Summary: Huntress updates detailed with features and bug fixes.
For recent release notes, see Huntress Release Notes and Agent Version
Table of Contents
2024 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2023 Jan Feb Mar May Jul Aug Sep Oct Nov Dec
2022 Jan Feb Mar Apr May Jun Jul Aug Oct Nov Dec
2021 Apr May Jun Jul Aug Sep Oct Nov Dec
Historical Release Notes
Release Date: December 2024
Features:
EDR:
-
SOC Phone Support from Huntress Portal goes GA!
As of 12/3 all Managed EDR partners can now request SOC Support for critical EDR incidents right from the Huntress Portal. This allows partners to communicate via a live chat - or request a callback from the Huntress SOC Support - via a button on the top right of all Managed EDR critical incident reports.Feature Details:
If you select the callback option, all you need to do is input your phone number, name, email, and a brief description of what you need assistance with - the Huntress SOC Support team will call you directly to address your concerns or questions around the associated critical incident report. Each organization in an account is limited to one phone support request at a time.This feature is currently only enabled for EDR. Once we get an accurate measure on partner demand we will consider enabling this feature for Critical ITDR incidents.
-
Business Platform - Password-less login now available for all Trials (GA)
I'm excited to announce that we'll be taking our first step on the Product Led Growth journey by making some changes to our trial signup forms1. We will now only require a business email address to setup a Huntress Trial!
a. The rest of the info we currently ask for, will be immediately sourced from our data enrichment vendor
b. We will only prompt for any pieces of missing data
2. We now support Magic Link login!
a. Folks will get a one-time use link in their email which can be used to login
3. Passwords are now optional (but recommended)
a. Unless trial users become paid customers, or want to view self-serve pricing, we will not enforce the password/MFA flow - use magic link to login!
These changes are meant to make it drop-dead easy to start a trial, without compromising quality or changing any other lead workflows.
Security Awareness Training (SAT)
-
Newly created SAT groups default to magic link
To improve usability and security, newly created groups will default to using magic links rather than access codes. This will make it easier for learners to login directly from the email rather than having to copy-paste codes. Existing groups will not be impacted. -
SAT Dashboard page in GA
The dashboard page with the phishing over time graph is now in general availability and available to all customers and partners. This page helps admins observe improvement in avoiding simulated compromise over time based on attempt number. -
Ability to rename Huntress Managed Learning Plan is in GA
Partners have asked for ways to rename "Huntress Managed Learning - " to something that best reflects their own brand. Now they can! When they go to the Managed Learning Plan page, they can now hit the gear icon and rename future assignments. We also have a beta feature we can enable to customize the time of day that learning plans launch to best support international audiences in EMEA and ANZ. -
PDF Attachment Phishing GA
After a successful Huntress-internal beta, we are excited to share the release of PDF attachment simulated phishing within Huntress Managed SAT. This means that the emails will have an attachment with a bait-link (normal link or QR code) inside to mimic tradecraft observed in the wild.
Bug Fixes:
- N/A
Release Date: November 2024
Features:
EDR
- MacOS Sequoia 15.1 support is now GA. If you are running 15.0, please update to 15.1 at your earliest convenience.
- MacOS Monterey 12 has reached end of life with Apple. While the Huntress Agent may continue to run and be installed at this time, please update to a newer macOS to ensure continued support and future updates.
-
Request SOC Phone Support from the Huntress Portal (Closed Beta)
Managed EDR partners can now request SOC Support for critical EDR incidents right from the Huntress Portal.This allows partners to communicate via a live chat - or request a callback from the Huntress SOC Support - via a button on the top right of all Managed EDR critical incident reports.
This will be a Phased Rollout to ensure SOC Support processes are crisp and partner demand is sufficiently managed
• Today 11/18 - 25% account will have the feature enable
• Monday 11/25 - 50% account will have the feature enable
• Monday 12/2 - GA to coincide with Marketing Launch
Feature Details:
If you select the callback option, all you need to do is input your phone number, name, email, and a brief description of what you need assistance with - the Huntress SOC Support team will call you directly to address your concerns or questions around the associated critical incident report. Each organization in an account is limited to one phone support request at a time.This feature is currently only enabled for EDR. Once we get an accurate measure on partner demand we will consider enabling this feature for Critical ITDR incidents.
Security Awareness Training (SAT)
-
SAT multi-language support is no longer behind a feature flag
Before, admins had to submit a support ticket to get access to multi-language subtitles and notifications. This feature is now un-gated and available to all without having to request it from support. -
Huntress Managed Learning Plan can be renamed (Closed Beta)
Many learners/humans don't know who Huntress is, so they are more likely to ignore notification that they are enrolled in "Huntress Managed Learning Plan November 2024."
Beta participants are now able to rename their plan so the title going forward will be "MSP X November 2024" or "Company Y November 2024."
We hope this will increase participation in managed learning. The feature is available for beta now and will go to General Availability once we have successfully seen this go out on the December managed learning.
Existing assignments may now be renamed (GA).
Bug Fixes:
- N/A
Release Date: October 2024
Features:
Security Awareness Training (SAT)
- New learner dashboard. The new and vastly improved learner dashboard is now in general availability for all leaders. This new and improved experience is not only much more visually pleasing but also highlights the time remaining per assigned episode to help learners prioritize better.
- Huntress SAT now has an opt-in open beta for leaderboards. This new feature aims to make learning a bit more fun through a competitive points system to reward top performers. For full details including the steps on how to enable the feature and the point values, check out the Managed SAT Leaderboards KB.
Bug Fixes:
- N/A
Release Date: September 2024
Features:
Security Awareness Training (SAT)
- SAT now has self-service "Manual Push" for notifications. We occasionally hear that admins want to resend enrollment notifications and reminders for assignments. This happens because there may have been a security tool that wasn't properly configured to allow our emails through or because employees weren't made aware that their company moved to SAT so they deleted the initial email as junk. Admins can now trigger manual pushes in the assignment "Advanced" tab. If you have Manager Notifications enabled via Feature Flag, you can also trigger them from the same place!
- New beautiful SAT completion certificates. SAT completion certificates have been redesigned and look great now.
- Improved learner "Guided Tour" experience. Ever accidentally start an episode and when prompted if you want a guided tour of the UI accidentally clicked on "Let's Go" when you intended to skip the tour? We've changed the interface to clearly show "Start Tour" on the left and "Skip" on the right. If you do complete the tour, you now also get opted out of future tours by default.
- Learners "All" groups option. The Learners page now defaults to "All" groups instead of one group at a time! In the past, learners could only be viewed one group at a time. This was because export and import were buttons on that page and we needed to keep the admin constrained. Those options are now in a modal that selects a specific group allowing us to display all learners in one page.
- Custom Content Creator: Markdown block. The new "Markdown" block type for SAT custom content creator is now available. This block type allows for greater control over the formatting of slides as well as the ability to embed YouTube, Vimeo, and Loom videos in Huntress SAT custom content.
- Manager Notifications are now available. Huntress Managed SAT’s most highly requested feature is here! With Manager Notifications, admins can forget about generating and sending reports, and instead let managers know which of their direct reports have incomplete assignments through automated and manually triggered alerts. On top of that, managers also receive magic links that allow them to check on their employees’ progress in real-time. This leads to higher completion rate and less toil for administrators.
- Pre-configured OAuth providers in SAT. Admins who wish to use the zero-config "Log in with Microsoft" or "Log in with Google" as their primary login, can now choose "Pre-configured OUth providers" and select Microsoft or Google as authentication for the group. Once selected, learner notifications emails and slack messages links will point to a page that only has the Microsoft or Google logins. This can be a great shortcut to skip the tedious SAML SSO process.
Bug Fixes:
- N/A
Release Date: August 2024
Features:
Incident Reports
- Automatically log actions on PSAs. When partners approve or reject a remediation plan on an incident report, Huntress now will automatically update the existing PSA ticket with which user or system action took the remediation action and what actions they took. This works for all 4 of our key PSAs (ConnectWise, Autotask, Syncro, Halo) and streamlines the incident workflow further for our partners.
Security Awareness Training (SAT)
- PDF block in custom content creator is GA (GA). SAT partners often use the custom content creator to send policy documents like acceptable use policies. Historically, they've done that using a link to a PDF on a file share - but this is annoying to manage at scale. Now, you can create a new type of block/slide called "PDF" which allows you to upload a PDF that will be opened in a new browser tab. They can also make clicking this link mandatory before moving on to the next slide
- Custom Content - Markdown Block with embedded video support (Open Beta). Ever wanted to use in a SAT Custom Content block? Or to embed videos from YouTube, Vimeo, or Loom? Well, now you can. This new block type is live in production as an open beta! Everyone can use it but it does say "Beta" in the UI.
- Slack Manager Notifications in SAT (Closed Beta). Accounts using the beta manager notifications feature can now get notifications via Slack (as long as they have the Slack integration enabled). More details can be found here.
Bug Fixes:
- N/A
Release Date: July 2024
Features:
Host Isolation
-
With Huntress agent version 0.13.192, when the portal isolates a host or if additional IP-blocking rules are added to the host, they only exist for as long as the Huntress Agent is running. If the agent is shutdown, isolation and blocking will go away. When a host is rebooted, and no release task has been sent, the host will eventually (within a few minutes) re-apply the isolation and IP-blocking rules. For releasing a host, you can now simply shut the service down. If that's not possible, you can remove the following files, and restart the host.
[HuntressInstallationDirectory]\huntress-isolation-rule-file
[HuntressInstallationDirectory]\huntress-ip-blocking-rule-file
Incident Reports
- Want to see what a Critical Incident Report looks like before ever experiencing one in real life? Now you can! Huntress can now simulate a Critical level incident, including generating a report, isolating a host, and approving/rejecting incident report remediation steps. This is available for both our Managed EDR and Managed ITDR tools. More information can be found here.
Security Awareness Training (SAT)
- Mapping of Curricula sub-accounts to Huntress orgs is in GA. We now allow partners to map curricula customer sub-accounts to existing Huntress portal orgs or create new ones. We are doing this in order to support having SAT metrics in the Huntress command center and in preparation for a future where we have a much more tightly integrated multi-product experience.
Bug Fixes:
- N/A
Release Date: June 2024
Features:
Portal
- Session Idle Time. Users are often annoyed at how frequently they have to re-authenticate into Huntress. While we don’t want to compromise our security practices, we’ve added a setting to allow users to lengthen their idle time from 30 minutes to 60 minutes. In addition, MSPs that like having the Huntress dashboard up on their main screens can now keep the Command Center dashboard up - it will auto-refresh and keep their session alive.
- Partners can inform the SOC if the findings in a rejected incident were useful. The Portal now captures usefulness data from partners when they reject a report. Why? We know rejection rates have been on the rise, but we don’t really know if partners find the reported findings useful. This information will help us make data-backed decisions when prioritizing SOC Escalation use cases.
-
Analyst first names and investigative comments are partner visible! The Huntress Brand is all about “Human-Powered Threat Hunting”.
- In the past, autorun specific investigations would show the name of the analyst and the investigative comment they left. This feature made partners feel good knowing that Huntress had actual humans supporting them 24x7, 365. Unfortunately, Huntress strayed away from this user experience as we scaled EDR from 1 data source (autoruns) to many (antivirus, process, etc.). We strayed further as we grew into a multi-product platform. We're correcting that now!
- Left Navigation Update. This update consolidates the left navigation icons into their respective products: one for EDR, one for ITDR and one for SAT. This cleans up our sidebar and prepares us for further navigation streamlining in the future.
- Managed EDR & Managed ITDR Incident Simulation. You can now simulate incidents for EDR and Microsoft 365! This feature lets you experience the Huntress incident response workflow as if a critical-severity incident was occurring in your network or Microsoft 365 tenant. Incident simulation aims to answer the question of "Is this thing on?", but can also be used during tabletop exercises to test security response protocols.
Security Awareness Training
- Huntress Phishing Defense Coaching is now enabled for all customers and partners. This means that when their learners click on a simulated phishing message and the scenario within that scenario has been enabled with coaching, the learner will go through this experience rather than the legacy Phishing Recovery episode.
- New Phishing Campaign Report is in GA. The new and vastly improved phishing campaign report that includes data on responses from Phishing Defense Coaching is now in GA. This report is available at the MSP and customer level. It also includes new multi-select filters as well as the ability to expand/close all the cards! This will make it easier to find actionable data from phishing campaigns.
Bug Fixes:
N/A
- N/A
Release Date: May 2024
Features:
Portal
- Multi-Org Host Isolation is now available! This enables Partner Admin user roles to isolate endpoints across multiple organization within a single Huntress account from the organizations page. This is useful when multiple clients of an MSP have been hacked and we need to act quickly to quarantine the infected networks. This feature also enables isolation release across multiple organizations.
- Customers can now map Huntress Portal organizations to SAT. Previously, there was no linkage between Huntress Portal and the SAT Portal aside from SSO. With this update, we allow customers to link their data together. This will enable future cross-product features on the Huntress Portal: e.g. SAT phishing or training based on events within Managed EDR or Managed ITDR, or monthly PDF reports that also include SAT.
- Account Settings are now tabbed. Our Account Settings page was getting out of hand: one massive page of all sorts of settings. This update brings logical grouping to users updating their Huntress settings.
- The Reported Incidents table has been restructured to make it easier for partners and Huntress Staff to filter for and find reports of interest. Users can now clearly see when an incident report has been previously rejected and the reason for its rejection. If a report is in the process of being re-reviewed by the Huntress SOC you will be made aware. This will streamline partner operations and eliminate confusion amongst MSP and MM team members working in the Huntress Portal.
Security Awareness Training
- Microsoft 365 groups in selectable drop down. Rather than having to copy-paste the GUID of an Microsoft 365 group, you can now scroll or use type-ahead search to select a group.
- SAT Google sync now supports groups. Google Workspace integrations now allows admins to limit the scope of Google directory sync to a specific group. This is particularly useful for admins who have a group like 'full time employees' or 'security training' within Google.
macOS
- New macOS Agent Setup Summary Page. We've added a page where you can see all of your macOS agents and their setup status in bulk. Now you don't have to click through each agent to see if they are set up to run our new EDR for macOS. This status page also updates in real-time so you don't have to wait 10-15min to see if your setup worked.
Bug Fixes:
N/A
Release Date: April 2024
Features:
Security Awareness Training
- Forward Reported Phishing Attempts. SAT Admins who use the 'report phishing' service can now have reported phishing attempts that are not from Huntress be forwarded to a designated email address. This is most commonly used to forward messages to an internal security team or to email security vendors.
- SAT Learners - Log in with Google. SAT learners can now log in with their Google Workspace account on MyCurricula.com using OAuth without any work/setup required from admins. Admins can opt out of the feature if desired. This is also usable for Huntress employees for our own security awareness training.
- SAT Locked Learner Status. All SAT admins can now 'lock' a learner's status as active or inactive to prevent directory syncs from changing that state. This eliminates the need to apply the workaround of creating new groups.
- Microsoft 365 groups in selectable drop down. Rather than having to copy-paste the GUID of an Microsoft 365 group, you can now scroll or use type-ahead search to select a group.
Managed ITDR
- Improved Managed ITDR Onboarding. Onboarding Microsoft tenants is now more resilient and consistently successful. Over the past few weeks, we’ve rolled out a new backend system to better handle the timeouts and errors that often occur during the 11-step Microsoft tenant integration process. We tested this with new tenants first and then reprocessed existing tenants to address any gaps. While these changes might not be noticeable to most partners, some partners received new incident reports or escalations. These related to existing issues that needed to be corrected or things that we did not have visibility into previously, such as existing ”historic” inbox rules, due to incomplete onboarding.
macOS
- Agent Installer page updated to streamline the full install of Huntress' agent for macOS. With the addition of Huntress EDR for macOS, we've updated the Agent Installer page to show everything that is needed to install the Huntress agent, System Extension, and grant the required permissions.
-
New macOS Agent Setup Summary Page. We've added a page where you can see all of your macOS agents and their setup status in bulk. Now you don't have to click through each agent to see if they are set up to run our new EDR for macOS. This status page also updates in REAL-TIME so you don't have to wait 10-15min to see if your setup worked. This new page is found by clicking on the macOS Endpoint Setup widget on the Command Center.
- This page is in the process of being updated with:
• The ability to filter by setup status
• The ability to export the list to CSV
• The ability to install the System Extension in bulk
• Other minor UX improvements.
- This page is in the process of being updated with:
Bug Fixes:
Security Awareness Training
- Custom Content Creator can now handle larger files. Historically, the SAT custom content creator would encounter errors for files over 200mb or so. Note that there is a cap, and files should be at or lower than 999mb.
Release Date: March 2024
Features:
Managed ITDR
- Partners can now revoke existing sessions for / log out identities that are synced from on-prem AD, even though we can't disable them. For hybrid environments where identities are based in an on-premises directory and sync to the cloud, attempts to disable identities on the cloud side are quickly overwritten by sync. We've revised our product to reflect this; for synced users, the "Revoke and Disable" button is now simply titled "Revoke" and we are no longer attempting to disable them.
- New "Refresh Identities" button. While Huntress refreshes information about identities automatically from Microsoft on a nightly basis, sometimes it would be helpful to force a refresh manually. We've now enabled this by adding a "Refresh Identities" button to the Microsoft 365 User page. It is most useful when partners or customers have made changes to identities in Microsoft and want to see those changes reflected in Huntress immediately, or if there's a recently-added identity that doesn't have full information in Huntress yet. Huntress automatically adds new users as soon as we see events from them, and product functionality will operate correctly without manually refreshing so this is an option feature.
- Detection improvements for compliant endpoints. We've updated our detections for Microsoft 365 for activity involving devices that are considered "compliant" and "managed" by Microsoft. Typically these are endpoints being managed with Microsoft Intune that are compliant with security policies. Because activity from these devices is more likely to be from a legitimate user, we now are less likely to issue incident reports for events from them, helping ensure that our detections are as accurate as possible.
- Re-enable isolated identities. You can now release an identity from isolation manually by using the new "Enable" button on the Microsoft 365 user overview page. This will enable a disabled cloud identity after an incident has been remediated without having to separately log into Microsoft, saving clicks and helping partner and customer technicians work more efficiently. This button will not appear for disabled hybrid identities synced to the cloud from an on-prem Active Directory server; such identities must be re-enabled on-prem.
Platform
- We now support sending Huntress usage to Autotask! Partners that use Autotask will now be able to save time on operations every month. Instead of manually tracking Managed EDR and Managed ITDR usage on Huntress each month, the integration will do it on their behalf. This is currently a BETA Feature reach out to your Huntress account rep to enable this.
Bug Fixes:
N/A
Release Date: February 2024
Features:
Windows EDR
- Black Hunt Ransomware Vaccine. Vaccination for Black Hunt ransomware. Huntress will prevent current variants of Black Hunt from executing.
- IP Allow List for Isolated Endpoints. We now support the configuration of a list of IP addresses that isolated endpoints can connect to. This advanced feature enables partners who do incident response regularly to work more efficiently by remotely investigating and remediating isolated hosts using their self-hosted RMM or other tooling. This feature supports static IP addresses only and will not work with cloud RMM or other tools which use dynamic IP addresses for agent connectivity. See Host Isolation IP Allowlist.
- Managed Antivirus policy settings are slightly adjusted. When settings/exclusions are set manually or locally via the Defender GUI or tools such as Intune, it creates a conflict with the settings/exclusions set through the Huntress dashboard. When this case is detected, Huntress will stop attempting to overwrite the local host settings/exclusions, and will display noncompliant for the Policy Status. The MAV status will display as Protected.
-
A tooltip has been added for Managed Antivirus Tamper Protection to guide partners on how to enable Tamper Protection if it is disabled.
- "Microsoft Defender tamper protection settings cannot be managed by Huntress and must be managed through Microsoft. You can manage them at the tenant level through the Microsoft Defender portal or for specific users with Intune. If your team needs it off to complete a task, consider using troubleshooting mode instead"
macOS
- Command Center Widget for macOS Agent Setup. We created a new Command Center widget to show how many Huntress agents for macOS still need additional setup to be fully protected. Clicking on this widget will show a list of agents that require additional setup. Clicking into a specific agent will have a checklist to show the exact setup that is missing.
- EDR Version column on agent table updated to support EDR for macOS. The EDR Version column on the agent table will now show 'Enabled' for any macOS endpoints running Huntress' Beta EDR for macOS. We are looking to expand the Huntress EDR for macOS Beta and this will make it possible to see if EDR for macOS is running or not.
Platform
- Prospects can now seamlessly try any Huntress product. Before, partners had to follow a convoluted process to get SAT started on the portal. Along with the recent changes to streamline SAT trial issues, it’s easier than ever for customers to see the power of our platform.
- Partners are required to set defaults when setting up a PSA so that Huntress always knows where to send tickets to. This feature improve our ability to automatically send our partners incident reports in the future by enforcing the selection of defaults across all PSAs.
Managed ITDR
- Microsoft License View. User Identities now have a view dedicated to the Microsoft licenses they hold, and which Huntress bills for and does not.
Security Awareness Training
- SAT customers and partners can now access data on simulated phishing via the API. Documentation has been added to Stoplight API docs.
Bug Fixes:
Platform
- Fix display of Invoices older than 30 days. Previously, to view any invoice older than 30 days, customers had to follow a convoluted process: getting blocked in the portal, sending an email to Huntress, and then having Huntress Finance generate a link for them manually. All invoices can now be easily accessed.
- Partners that have large PSA implementations can now use auto-map successfully. We saw cases where auto-map was not functioning correctly for partners with a lot of organizations. It would time out and fail to map. This fixes auto-map for all PSAs.
Security Awareness Training
SAT trials now start successfully in almost all scenarios. Previously, we saw many instances where customers could not start SAT trials easily. Visibility into error messaging was poor. We’ve resolved most of these cases going forward.\
Release Date: January 2024
Features:
Windows EDR
- Improved Handling of Microsoft Updates. We continue to invest in our ability to scale our services. When we do this well, it should be invisible to our partners and customers, but we are sharing because a “peek behind the curtain” can be interesting. In this case, we’ve dramatically reduced the quantity of agent surveys (updates sent to our servers when there’s a meaningful security change on an endpoint) we normally receive when Microsoft Updates are rolled out, particularly following “Patch Tuesday”. This has been the source of our peak processing loads and generated extra SOC work. This efficiency increase enables us to continue to keep our pricing low as we serve more and more customers.
macOS
- Added a new macOS Agent Readiness checklist on the agent detail page for macOS endpoints. This allows partners to quickly understand how to setup a Huntress agent for a macOS endpoint and troubleshoot any issues with that setup.
Platform
- Auto-map PSA Organizations: Partners can now map organizations for ConnectWise, Autotask, and HaloPSA in two clicks, speeding up onboarding and ongoing management.
- Enabled SAT for Direct Customers. Direct customers with Huntress can now trial and purchase SAT, simplifying the experience. Previously, customers had to go to the legacy Curricula.com website and create a separate account.
- Updated cover page of Threat Summary Report PDF. This gives partners more visibility into the value that Huntress provides, adding signals investigated data that was previously unavailable.
Security Portal
- Signals investigated and incidents reported shown from the the Command Center now highlight 180 days of data rather than 30 days. This enables partners to get a complete picture of what the Huntress 24x7 SOC has done for them lately.
- Added filtering and export features to the Signals Investigated table. This allows partners to filter data in the portal and then export it for sharing purposes (audit, incident response, etc.).
- Updated the Weekly/Monthly Account & Organization Summary Emails with Signals Investigated and a link to the new Command Center dashboard. This new data replaced autorun specific investigations and a link to the EDR specific dashboard, because the Huntress Platform is now multi-product (Microsoft 365 and EDR).
Infrastructure and Developer Experience (IDEX)
- Enabled static outbound IPs. Security-conscious Huntress partners that self-host their PSAs can now use Huntress integrations to improve their workflows. Our knowledge base has been updated to reflect these IP addresses.
Security Awareness Training
Forward phishing emails that weren’t from us in Beta. Admins using the Huntress report a phish service but want to receive copies of the emails that aren’t from us can now specify a destination. This feature is still beta but can be enabled for any admins who request it from their account manager.
Update to Huntress Managed Learning. We received feedback that learners need more time to catch up on learning assignments if they fall behind. In response, we’ve pushed the end of a learning assignment to the end of the month following the one in which it was assigned.
- User-configurable time zones. All administrators can now change the time zone in their profile, which makes it much easier for them to schedule tasks like learner reminders and makes reading reports easier.
- New cards created to help admins onboard in a comprehensive way. These cards remind admins to launch “New Learner Essentials” and Managed Phishing.
Managed ITDR
Per user license view: New option in the Microsoft 365 identity left navigation view to view the Microsoft licenses assigned to the identity. Each license lists if it is qualified for billing by Huntress or not. This should help support and partners know which licenses Microsoft has assigned and the reasons Huntress bills for the identity or not.
- Now tracking VPN usage per identity. As users use VPNs to interact with Microsoft, we begin tracking and building a profile of their VPN usage. With this, we can determine if a new VPN interaction is suspicious or just typical usage for that user. TLDR: Expect more detections on suspicious VPN usage and less on company enforced/sponsored VPN usage.
- No more duplication of inbox rules. Security will now see inbox rule events only for new or updated rules. This feature also builds the ground work for better tracking of inbox rules and re-ingestion.
- Added NONPROFIT_PORTAL to non-billable list. Partners will no longer be billed for this license. (They will be billed if the user has other billable licenses.)
Bug Fixes:
Windows EDR
- We addressed an issue where some agents could silently be in an bad state; they will now correctly show as needing to be repaired.
- Addressed an issue where under certain conditions, agents might not correctly report the status of tasks they are processing to Huntress, leading to incorrect status.
- Made a general performance improvement by optimizing memory allocation in the agent.
- Windows Defender Status Accuracy. We made a change that will reduce the number of cases that result in Windows Defender status showing as “Unknown”.
Platform
- Ensure detailed threat report PDF is turned on for all new partners. Improves onboarding by removing one step for customers when setting up Huntress.
- Display Microsoft 365 last synced number (Connectwise Billing Integration). Previously, we only displayed the last synced number for Managed EDR but did not do so for Managed ITDR. This update adds visibility for partners.
- Add Ramp Info to all Subscription pages. Many Huntress customers have subscriptions that ramp up over time. This information is now displayed in the portal, reducing customer confusion during the first few months of deploying Huntress
Security Portal
- Improved the display of long Microsoft 365 User Principle Names (UPNs) in the Portal. These UPN values were scrolling off Portal pages and degrading the user experience.
Security Awareness Training
- Report phishing queue is no longer stuck.
- Regenerated the Monthly Reports that were generated incorrectly and sent them with the corrected data. Added tests to make sure we don’t have this issue again.
- The Auto-enroll feature for “New Learner Essentials” is no longer broken.
Managed ITDR
- Internal jobs cut into per organization jobs. Partners will see less false error messages, in specific scenarios. Engineering will have better insight into true errors.
- Correct licenses and billable users. Some partners encountered fewer billable users than their licensing would expect. Microsoft is now properly reporting that to us, and we are reporting billable users correctly.
Release Date: December 2023
Features:
Portal Platform
- Launched the new Command Center! The new homepage allows partners to streamline their security operations. Partners with both products will receive information about both Managed EDR and Managed ITDR from their home page. Key context that was previously absent from the EDR dashboard, such as Escalations and MAV data, is now surfaced.
Windows EDR
- Agent connectivity resilience: We want to be sure that our agents always stay in contact with Huntress, even in challenging situations. We’ve made improvements that ensure that will happen in cases where an endpoint’s configured DNS servers aren’t reachable; this most commonly happens if local active directory domain controllers are isolated as part of an incident. Our agent will now fall back to a public DNS service to maintain connectivity to Huntress, which is particularly crucial during a significant incident.
Managed ITDR
- We’ve added routine Microsoft 365 user license updates to ensure that no Huntress account gets incorrectly billed with Managed ITDR
- We've updated our Microsoft 365 license billing policy to exclude Microsoft 365 tenant-wide “exploratory” trial licenses from billing. This change is designed to enhance license management and ensure fair billing practices.
- We’ve released anomalous user location detections to counteract elusive unauthorized access from threat actors and stop attacks before damage is inflicted. We’re experiencing early success in detecting anomalous user locations, accounting for 37% of Microsoft 365 Security Incidents reported in the last two weeks.
- We’ve released anonymizing proxy and VPN detections to intercept deceptive threat actors' attempts to evade unauthorized access defenses. We’re experiencing early success detecting defense evasion via VPN, accounting for 15% of Microsoft 365 Security Incidents reported in the last two weeks.
- We’ve released credential stuffing detections to ensure users' first line of defense, their password, remains as effective as possible. We’re experiencing early success in detecting credential stuffing, accounting for 11% of Microsoft 365 Security Incidents reported in the last two weeks.
Security Awareness Training
-
Huntress Managed Phishing is in general availability for all MSPs and paid mid-market customers. We often hear that admins don’t want to manage simulated phishing and would like to just put phishing “on autopilot.” This feature satisfies the need and takes it one step further: Huntress’ security experts steer the program on your behalf with monthly simulated phishing campaigns. Every enrolled learner will receive one email per month beginning in the month after they are enrolled. In keeping with best practices, messages are sent out over the course of the month rather than all at once and learners receive one of the several selected scenarios. Administrators get visibility into next month’s scenarios in the portal so that they can let their user-facing teams know what to expect in advance of messages getting sent and results of the campaign are included in monthly value reports.
- Start managed phishing and learning immediately, which allows prospects and new customers to start this month’s campaign/assignment right away rather than waiting for next month to start.
- Improvements to learner login experience have been made. We heard partner feedback and have made it easier for learners to log in. Magic links now last a full week rather than one hour. In addition, learners now have the option to authenticate with Microsoft without any admin set up required.
Security Portal
-
Signals Investigated is in Beta with the release of the Command Center! Investigated signals highlight potential security threats that a SOC analyst investigated to determine if an attacker has compromised an endpoint or identity. This is a proof of work feature that will allow all partners, but especially trialing and renewing partners, to see all the work the Huntress SOC has been doing for them. Read more about the feature and why it will be in Beta until mid-January 2024 here.
Multiple summary data charts were added to the Signals Investigated table. The charts give partners a breakdown of the most investigated signals, the status of the signals (reported vs. closed), and the different data sources the signals were generated from.
Bug Fixes:
Windows EDR
- Restart Loop Hotfix While working on other improvements, an issue caused our agent service to go into a restart loop on a small number of machines, so we created a hotfix to reverse the change.
- Security fix We addressed an issue with our installer where it was possible to execute an incorrect file under specific circumstances. We recommend that customers only use our latest installer.
- Defender Escalations We had turned off escalations that report that Windows Defender is disabled while we address an issue that caused them to be sent erroneously due to false positives. They are now active again.
- “Unknown” Defender status Fixed an issue where some fields in the UI showing Windows Defender status for specific agents were incorrectly showing “unknown”.
- Fixed an issue where the agent would log and send errors for expected conditions that didn’t need to be reported.
- We’ve improved how we handle legitimate software updates from certain known vendors to reduce the number of updates sent from agents to our servers. This will help ensure that we’re always processing and acting on data from our agents in a timely way as our agent population grows.
macOS
- Removed a line of text on the agent install page that said the macOS agent was still in Beta. This was old text from when the agent was in beta last year and is no longer true.
Managed ITDR
- Pre-existing inbox rule detection Addressed an issue where users' pre-existing inbox rules were not being analyzed for malicious activity. ALL users' pre-existing inbox rules have been scanned to ensure no detection gaps. Also addressed an issue where users' pre-existing inbox rules were not being automatically remediated via Huntress. Previously reported incidents have been regenerated to resolve the issue.
- Insufficient permissions identified Addressed an integration issue where 71 protected organizations lacked sufficient permissions to support assisted remediations; all impacted accounts have been notified.
- Trials can now view organization dashboard Addressed an issue where accounts only trialing Managed ITDR could not view their customers' Managed ITDR organization dashboard in the Huntress portal.
- Addressed an issue where Managed ITDR Huntress Escalations would not auto-resolve upon completion of Managed ITDR trials or subscriptions. Impacted Huntress Escalations have been resolved.
Release Date: November 2023
Features:
Portal
- Updated instructions on the Agent Installation page to make it easier to install the Huntress Agent.
- Enabled users to see the status of Windows Defender Firewall. On the EDR Dashboard, partners can now see how many hosts in their organization have the Windows Defender Firewall enabled. This visibility enabled partners to address an important security risk in organizations without another tool for managing Windows Defender Firewall.
- Allow Partners to Regenerate Account Key. Partners previously had to reach out to support to request their account key be reset. With this update, partners can self-serve, can now do this by themselves.
- ConnectWise billing integration can now be enabled by partner admins and no longer requires assistance from Huntress support to enable. This feature currently supports both Managed EDR and Managed ITDR billing.
Incident Reports
- Added UTC timestamps for autorun investigations in multiple partner facing views in response to a partner request that highlighted the limitations of only showing relative timestamps.
macOS
- Eligible Mac agents will now be isolated when the entire organization is isolated. Mac endpoints that have our new system extension installed, that enables host isolation, will now be isolated along with other hosts. This allows the Huntress SOC to protect macOS devices during a critical incident.
- Easily grant necessary privileges to our MacOS agent using your MDM. We now provide .mobileconfig files that partners can upload to their MDM to automatically create all of the necessary policies for the Huntress Agent for macOS to have full-disk access, allow host isolation, and support our future EDR.
Security Awareness Training
-
Partners and customers now have a unified monthly report with a summary of:
- Learner enrollment/offboarding activity
- Completion rate stats for all assignments active last month
- A list of learners who have uncompleted learning
- Stats on simulated phishing campaigns
- A list of learners who interacted with simulated phishing campaigns
This report is available to all customers and partners under the Reports tab, to highlight the value delivered and note any exceptions that might warrant managerial intervention.
Automated email delivery of the report is also available by adding recipients to the Monthly Email Report list under the organization's Team settings page.
-
Opt learners out of simulated phishing
- When this flag is enabled on the Learners page for a specific learner(s), all currently scheduled and future campaigns will fail as “blocked” at time of send – even if the learners were enrolled in the campaign before. This feature is in general availability and available to all administrators.
-
Custom branding in the learners dashboard
- Custom logos can now be displayed on the Learner dashboard in addition to the existing customization of transactional email notifications and reports.
Bug Fixes:
Incident Reports
- Fixed bug that caused partner-facing incident report tables to not be sorted by Sent At descending; our users expect incident data to be sorted chronologically.
- Enabled Partner Organization Admins and Security Engineers to resolve incidents in bulk to expedite incident resolution. We failed to grant this permission when we initially released the bulk resolve feature to partners last month.
- Fixed a bug that was causing incidents with manual remediations, requiring a system reboot to stay active when all other remediations (including the reboot) had been completed
Potentially Unsecured Credential Signals
- Fixed a bug that prevented partners from exporting the CSV for potentially unsecured credential signals when one of their Huntress Organizations had been deleted.
Release Date: October 2023
Features:
Incident Reports
-
Incident reports for accessing files with clear text passwords. We rolled out a proof of concept feature which sends partners a one-time notification via LOW severity incident reports when a user on their network is accessing a file that may contain clear text passwords. The Huntress Product and SOC teams are evaluating options to enable re-notification and partner opt-out capabilities. More to come!
- UPDATE: New “Credential Reports” provide visibility into usage of plain text password files. Following up on a recent one-time notification, this provides Huntress partners with ongoing visibility into a very common, wildly insecure practice that should be mitigated. It provides the opportunity to introduce customers to more secure practices for credential management. Partners will need to opt-in to this feature to enable it. We’ve also added other management features like CSV exports and bulk resolution to make it easier to use. More details here.
- Updated incident report rejection reason options to be specific to the entity type. Options are based on whether it’s a user or an endpoint, making it easier on partners when selecting a reason and easier for the Huntress Product and SOC team to analyze.
Security Awareness Training
-
Microsoft 365 API Insertion is now in GA. This feature allows partners to skip the cumbersome step of allow listing domains in phishing/spam filters for Microsoft 365 users. Huntress does this by creating messages directly in their inboxes through APIs rather than sending SMTP emails.
- Note: This feature only bypasses filter-type email security products but does get caught by products that scan messages inside the inbox and wrap links, like Microsoft Defender for Office (P1 as included in Microsoft 365 Business Premium).
- Partners can now specify their own sender name and email address. Notifications and reminders for learning assignments can come from their trusted IT professionals rather than Curricula.
- QR code bait-link shortcode added to simulated phishing scenario creator. In response to reports of increasing use of QR codes in phishing emails to bypass email security product protections, we’re enabling SAT admins to create custom phishing scenarios that use QR codes for bait links so they can train users to recognize this new technique. Huntress R&D is building a scenario that will be available to everyone soon. In the meantime, you can benefit from the feature by using the new bait-link in a custom scenario using the phishing creator.
Windows EDR
- New “Credential Reports” provide visibility into usage of plain text password files. Following up on a recent one-time notification, this provides Huntress partners with ongoing visibility into a very common, wildly insecure practice that should be mitigated. It provides the opportunity to introduce customers to more secure practices for credential management. Partners will need to opt-in to this feature to enable it. We’ve also added other management features like CSV exports and bulk resolution to make it easier to use. More details here.
macOS
- Manual Host Isolation is now available for macOS devices. Like Host Isolation for Windows, this feature severs attacker access to a compromised host until it can be remediated, preventing expansion of an incident. This feature for macOS won’t have any automated triggers yet and must be manually isolated through the portal. Host Isolation is only available for macOS agents on version 0.13.72+, after the instructions have been followed to install and permission granted to the new system extension.
- We now support macOS Sonoma.
Incident Reporting
- Bulk incident resolution is now available for applicable incident reports. This time saving feature can help partners bulk action reports that do not require remediation actions. More information on this feature can be found here.
- Critical Incident Notifications (SMS text/call) now support International phone numbers! Partners can now input phone numbers from a variety of international locations, see the full list here.
- Partners who select voice call only for Incident Notifications can now verify landline numbers. Previously, the Huntress Portal only sent verification pin codes through text messages, but call verification is now supported.
Bug Fixes:
N/A
Release Date: September 2023
Features:
Platform
- Critical Incident notifications are here! The Huntress Portal now notifies account admins, who have opted-in, via text/call when the Huntress SOC sends a critical incident. This feature will hugely benefit our partners during off hours when they need to be notified ASAP of an incident. Check out our blog on the new feature!
SecOps
- Managed Microsoft 365 Identity Isolation feature is now available!. This automates the Microsoft 365 identity isolation when a SOC analyst sends the associated incident report in order to isolate compromised Microsoft 365 users. The feature also enables our partners to configure user/org level exclusions within Account Settings and filter incidents by managed response actions in the Portal.
- Partners can now isolate an entire Huntress Organization (network with multiple hosts) at once from the Organizations table if they are logged in as an Account Admin or Security Engineer role.
Bug Fixes:
N/A
Release Date: August 2023
Features:
Portal Update
- Made slight improvements to the navigation to support multi-product workflows.
Host Isolation
- Enabled partners to bulk release isolation for all hosts in their organization. This is helpful for partners that have experienced a site wide attack and are in the process of recovery.
- Added a new Escalation type that will alert when an entire organization has been isolated. This escalation will send in tandem with the Incident Report that is currently sent due to the criticality of the incident.
External Recon
- Added the ‘Internal IP’ and ‘External IP’ columns to the Agents table to make correlating External Recon ports easier.
Security Awareness Training
- GA: Customers with Microsoft 365 integrations can now enable an option to exclude unlicensed identities when synchronizing learners. This is helpful to automatically ignore non-humans such as printers or backup appliances.
- BETA FEATURE: We have built an oauth based integration onboarding for Microsoft 365, Google, and Okta. This makes onboarding new accounts much faster and easier! For access to this feature, please contact your account manager.
Managed ITDR
- Enabled Microsoft 365 inbox rules to be deleted via Assisted Remediations to help partners delete nefarious inbox rules faster as part of the Huntress Incident resolution workflow.
Bug Fixes:
N/A
Release Date: July 2023
Features:
Portal Updates
- Local Time Zones feature is fully live
- Security Engineer role has been added as a user permission
- These users can perform most security functions such as host isolation or assisted remediation, but cannot view/edit billing
Incident Reports
- Moved entity information (hosts/user) to the top of incident reports to improve readability for partners.
Bug Fixes:
N/A
Release Date: May 2023
Features:
Host Isolation
Added a capability to cancel host isolation from the Host Overview page to provide analysts and partners a mechanism for undoing isolation tasks sent to the host.
Bug Fixes:
N/A
Release Date: March 2023
Features:
- N/A
Bug Fixes:
Fixed an issue that caused an unintended Huntress-initiated host reboot when partners opted to reboot manually during Assisted Remediations
- Resolved a bug where some Incident Reports weren’t automatically closing after their Remediation Plan completed
Release Date: February 2023
Features:
- N/A
Bug Fixes:
Agent Installer
-
Resolved an issue where updates to Huntress Agents on 32-bit Windows received a 64-bit binary due to a build system error causing Huntress services to no longer run.
- If you manage a Huntress Agent on a 32-bit Windows host that is on version 0.13.38 or below and is not updating, please reinstall the latest Huntress agent. Affected partners have been notified.
Release Date: January 2023
Features:
Added messaging on the host overview page to prevent accidental manual host isolation by warning analysts and partner admins that a given host is excluded from Managed Host Isolation. A host can be excluded via specific exclusions in Account Settings OR by an account having disabled Managed Host Isolation.
- In Security Awareness Training, MSPs can now go to the partner-level Library and create custom content (with text, videos, links, and test questions) that is assignable to any and all customers.
- Custom Content creation is set to enable a partner admin to create content once and publish it to all sub-accounts managed by the partner.
Bug Fixes:
We identified an issue that may have over reported the number of Changes Analyzed in the Huntress Monthly/Quarterly Threat Summary Reports. This issue has been fixed going forward, however it may mean that the “Changes Analyzed” quantity in your account and organization reports may appear to be out of typical ranges. There was no impact to the number of potential threat indicators, in-depth investigations, or incidents reported.
Release Date: December 2022
Features:
Security Awareness Training
MSPs can now upload a logo and set color at the partner level to brand all Huntress Managed SAT emails that go to end customers without having to repeat it for each end-customer. Just go to the partner portal → settings → branding. MSPs can still drill down into customer organizations and override for individual customers if needed.
Bug Fixes:
Managed Defender
Fixed an issue that could result in an endpoint being incorrectly marked as unhealthy due to Defender settings.
Release Date: November 2022
Features:
macOS
- The Huntress macOS Agent for Persistent Footholds is now generally available! For more information and details, please visit our Huntress macOS documentation:
Managed Defender
- Added new logic to auto-remedy unhealthy endpoints due to scanning or signatures being out of date to reduce the amount of unhealthy endpoints without needing any partner interaction.
- Improved the logic we use to set Managed Defender policies to reduce the amount of non-compliant endpoints due to policies not applying properly.
Bug Fixes:
N/A
Release Date: October 2022
Features:
Managed Defender
Huntress Managed Defender now supports policy configuration for Windows 10 Home and Windows 11 Home
macOS
- Added macOS patch version for macOS agents into the portal.
- Updated the monthly and quarterly reports to include information on macOS endpoints
- Added serial number to the portal Host view
- Added the following parameters to the `Agents` API endpoint:
- platform: The platform of the endpoint machine (darwin or windows)
- os_patch_version: The patch version of the macOS update installed on the endpoint machine, such as 1 in version 12.5.1
- serial number: The serial number of the endpoint machine as reported to the operating system
- Launched the macOS GUI installer and implemented foundational work to prepare for the upcoming GA rollout and end of Catalina support.
Integrations
Implemented links to setup documentation on integration pages in order to make the documentation more accessible.
Implemented support for specific company selection when sending test PSA tickets.
- Implemented additional mappings in ConnectWise in order to improve customer workflow experience within ConnectWise
Bug Fixes:
N/A
Release Date: August 2022
Features:
Process Insights
Process Insights is now Generally Available to all Huntress customers. See our press release for more details.
Bug Fixes:
N/A
Release Date: July 2022
Features:
Managed Defender
- Managed Defender is now supported on Windows Server 2012 R2 endpoints with MDE - for more details, see our support article.
Huntress API
- The Huntress API provides programmatic access to your data in the Huntress Managed Security Platform. It’s designed to improve mapping and integration between MSP services, assist billing reconciliation and support operational dashboards.
- A new option, API Credentials, is now present under Account Settings in the Huntress Portal. A short wizard will help generate account credentials to authenticate requests for account data. Learn more about the Huntress API here: Huntress REST API
macOS
- Public Beta is now available for macOS!
- Special request is no longer needed to access the macOS agent. For access to the macOS agent install script, navigate to the top right hamburger menu in your Huntress Portal and go to “Download Agent”.
- More information can be found with our macOS Beta FAQ
Bug Fixes:
N/A
Release Date: June 2022
Features:
Portal Updates
-
To help MSPs that have dedicated finance and marketing staff apply the principle of least-privileged access, we have added two new roles at the account level.
- The new “Finance” role is limited to viewing past invoices, viewing Huntress invoices and receipts (including the invoice drill down showing agent breakdown by organization) as well as making updates to payment information, and billing contact.
- The Marketing role only allows access to the Partner Enablement System (PES). Neither of these roles have access to security reports, configurations, or access to customer organizations (unless explicitly added at the org level.)
SSO
- SSO account-wide enforcement now requires successful user login before it can be enabled. This is to prevent account lockout.
Bug Fixes:
N/A
Release Date: May 2022
Features:
API
- The Huntress API has been released into Public Beta which will allow partners to programmatically gather agent, organization and incident report data. Check out our blog for more information!
Ransomware Canaries
- Partners can now add exclusions at the organization and endpoint level for Ransomware Canaries. Adding an exclusion will prevent canaries from being deployed on the excluded endpoints; excluded endpoints with existing canaries will have their canaries removed. Configuration options for exclusions can be found on the account settings page.
Role Based Access Control
- MSP org admins are now able to approve assisted remediations. Historically this was limited to account admins and reseller org admins. This change enables MSPs with co-managed customers and with staff members limited to a subset of customers to better leverage the Huntress platform.
macOS
- Private Beta: The Huntress macOS agent is now available in private beta! For more information, please check out this FAQ for more details, including how to be added to the private beta.
Bug Fixes:
Managed Defender
Bulk Manafed Defender scan actions will no longer result in an error when overlapping with endpoints already running a scan.
Release Date: April 2022
Features:
Process Insights
- Incidents with associated process detections or Managed Defender detections will now have assisted remediations automatically added if recommended. This functionality is available with Huntress agent v0.13.10+.
Managed Defender
- Managed Defender now supports user configuration for Removable Drive Scanning.
ACH Payment Support
Portal User Experience
- Added Kaseya’s Business Mgmt. Solution for Asia Pacific customers (BMPS APAC) as a server dropdown option for the Kaseya BMS integration.
- Added manual remediation and resolution features to incident reports, enabling partners to close incident reports that do not have assisted remediations.
- Monthly and Quarterly Threat Summary reports as well as the weekly summaries now come from noreply@huntress.io to avoid partner confusion and spam email filtering
- The Exclusions portion of the Account Settings page now has a searchable, sortable, tabbed layout to make it easier for partners to configure a variety of exclusion types.
Bug Fixes:
SSO / MFA
- Resolved a potential security issue where account admins were able to bypass SSO/MFA by resetting their password. Using the reset password link in their email allowed the user to gain access to the Huntress console.
Release Date: March 2022
Features:
Portal User Experience
- Added a link to the incident report inside the emails and PSA tickets that Huntress sends to partners enabling MSP technicians to quickly lookup the associated report in the Portal.
- Added copy functionality to the SHA256 value on the collected files page to allow analysts and partners to easily copy and reference the SHA hash
Bug Fixes:
N/A
Release Date: February 2022
Features:
Endpoint Isolation
The newest version of the Huntress Agent 0.13.4 supports Windows Filtering Platform as a fallback Endpoint Isolation mechanism when GPO-based isolation fails.
SSO / MFA
Single-Sign-On (SSO) SSO general availability is now available! Now, account administrators can enforce SSO for all account-level users and disable 2FA when SSO is enabled. For more information, please visit the SAML SSO Informational Page.
Bug Fixes:
N/A
Release Date: January 2022
Features:
Endpoint Isolation
- Endpoints running the latest 0.12.44 agent and above will now verify their isolation status using a network connectivity check. If the endpoint fails to isolate, the Portal will communicate this clearly to partners and revert any changes to the host firewall and registry.
Ransomware Canaries
- New features to Ransomware Canaries will roll out to existing partners over the next several weeks and will be enabled by default. New features include:
- Additional canary file types: PDF and XLSX in addition to DOCX
- System profile canaries
- Embedding partner logos and support URLs into each canary file
- EFS detection
- Ability to disable canaries at an account level
- For more details, please refer to Huntress Blog and Product Support.
Portal User Experience
- Added a banner warning accounts with Windows Server 2008 non-R2 or Windows Vista agents that those OS versions will soon reach the end of support with Huntress. These operating systems will reach end-of-support on Feb 4th.
- Implemented detailed Threat Summary reporting at the Organization level
- This feature can be enabled via a setting called “Provide Detailed Organization Reporting” - when enabled, the organization-level reports will have the same detail as the account-level reports.
- Updated our individual “Service Dashboards” layout to distinguish visualizations.
- We added “Service Banners” with the “Service Title” and a brief, on-click information popover which includes a link to our knowledge base to learn more.
- Introduced an “Agent Status” filter to both Account and Organization level Agents pages.
- Filter agents by Unresponsive, Outdated, and Isolated states. As well as view “Service Exclusions,” e.g., Host Isolation.
SSO (BETA)
- Removed requirement forcing new SSO-enabled user accounts to pre-set their password prior to using SSO.
- Account administrators can now enforce SSO for all account users.
- Account administrations can also disable 2FA when SSO is both enabled and enforced.
Ransomware Canaries
- Updates to Ransomware Canaries are currently being rolled out to all partners and accounts over the next several weeks. Accounts that are part of the rollout will now see a modal that provides more information on the changes. See here for more details.
Bug Fixes:
N/A
Release Date: December 2021
Features:
Escalations
- A Huntress Escalation is used to notify Huntress account administrators that something in their account requires attention.
- The first supported Escalation type will be for misconfigured PSAs. Huntress will notify you via email if we cannot send an incident report.
- Escalations are not incident reports however they do have severities (low, high, critical) associated with them that dictate an expected response time. If no response is received account administrators will be re-notified.
SSO (Beta)
- Added a link to Single Sign On (SSO) on the Huntress login page. SSO-enabled users can now log in using the link to "Sign in with SSO" from the Huntress login page. SSO is currently behind a feature flag and target to be released for GA in 2022 Q1. If you are interested in enabling SSO (currently in beta), please reach out to Huntress Support.
ServiceNow
- Removed ServiceNow integration to await further development
Endpoint Isolation
- Added a ‘Endpoint Isolation Recommended’ filter option to the Incident Report table which allows users to search for all incident reports where Huntress recommended endpoint isolation.
- Note: Endpoint isolation does not always occur due to account opt-outs, endpoint exclusions and Huntress SOC overrides.
Ransomware Canaries
- Ransomware Canaries is now enabled by default for all new customer accounts and trials with additional functionality. This new functionality includes:
- Additional canary file types: PDF and XLSX in addition to DOCX
- System profile canaries
- Embedding partner logos and URLs into each canary file
- EFS detection
- An ability to disable canaries at an account level
- Note: a future rollout is planned for existing partners to receive new functionality.
Bug Fixes:
Portal User Experience
- Added frontend validation to require the e-mail address field to be filled out when partner admins add new users to their account.
- Fixed a problem where Partners would see “You are not authorized to perform that action” when viewing host details pages
Release Date: November 2021
Features:
Managed Defender
- Added a filter option to the Managed Defender Dashboard for ‘Other AV'
- This filter option allows admins to see a list of all hosts observed running another antivirus solution that is not Microsoft Defender.
- Updated Managed Defender Health status for Windows 8.1 and Windows Server 2016
- Windows 8.1 and Windows Server 2016 endpoints are deemed Healthy if their NISEngineVersion == 2.1.14600.4 and the NISSignatureVersion == 119.0.0.0. Because this NIS Engine / Signature version is the latest available for these operating systems, these endpoints are now marked Healthy even without recent updates.
- An informational popover is also shown when this condition appears to help admins understand why the endpoint is Healthy without a recent update.
- Moved the Managed Defender service shield icon up in the Huntress dashboard sidebar, making it more easily accessible under the Persistent Footholds section.
Portal User Experience
- Required a comment to be entered for rejected Assisted Remediation plans. Huntress SOC analysts need to know why a given remediation plan is being rejected by a partner so that they can update the incident report appropriately.
- Windows 11 is now officially supported and is identified correctly in the Portal
Bug Fixes:
Managed Defender
-
Fixed bug where the Managed Microsoft Defender Detections tab was not present on the Organization’s Infection Report
- Managed Microsoft Defender Detections were present within the Account > InfectionReport > Show page click path, but not within the Organization > InfectionReport > Show page click path. Managed Microsoft Defender Detections are now seen in both paths.
Portal User Experience
- Fixed a bug where ConnectWise billing syncs were failing for companies that had more than one addition. This is for accounts that have the CW Billing integration feature enabled; please reach out to support if you would like more information.
Release Date: October 2021
Features:
Managed Defender
-
Added Service Status to the Antivirus Product details in the Managed Defender Endpoint page.
- This allows Huntress to identify the status of any antivirus running on a Windows machine, including Windows Server where Microsoft Security Center is not available.
- Windows Servers are now marked as Unmanaged when Defender is not running and an additional AV is detected through the new Service Status.
- Admins can now see both the Microsoft Security Center status and the Service Status of running antivirus products. This additional information will also help troubleshoot situations where there are conflicting antivirus products on a system.
- Added ability to update Policy Mode (Audit/Enforce) at Account and Org Levels
- The policy mode is now part of the configuration policy for an Account or an Org that can be inherited just like any other configuration policy setting. This is so that when new endpoints are onboarded into an existing Account/Org, they can immediately receive the Policy Mode for that Account/Org without having to take additional manual steps.
- Added Inherit Policy Mode bulk action
- This new bulk action allows admins to apply this inheritance setting across multiple endpoints from the Managed Defender dashboard table rather than having to update inheritance by drilling down into each host.
- Added ability to perform Signature Update and Scan for Windows 10 Home
- This allows admins to perform the following actions on Windows 10 Home endpoints at both the host level and as a Bulk Action in the Account/Org Managed Defender dashboards:
- Manual Signature Update
- Manual Quick or Full Scan
- Windows 10 Home will continue to be Incompatible for now due to group policy limitations for enforcing policy configuration settings.
- This allows admins to perform the following actions on Windows 10 Home endpoints at both the host level and as a Bulk Action in the Account/Org Managed Defender dashboards:
Portal User Experience
- Updated the Integrations page and “Send Test” modal to contain more information when errors have occurred with a PSA Integration.
- This will make it easier for Partners to identify and fix problems with their PSA integration configuration.
- Removed Ninja RMM from the list of available integrations.
- Updated the Portal’s support documentation links to point to Zendesk, Huntress’s new product support platform.
- Huntress recently migrated support documentation to Zendesk from Helpscout. To ensure users are directed to the correct resources these links were changed on the Managed Defender dashboard and within the hamburger dropdown menu at the top right corner of the Portal.
Endpoint Isolation (Beta)
- Endpoint Isolation is moving into Public Beta! All accounts should have these features available by 10/20.
- Automated and manual endpoint Isolation can limit the spread of a cyber attack, quarantining the infected endpoint from the rest of the network.
- Partners can opt into Automated Endopoint Isolation for their account within Settings.
- Opting into Automated Endpoint Isolation authorizes Huntress to isolate endpoints when critical malware, such as ransomware, is detected.
- Exclusions can be configured within Account Settings to exclude entire organizations or specific endpoints from automated isolation events.
- Isolated Endpoints will be released from isolation when the associated incident is resolved.
- Manual Endpoint isolation features are also available from the host overview page.
Bug Fixes:
N/A
Release Date: September 2021
Features:
Managed Defender
Added a Managed Defender detector that looks for remediation recommendations from Microsoft Defender so they can be used as Assisted Remediation steps
- Enabled Managed Defender detection filtering from Managed Defender Needs Review, Account, Organization, and Endpoint detection tables so that it’s easier for partners and the Huntress SOC to see specific types of detections.
- Updated Managed Defender endpoint page with new layout
- The Managed Defender endpoint page is restructured and formatted to make the status of Managed Defender for the endpoint clearer to end-users. This includes rearranging table order and table layout within the Managed Defender endoint page.
- The Managed Defender endpoint page has also added an indicator to show the number of policy settings that are out of compliance
- Added ability to delete file upon reboot
- In some situations, incident reports get hung because normal file deletion cannot be completed because the file is in use when we attempt to delete the file. This capability allows us to mark the file for deletion upon reboot if the normal deletion fails. When the machine is finally rebooted, the delete file task can be successfully completed and the report can be closed.
Assisted Remediation
-
Added an assisted remediation option for a full scan to Managed Defender incident reports
- There are some cases where Microsoft Defender recommends a full scan to entirely clear the malware infection.
- Allowed for Reboot and Full Scan Remediations to be added to assisted remediation plans
Bug Fixes:
Managed Defender
- Corrected Managed Defender detection numbers for Monthly/Quarterly Reports
- Corrected sorting Last Seen column by date for Managed Defender dashboard
- Corrected task status of Delete Scheduled Task
- Delete scheduled task playbook items now report that the Delete Scheduled Task succeeded when the file associated with the scheduled task is not found. This corrects the user experience where a delete scheduled task appears as though it failed but in reality, the file is already gone.
Release Date: August 2021
Features:
Managed Defender
- Huntress SOC workflow to investigate high impact Microsoft Defender detections
- New Huntress SOC workflow now allows SOC Analysts to investigate high impact Microsoft defender detections and deliver a Managed Defender incident report to email and/or existing PSA integrations based on the outcome of the investigation
- Huntress SOC can also pull in quarantined files and artifacts from agents above 0.12.18 to support their Managed Defender investigation
Scans
- Retired Weekly Full Scans due to updated recommendations.
- Based on research from the Huntress R&D team, running scheduled Full Scans is no longer recommended by Microsoft. Therefore, Huntress is updating its own recommendation to not regularly run a Defender Full Scan.
- Updated Unhealthy "Scan Required" substatus logic
- An endpoint is now marked as Unhealthy due to "Scan Required" substatus when either a Quick or Full Scan has not run in the last 14 days. Based on recent scanning research, a Quick Scan is also run as part of a Full Scan; this change clears up recent confusion where hosts were deemed as Unhealthy because a Full Scan was run without updating the Quick Scan time.
- Updated portal so that a single "Last Scan Time" column reflects both Quick OR Full Scan Time.
- Because Full Scans are now manual only and reserved for when absolutely necessary (see above), this also resulted in retiring the “Last Full Scan” column in the MAV table. Time of Last Full Scan is still available in the Managed Defender endpoint view.
- Added hover on the "Scheduled Scans" table for failed status that shows failure details.
- Additional failure information details are now available when a manual scan cannot complete; this allows administrative users to have more information to help understand why a manual scan fails.
- Added bulk actions capability for Full Scan, Quick Scan, and Signature Updates
- This provides the ability to easily take necessary action for multiple endpoints. Admins can first sort on which endpoints need a scan or update, then easily run that action for multiple endpoints.
Incident Reports and Assisted Remediation
-
Added task for agent to reboot the endpoint
- The agent now has the ability to task a reboot in preparation for Assisted Remediation actions for Managed Defender. Additional work is still needed to add endpoint reboot as an Assisted Remediation action into an incident report.
- Huntress Incident Reports now display the logged-in user who approved the Assisted Remediation actions.
- The details within Exchange Incident Reports were updated to account for the new ProxyShell vulnerability disclosed in August. This helps partners understand the reports they are receiving and not confuse them with the previous Exchange vulnerability from March 2021.
Partner User Experience (Dashboard)
- Added a popup warning modal for manual Full Scans
- Due to the resource intensive nature of full scans on managed endpoints, this popup modal provides awareness of the potential impact prior to queuing up a scan.
- This appears for Manual Full Scan in the Endpoints view as well as Manual Full Scan Bulk Selection in the main Managed Defender Dashboard table.
- In addition, this modal also calls out the inability to run manual scans for incompatible OSs.
- Added a substatus column in Account View
- This column provides additional context to the health state of the managed endpoints
- Added an informational popover to Managed Defender account / org views that defines "Reported Detection”
- On the Managed Defender account/organizational dashboard, there is a detections graph that shows Managed Defender detections vs reported detections; this popover provides definition and clarification of these items.
- Huntress removed the Exchange vulnerability dashboard notification pop-up for new users. This was a notification that was added after the Exchange vulnerability event back in March 2021.
- Updated default sorting of Detections Table based on most recent detection.
- This helps Partners quickly see the most recent Managed Defender detections in their environment.
- Added "Unmanaged" as an additional primary Status.
- This allows partners to easily identify endpoints already managed by another AV.
- Added Health Substatus column to the Managed Defender endpoints table.
- Allows partners to view the Health Substatus for endpoints in order to easily identify what actions need to be taken
- Added a Managed Defender Substatus filter.
- Allows partners to limit the endpoint list view based on status in order to assist on specific workflows, such as running a bulk signature update for out-of-date endpoints.
- Added an Organization column to the Managed Defender Account View.
- Allows account-level users to clearly identify what hosts belong to what organizations.
- Added a "Reported Detections" plotline to Managed Defender Dashboard Detections Graph.
- This allows partners to know and understand how many detections were included in an incident report in a given week compared to the Total Detections.
Partner Enablement Service (PES)
Developed Asset Collections, enabling the Huntress Marketing team to group related content together within one Asset, similar to a folder. Assets can be downloaded individually or all together from a Collection. This makes it so Partners no longer have to download entire zip files from PES.
Threat Summary Reports
-
Account admins now receive a more detailed threat summary report, which includes a breakdown of each Huntress service (Footholds, Canaries, Managed Defender, Incident Summary).
- Partners can now generate reports using a custom date range (up to 90 days)!
- Created new Detailed Threat Reports at the account level that includes additional pages geared towards account admins / MSP owners. The new pages include an Incident Log for all critical/high incidents and a Managed Defender page, detailing detection triage data. These reports provide account users detailed threat data on the variety of services that Huntress offers.
- Added the ability for Partners to specify custom Threat Report timeframes, to better customize reports for their end-users.
Bug Fixes:
Billing
Fixed Partner accounts that were affected by cross-month billing errors within Huntress’s payment processing system.
Release Date: July 2021
Features:
Incident Reports
- The Managed Defender detector framework is tuned and refined in preparation for sending a limited set of actionable Managed Defender Incident Reports to partners. Delivery of a limited set of actionable Managed Defender incident reports will begin around the week of July 26 to existing account integrations. This will include detections that have a ‘quarantine/remove failed’ threat status and will only apply for hosts in Managed Defender Enforce mode.
Scans
- Manual Full Scanning is now available for all hosts. This allows partners to trigger an ad-hoc full scan in cases where a full scan has not been performed or if there is a significant event that would warrant running an immediate Full Scan.
Partner User Experience (Dashboard) for Managed Antivirus
- “Mode” column and “Policy Status” column are now merged to simplify how admins determine why a host is Non Compliant.
- The Policy Status column now has the following statuses, which includes Audit Mode:
- Audit: Host is in Audit Mode (no compliance status)
- Compliant: Host is in Enforce Mode; current settings match the configuration policy
- Not Compliant: Host is in Enforce Mode; current settings do not match the configuration policy
- Pending: Host is in Enforce Mode; policy status has changed, waiting for the endpoint to take on the new configuration changes.
- Unknown: Host has not checked in or does not have a survey with Managed Defender details
- Compliant / Non Compliant are now treated as sub statuses of Enforce mode in the UI.
- The Policy Status column now has the following statuses, which includes Audit Mode:
- "Agent Outdated" substatus.
- Added an “Agent Outdated” substatus for Agents who are running version < 12.2. This is in order to highlight agents that do not support Managed Defender and therefore cannot be managed by Managed Defender.
- “Offline” substatus.
- Added “Offline” substatus for agents where Last Seen > 60 min. This is to understand why an agent has not recently scanned or has out-of-date definitions because it has not updated its status to Huntress.
- “Missing” registered AV status to identify 3rd Party AV on Windows Workstation OS.
- Added a “Missing” substatus for Registered Antivirus. This is to verify what 3rd party AVs are still registered to Windows but are not actually present on the host. This story is primarily related to a common scenario in which Webroot does not fully uninstall cleanly (it still appears to be registered to the OS but isn't actually installed or running).
- Huntress Recommended Defaults has now been enabled for all accounts in order to easily provision best-practice configuration settings for Managed Defender.
- Updated incident report and the Defender detection display on the Managed defender dashboard.
- The Managed Defender incident report display was updated to match the main Huntress dashboard incident report display, showing active and resolved Managed Defender incidents.
- Clicking on Resolved Incidents or Active Incidents will take the user to a pre-filtered view of the incidents reports table.
- A “Defender Detections by Week” chart was added to the Managed Defender dashboard.
- A “View All Detections” button on the chart now takes users to all Defender detections for the given Org or Account
Threat Reports
- Updated the Monthly/Quarterly Threat Reports that Huntress sends to Partners.
- The monthly and quarterly Huntress Threat Reports have been updated to include additional Huntress service data. The 'Autoruns Reviewed' section of the report has been changed to 'Potential Threat Indicators' and now also considers Managed Defender (MAV) detections and Ransomware Canaries triggered. In addition to the threat data changes, other cosmetic and wording changes were made to highlight our Partner's security team, rather than Huntress directly.
- To provide Partners with requested incident metric data and highlight the value that Huntress provides, an Incident Summary page was added to the Threat Reports which breaks down incident data by severity, identifying service, virus types, and devices targeted
Ransomware Canaries
- Added an opt-out toggle for Partner Admins to opt-out of the Ransomware Canaries service across their account via the account settings. Opting out of the service will remove Ransomware Canaries from all hosts in the account. It may take several days for the removal to complete, and agents must be online for the files to be removed.
- Canaries V2 are currently undergoing Huntress Insider testing. V2 will be rolled out to all Partners later this Summer.
SSO / SAML
- Added additional features to support SSO/SAML rollout to Huntress customers:
- A UI was added for account administrators to setup SAML SSO. Partner Admins can specify the parameters required to set-up SAML for their account (SSO service URL, entity ID, certificate, etc).
- Account administrators can enable/disable SSO. This enables Partner Admins to disable/enable SSO without having to delete and re-create SSO details.
PSA Integrations
- Updated the ConnectWise Test Ticket Interface to have more clear error messaging to Partners when a test ticket can not be sent, such as when an Account is missing a default mapping.
- Improved usability of the PSA integration org mapping tables.
- When configuring explicit mappings for PSA integrations, it’s helpful to know and understand what mappings have been created and if there are additional configurations required without having to page through all mappings. This update provides admins with a visual cue to understand how many Huntress orgs still need to be mapped.
- Added the ability to send a test ticket via the Portal for the Kaseya BMS integrations.
- When setting up a PSA integration, it is helpful to have a test ticket sent so that an admin can validate that the integration is functional and have confidence that they will receive incident reports that are sent through the integration.
- Sending a test ticket was already available for ConnectWise manage; this capability has now been extended to other PSA integrations.
Partner Enablement Service (PES)
- Built a filter feature to allow users to search marketing assets within the PES dashboard using asset tags. Tags are defined and added to assets by the Huntress marketing team in order to organize/categorize assets.
Bug Fixes:
- Fixed a bug between the Huntress Portal and Huntress’s backend payment processing system that caused customers to be stuck in the activation state and not receive a Huntress invoice.
- Fixed an issue in the Autotask integration where the primary customer account was not available for selection when mapping Huntress organizations.
- Added a hostname check to the agent deduplication logic in order to determine agent uniqueness when an agent with the same hardware ID registers with the Portal.
- Customers using the Kaseya BMS Integration are now able to load more than 100 records when mapping to Huntress organization IDs. Pagination was added to improve Partner user experience and allow for more efficient page loads.
- Improved Partner user experience and allowed for more efficient page loads in the Portal for Partners with a 1000+ accounts in their Autotask integration.
- Fixed billing address validation checks on the Huntress subscription page, which was causing new customer sign-up issues.
- Changed billing address logic to only require a postal code for US and GB addresses.
Release Date: June 2021
Features:
SSO / SAML
- Added support at the Account level for Single Sign-On (SSO) with most SAML 2.0 providers, including Google Apps, Okta, Duo, and Microsoft 365/Azure AD. This is helpful to streamline user experience to reduce the number of accounts/passwords that need to be tracked and monitored by the partner; it may also potentially improve security by allowing users to consolidate accounts to a smaller set of strong MFA-enabled accounts rather than a myriad of weak passwords across all supported apps. Setup guide: SAML SSO Setup
Integrations
- Enabled Partners to configure their ConnectWise integration so that they could have their invoiced agents quantities synced to ConnectWise from the Portal. This allows partners using the ConnectWise interface to more easily know what to bill their customers without having to manually update billing quantities based on their Huntress monthly invoices. This billing integration is currently available to customers who reach out as a beta and will be rolled out to all customers in the future. For more information, please see our support page: ConnectWise Manage Billing Sync (Beta)
- Enhanced Datto Autotask PSA and Kaseya BMS integrations in order to support both default and explicit mappings between a Huntress Organization and a PSA company.
Partner Enablement Service (PES)
- We added an informational modal for Resellers that explains monthly vs annual billing options.
- To make it easier for Resellers to understand why we need a Credit card for monthly billing, and how they will be invoiced for annual billing, the team added an informational (i) icon on the revamped Subscription modal and the billing settings page.
- Huntress now allows Resellers to enter a purchase order (PO) number per annual subscription/contract
- To make billing and payments easier for customers, specifically, customers who want to pay via "push" ACH, we needed a way for them to add a PO number during checkout. The PO number entered then populates onto all invoices Huntress’s payment processing provider generates. This aids the accounting departments of Resellers and reduces manual communications for Huntress’s Finance department.
- Huntress now supports Affiliate, aka Referral, Partners. This new Partner type will be provided with a special purpose Reseller Dashboard, enabling AppSmart and their Sub Agents to refer Huntress to prospective customers. The program enables Affiliates to create accounts for prospective customers, start free trials, and receive commission payouts from Huntress when customers sign-up for service.
- In the future, Huntress will be enabling features to accommodate additional channel personas, such as Security Consultants and Incident Response Partners.
Managed Defender (Beta)
- Minor UI enhancements
- We made a few small adjustments to the Managed Defender user interface, particularly in relation to an upcoming feature: Huntress Recommended Defaults
- Updated the Managed Defender Detections table to improve the usability of the information showcased; this includes additional information columns, granular tael export, and an updated table layout.
MFA (2FA)
- Enabled recovery 2FA 'life raft' functionality at the Organization-level.
- We added the ability for account administrators and reseller administrators (on accounts that are Huntress Managed) to initiate the recovery process for organization users who have lost their 2FA credentials.
-
Enforced 2FA/MFA
- Allowed account administrators under account settings to opt-in to 2FA enforcement, enforcing 2FA for all of their users.
- 2FA vulnerability fixes
- Restricted 2FA setup wizard to users who actually need to set up 2FA.
- Previously the 2FA setup wizard was accessible to anyone at any time. This was allowed for testing but created the potential for 2FA to be bypassed after logging in. This was done by navigating to the backup code and verification pages.
- Restricted 2FA setup wizard to users who actually need to set up 2FA.
- Stopped allowing users to disable 2FA when they belong to an account that enforces 2FA. Previously, if a user had belonged to 2 accounts, and one of the accounts didn’t enforce 2FA, they could disable their 2FA, even though the secondary account required it.
Agent Deduplication
- Huntress noticed that some partners save a deployed Huntress agent as a VM-baseline, and then clone the VM as needed. In these situations, only a single agent is shown under the Organization in the Portal versus an agent for each system. For Huntress agent 0.12.12 or higher, Huntress will now perform backend de-duplication of agents so that even when baseline systems are cloned, they will show up as separate hosts in the Portal.
Bug Fixes:
N/A
Release Date: May 2021
Features:
Managed Defender (Beta)
-
New and Upcoming Feature: Huntress Recommended Defaults. This offers Huntress's security expertise to help enforce recommended settings to managed endpoints, providing a secure foundation to our Partners' configuration. These settings are part of an initial effort to roll Huntress's recommended settings to partners to ease overall management and maintain best-practice configuration and compliance.
- Huntress Recommended Defaults provide best practice configuration of Microsoft Defender security settings in Windows to take advantage of Microsoft Defender capabilities.
- Partners can now choose to Inherit Huntress Recommended Defaults at the Account level to easily set a base recommended configuration set, enabling the ability to easily set secure Defender best practices.
- This feature will be rolled out in phases, starting with new Huntress accounts and then to existing accounts (if you would like to this feature earlier, please contact support.
Note that the following are for Windows Server 2012+ and Windows 8 +
Managed Defender (Beta)
- Applied defaults for Managed Defender quarantine and scan settings
- When Managed Defender is set to Enforce, Huntress actively applies the following Microsoft Defender Quarantine configuration:
- Set "Configure removal of items from Quarantine folder" to disabled (matches Defender default setting). This is to ensure that Microsoft Defender does not automatically remove files in quarantine, maintaining those files for future and potential investigation by the Huntress SOC if needed.
- When Managed Defender is set to Enforce, Huntress actively applies the following Microsoft Defender Scanning defaults:
- Set "Scan archive files", "Scan network files", "Scan packed executables", and "Scan removable drives" to Enabled; (matches Defender default settings). This is to ensure that Defender has full scanning visibility to all aspects of the endpoint environment.
- When Managed Defender is set to Enforce, Huntress actively applies the following Microsoft Defender Quarantine configuration:
- Applied defaults for Managed Defender Network Inspection Service-related items.
- When Managed Defender is set to Enforce, we apply the following Microsoft Defender Network Inspection settings:
- Set "Turn on definition retirement" and "Turn on protocol recognition" to enabled (matches Defender default settings). This is to ensure maximum security efficacy and resource utilization for the Network Inspection Service
- When Managed Defender is set to Enforce, we apply the following Microsoft Defender Network Inspection settings:
- Updated hover text for Managed Defender update (Windows 10 Home).
- For Windows 10 Home, the wording for the Hover text was "Not Compatible - Huntress does not currently support this OS." We have changed it to say "Not Compatible with Managed Defender - Huntress Managed Defender does not currently support this OS". This is to clarify that Windows 10 Home is only not compatible with Managed Defender, but is still supported with other Huntress services.
- Allowed partners to suppress all notifications via the Managed Defender settings interface.
- Users are now able to select whether or not they want end-user UI notifications from Microsoft Defender. This allows our partners to control the visibility of Defender alerts to prevent their users from being potentially alarmed by Microsoft Defender notifications.
MFA (2FA)
- Huntress is releasing the ability to enforce multi-factor authentication (MFA) for all users in an account. This is a critical security feature that safeguards the Huntress platform from attempted brute-force intrusions.
- MFA/2FA will be enforced in August 2021 for all Huntress users.
- This MFA enforcement will include:
- Requiring Time-Based One-Time Passwords (TOTP) 2FA setup when registering a new account.
- Requiring existing users, within an MFA-enabled account, to set up MFA when logging in if not already set up.
- Requiring new users to set up MFA, when they are invited to join an existing account.
- Currently, this feature is in beta and can be enabled per account.
Integration
- Partners who use the ConnectWise integration can now send a test ticket to their default configured mapping. This helps partners verify that their PSA integration is functioning properly (the test button is located on the integrations settings page next to your ConnectWise integration).
Partner User Experience
- The Portal now displays host service pack information correctly for Windows 10 systems. This info is helpful for Partners and the Huntress SOC to understand the current OS version.
Bug Fixes:
Managed Defender
- Antivirus exclusion policy auditing was treating case sensitivity as a non-match on Windows endpoints, resulting in policies showing ‘non-compliant in the portal. This is fixed by down-casing and de-duplicating each string before comparison, improving the accuracy of policy assessments.
Release Date: April 2021
Features:
Managed Defender (Beta)
- Introduced "3rd Party AV" status reasons for unhealthy defender endpoints to give context to partners that run other AV services on their endpoints.
- A Manual Signature Update button is available in the Huntress Dashboard to force a signature update as needed at the endpoint level. Partners requested this Managed Defender feature to ensure their endpoints were updated with the latest signatures.
- Default values were added to always receive signature updates from Microsoft Update and ensure signatures are checked for updates at every startup when Managed Defender settings are in “Enforce” mode. This ensures that Defender Signatures are regularly updated on managed endpoints.
Bug Fixes:
Managed Defender CPU utilization is capped at 30% to prevent deleterious configuration settings that could negatively impact managed hosts.
- The Microsoft Defender Detection Time in the Huntress Dashboard has been changed to display the timestamp for when the detection was logged by Defender instead of the time that Huntress first saw the detection event. This will clarify when a Microsoft Defender detection was seen on a device that came from an infection before installing Huntress.