the status of tasks they are processing to Huntress, leading to incorrect status. 
  • Made a general performance improvement by optimizing memory allocation in the agent.
  • Windows Defender Status Accuracy. We made a change that will reduce the number of cases that result in Windows Defender status showing as “Unknown”.

Platform

  • Ensure detailed threat report PDF is turned on for all new partners. Improves onboarding by removing one step for customers when setting up Huntress.
  • Display Microsoft 365 last synced number (Connectwise Billing Integration). Previously, we only displayed the last synced number for Managed EDR but did not do so for Managed ITDR. This update adds visibility for partners.
  • Add Ramp Info to all Subscription pages. Many Huntress customers have subscriptions that ramp up over time. This information is now displayed in the portal, reducing customer confusion during the first few months of deploying Huntress

Security Portal

  • Improved the display of long Microsoft 365 User Principle Names (UPNs) in the Portal. These UPN values were scrolling off Portal pages and degrading the user experience.

Security Awareness Training

  • Report phishing queue is no longer stuck.

  • Regenerated the Monthly Reports that were generated incorrectly and sent them with the corrected data. Added tests to make sure we don’t have this issue again.
  • The Auto-enroll feature for “New Learner Essentials” is no longer broken.

Managed ITDR

  • Internal jobs cut into per organization jobs. Partners will see less false error messages, in specific scenarios. Engineering will have better insight into true errors.

  • Correct licenses and billable users. Some partners encountered fewer billable users than their licensing would expect. Microsoft is now properly reporting that to us, and we are reporting billable users correctly.

Related articles