Summary: Huntress updates detailed with features and bug fixes.
For recent release notes, see Huntress Release Notes and Agent Version
Table of Contents
2022 Jan Feb Mar Apr May Jun Jul Aug Oct Nov Dec
2021 Apr May Jun Jul Aug Sep Oct Nov Dec
Historical Release Notes
Release Date: December 2022
Features:
Security Awareness Training
-
MSPs can now upload a logo and set color at the partner level to brand all SAT emails that go to end customers without having to repeat it for each end-customer. Just go to the partner portal → settings → branding. MSPs can still drill down into customer organizations and override for individual customers if needed.
Bug Fixes:
Managed Antivirus
-
Fixed an issue that could result in a host being incorrectly marked as unhealthy due to Defender settings.
Release Date: November 2022
Features:
macOS
- The Huntress macOS Agent for Persistent Footholds is now generally available! For more information and details, please visit our Huntress macOS documentation:
Managed AV
- Added new logic to auto-remedy unhealthy endpoints due to scanning or signatures being out of date to reduce the amount of unhealthy endpoints without needing any partner interaction.
- Improved the logic we use to set Managed AV policies to reduce the amount of non-compliant endpoints due to policies not applying properly.
Bug Fixes:
-
N/A
Release Date: October 2022
Features:
Managed Antivirus
-
Huntress Managed Antivirus now supports policy configuration for Windows 10 Home and Windows 11 Home
macOS
- Added macOS patch version for macOS agents into the portal.
- Updated the monthly and quarterly reports to include information on macOS hosts
- Added serial number to the portal Host view
- Added the following parameters to the `Agents` API endpoint:
- platform: The platform of the host machine (darwin or windows)
- os_patch_version: The patch version of the macOS update installed on the host machine, such as 1 in version 12.5.1
- serial number: The serial number of the host machine as reported to the operating system
- Launched the macOS GUI installer and implemented foundational work to prepare for the upcoming GA rollout and end of Catalina support.
Integrations
-
Implemented links to setup documentation on integration pages in order to make the documentation more accessible.
-
Implemented support for specific company selection when sending test PSA tickets.
- Implemented additional mappings in ConnectWise in order to improve customer workflow experience within ConnectWise
Bug Fixes:
-
N/A
Release Date: August 2022
Features:
Process Insights
-
Process Insights is now Generally Available to all Huntress customers. See our press release for more details.
Bug Fixes:
-
N/A
Release Date: July 2022
Features:
Managed Antivirus
- Managed Antivirus is now supported on Windows Server 2012 R2 hosts with MDE - for more details, see our support article.
Huntress API
- The Huntress API provides programmatic access to your data in the Huntress Managed Security Platform. It’s designed to improve mapping and integration between MSP services, assist billing reconciliation and support operational dashboards.
- A new option, API Credentials, is now present under Account Settings in the Huntress Portal. A short wizard will help generate account credentials to authenticate requests for account data. Learn more about the Huntress API here: Huntress REST API
macOS
- Public Beta is now available for macOS!
- Special request is no longer needed to access the macOS agent. For access to the macOS agent install script, navigate to the top right hamburger menu in your Huntress Portal and go to “Download Agent”.
- More information can be found with our macOS Beta FAQ
Bug Fixes:
-
N/A
Release Date: June 2022
Features:
Portal Updates
-
To help MSPs that have dedicated finance and marketing staff apply the principle of least-privileged access, we have added two new roles at the account level.
- The new “Finance” role is limited to viewing past invoices, viewing Huntress invoices and receipts (including the invoice drill down showing agent breakdown by organization) as well as making updates to payment information, and billing contact.
- The Marketing role only allows access to the Partner Enablement System (PES). Neither of these roles have access to security reports, configurations, or access to customer organizations (unless explicitly added at the org level.)
SSO
- SSO account-wide enforcement now requires successful user login before it can be enabled. This is to prevent account lockout.
Bug Fixes:
-
N/A
Release Date: May 2022
Features:
API
- The Huntress API has been released into Public Beta which will allow partners to programmatically gather agent, organization and incident report data. Check out our blog for more information!
Ransomware Canaries
- Partners can now add exclusions at the organization and host level for Ransomware Canaries. Adding an exclusion will prevent canaries from being deployed on the excluded hosts; excluded hosts with existing canaries will have their canaries removed. Configuration options for exclusions can be found on the account settings page.
Role Based Access Control
- MSP org admins are now able to approve assisted remediations. Historically this was limited to account admins and reseller org admins. This change enables MSPs with co-managed customers and with staff members limited to a subset of customers to better leverage the Huntress platform.
macOS
- Private Beta: The Huntress macOS agent is now available in private beta! For more information, please check out this FAQ for more details, including how to be added to the private beta.
Bug Fixes:
Managed Antivirus
-
Bulk MAV scan actions will no longer result in an error when overlapping with hosts already running a scan.
Release Date: April 2022
Features:
Process Insights
- Incidents with associated process detections or MAV detections will now have assisted remediations automatically added if recommended. This functionality is available with Huntress agent v0.13.10+.
Managed Antivirus
- Managed Antivirus now supports user configuration for Removable Drive Scanning.
ACH Payment Support
Portal User Experience
- Added Kaseya’s Business Mgmt. Solution for Asia Pacific customers (BMPS APAC) as a server dropdown option for the Kaseya BMS integration.
- Added manual remediation and resolution features to incident reports, enabling partners to close incident reports that do not have assisted remediations.
- Monthly and Quarterly Threat Summary reports as well as the weekly summaries now come from noreply@huntress.io to avoid partner confusion and spam email filtering
- The Exclusions portion of the Account Settings page now has a searchable, sortable, tabbed layout to make it easier for partners to configure a variety of exclusion types.
Bug Fixes:
SSO / MFA
- Resolved a potential security issue where account admins were able to bypass SSO/MFA by resetting their password. Using the reset password link in their email allowed the user to gain access to the Huntress console.
Release Date: March 2022
Features:
Portal User Experience
- Added a link to the incident report inside the emails and PSA tickets that Huntress sends to partners enabling MSP technicians to quickly lookup the associated report in the Portal.
- Added copy functionality to the SHA256 value on the collected files page to allow analysts and partners to easily copy and reference the SHA hash
Bug Fixes:
-
N/A
Release Date: February 2022
Features:
Host Isolation
-
The newest version of the Huntress Agent 0.13.4 supports Windows Filtering Platform as a fallback Host Isolation mechanism when GPO-based isolation fails.
SSO / MFA
-
Single-Sign-On (SSO) SSO general availability is now available! Now, account administrators can enforce SSO for all account-level users and disable 2FA when SSO is enabled. For more information, please visit the SAML SSO Informational Page.
Bug Fixes:
-
N/A
Release Date: January 2022
Features:
Host Isolation
- Hosts running the latest 0.12.44 agent and above will now verify their isolation status using a network connectivity check. If the host fails to isolate, the Portal will communicate this clearly to partners and revert any changes to the host firewall and registry.
Ransomware Canaries
- New features to Ransomware Canaries will roll out to existing partners over the next several weeks and will be enabled by default. New features include:
- Additional canary file types: PDF and XLSX in addition to DOCX
- System profile canaries
- Embedding partner logos and support URLs into each canary file
- EFS detection
- Ability to disable canaries at an account level
- For more details, please refer to Huntress Blog and Product Support.
Portal User Experience
- Added a banner warning accounts with Windows Server 2008 non-R2 or Windows Vista agents that those OS versions will soon reach the end of support with Huntress. These operating systems will reach end-of-support on Feb 4th.
- Implemented detailed Threat Summary reporting at the Organization level
- This feature can be enabled via a setting called “Provide Detailed Organization Reporting” - when enabled, the organization-level reports will have the same detail as the account-level reports.
- Updated our individual “Service Dashboards” layout to distinguish visualizations.
- We added “Service Banners” with the “Service Title” and a brief, on-click information popover which includes a link to our knowledge base to learn more.
- Introduced an “Agent Status” filter to both Account and Organization level Agents pages.
- Filter agents by Unresponsive, Outdated, and Isolated states. As well as view “Service Exclusions,” e.g., Host Isolation.
SSO (BETA)
- Removed requirement forcing new SSO-enabled user accounts to pre-set their password prior to using SSO.
- Account administrators can now enforce SSO for all account users.
- Account administrations can also disable 2FA when SSO is both enabled and enforced.
Ransomware Canaries
- Updates to Ransomware Canaries are currently being rolled out to all partners and accounts over the next several weeks. Accounts that are part of the rollout will now see a modal that provides more information on the changes. See here for more details.
Bug Fixes:
-
N/A
Release Date: December 2021
Features:
Escalations
- A Huntress Escalation is used to notify Huntress account administrators that something in their account requires attention.
- The first supported Escalation type will be for misconfigured PSAs. Huntress will notify you via email if we cannot send an incident report.
- Escalations are not incident reports however they do have severities (low, high, critical) associated with them that dictate an expected response time. If no response is received account administrators will be re-notified.
SSO (Beta)
- Added a link to Single Sign On (SSO) on the Huntress login page. SSO-enabled users can now log in using the link to "Sign in with SSO" from the Huntress login page. SSO is currently behind a feature flag and target to be released for GA in 2022 Q1. If you are interested in enabling SSO (currently in beta), please reach out to Huntress Support.
ServiceNow
- Removed ServiceNow integration to await further development
Host Isolation
- Added a ‘Host Isolation Recommended’ filter option to the Incident Report table which allows users to search for all incident reports where Huntress recommended host isolation.
- Note: host isolation does not always occur due to account opt-outs, host exclusions and Huntress SOC overrides.
Ransomware Canaries
- Ransomware Canaries is now enabled by default for all new customer accounts and trials with additional functionality. This new functionality includes:
- Additional canary file types: PDF and XLSX in addition to DOCX
- System profile canaries
- Embedding partner logos and URLs into each canary file
- EFS detection
- An ability to disable canaries at an account level
- Note: a future rollout is planned for existing partners to receive new functionality.
Bug Fixes:
Portal User Experience
- Added frontend validation to require the e-mail address field to be filled out when partner admins add new users to their account.
- Fixed a problem where Partners would see “You are not authorized to perform that action” when viewing host details pages
Release Date: November 2021
Features:
Managed Antivirus
- Added a filter option to the Managed AV Dashboard for ‘Other AV'
- This filter option allows admins to see a list of all hosts observed running another antivirus solution that is not Microsoft Defender.
- Updated MAV Health status for Windows 8.1 and Windows Server 2016
- Windows 8.1 and Windows Server 2016 endpoints are deemed Healthy if their NISEngineVersion == 2.1.14600.4 and the NISSignatureVersion == 119.0.0.0. Because this NIS Engine / Signature version is the latest available for these operating systems, these hosts are now marked Healthy even without recent updates.
- An informational popover is also shown when this condition appears to help admins understand why the host is Healthy without a recent update.
- Moved the Managed Antivirus service shield icon up in the Huntress dashboard sidebar, making it more easily accessible under the Persistent Footholds section.
Portal User Experience
- Required a comment to be entered for rejected Assisted Remediation plans. Huntress SOC analysts need to know why a given remediation plan is being rejected by a partner so that they can update the incident report appropriately.
- Windows 11 is now officially supported and is identified correctly in the Portal
Bug Fixes:
Managed Antivirus
-
Fixed bug where the Antivirus Detections tab was not present on the Organization’s Infection Report
- Antivirus Detections were present within the Account > InfectionReport > Show page click path, but not within the Organization > InfectionReport > Show page click path. Antivirus Detections are now seen in both paths.
Portal User Experience
- Fixed a bug where ConnectWise billing syncs were failing for companies that had more than one addition. This is for accounts that have the CW Billing integration feature enabled; please reach out to support if you would like more information.
Release Date: October 2021
Features:
Managed Antivirus
-
Added Service Status to the Antivirus Product details in the Managed Antivirus Host page.
- This allows Huntress to identify the status of any antivirus running on a Windows machine, including Windows Server where Microsoft Security Center is not available.
- Windows Servers are now marked as Unmanaged when Defender is not running and an additional AV is detected through the new Service Status.
- Admins can now see both the Microsoft Security Center status and the Service Status of running antivirus products. This additional information will also help troubleshoot situations where there are conflicting antivirus products on a system.
- Added ability to update Policy Mode (Audit/Enforce) at Account and Org Levels
-
The policy mode is now part of the configuration policy for an Account or an Org that can be inherited just like any other configuration policy setting. This is so that when new hosts are onboarded into an existing Account/Org, they can immediately receive the Policy Mode for that Account/Org without having to take additional manual steps.
-
- Added Inherit Policy Mode bulk action
- This new bulk action allows admins to apply this inheritance setting across multiple hosts from the MAV dashboard table rather than having to update inheritance by drilling down into each host.
- Added ability to perform Signature Update and Scan for Windows 10 Home
- This allows admins to perform the following actions on Windows 10 Home endpoints at both the host level and as a Bulk Action in the Account/Org MAV dashboards:
- Manual Signature Update
- Manual Quick or Full Scan
-
Windows 10 Home will continue to be Incompatible for now due to group policy limitations for enforcing policy configuration settings.
- This allows admins to perform the following actions on Windows 10 Home endpoints at both the host level and as a Bulk Action in the Account/Org MAV dashboards:
Portal User Experience
- Updated the Integrations page and “Send Test” modal to contain more information when errors have occurred with a PSA Integration.
- This will make it easier for Partners to identify and fix problems with their PSA integration configuration.
- Removed Ninja RMM from the list of available integrations.
- Updated the Portal’s support documentation links to point to Zendesk, Huntress’s new product support platform.
- Huntress recently migrated support documentation to Zendesk from Helpscout. To ensure users are directed to the correct resources these links were changed on the Managed Antivirus dashboard and within the hamburger dropdown menu at the top right corner of the Portal.
Host Isolation (Beta)
- Host Isolation is moving into Public Beta! All accounts should have these features available by 10/20.
- Automated and manual host Isolation can limit the spread of a cyber attack, quarantining the infected host from the rest of the network.
- Partners can opt into Automated Host Isolation for their account within Settings.
- Opting into Automated Host Isolation authorizes Huntress to isolate hosts when critical malware, such as ransomware, is detected.
- Exclusions can be configured within Account Settings to exclude entire organizations or specific hosts from automated isolation events.
- Isolated hosts will be released from isolation when the associated incident is resolved.
- Manual host isolation features are also available from the host overview page.
Bug Fixes:
-
N/A
Release Date: September 2021
Features:
Managed Antivirus
-
Added a MAV detector that looks for remediation recommendations from Defender so they can be used as Assisted Remediation steps
- Enabled MAV detection filtering from MAV Needs Review, Account, Organization, and Host detection tables so that it’s easier for partners and the Huntress SOC to see specific types of detections.
- Updated Managed Antivirus host page with new layout
- The MAV host page is restructured and formatted to make the status of MAV for the host clearer to end-users. This includes rearranging table order and table layout within the MAV hosts page.
- The MAV host page has also added an indicator to show the number of policy settings that are out of compliance
- Added ability to delete file upon reboot
- In some situations, incident reports get hung because normal file deletion cannot be completed because the file is in use when we attempt to delete the file. This capability allows us to mark the file for deletion upon reboot if the normal deletion fails. When the machine is finally rebooted, the delete file task can be successfully completed and the report can be closed.
Assisted Remediation
-
Added an assisted remediation option for a full scan to MAV incident reports
-
There are some cases where Defender recommends a full scan to entirely clear the malware infection.
-
-
Allowed for Reboot and Full Scan Remediations to be added to assisted remediation plans
Bug Fixes:
Managed Antivirus
- Corrected MAV detection numbers for Monthly/Quarterly Reports
- Corrected sorting Last Seen column by date for Managed Antivirus dashboard
- Corrected task status of Delete Scheduled Task
- Delete scheduled task playbook items now report that the Delete Scheduled Task succeeded when the file associated with the scheduled task is not found. This corrects the user experience where a delete scheduled task appears as though it failed but in reality, the file is already gone.
Release Date: August 2021
Features:
Managed Antivirus
- Huntress SOC workflow to investigate high impact Defender detections
- New Huntress SOC workflow now allows SOC Analysts to investigate high impact defender detections and deliver a MAV incident report to email and/or existing PSA integrations based on the outcome of the investigation
- Huntress SOC can also pull in quarantined files and artifacts from agents above 0.12.18 to support their MAV investigation
Scans
- Retired Weekly Full Scans due to updated recommendations.
- Based on research from the Huntress R&D team, running scheduled Full Scans is no longer recommended by Microsoft. Therefore, Huntress is updating its own recommendation to not regularly run a Defender Full Scan.
- Updated Unhealthy "Scan Required" substatus logic
- A host is now marked as Unhealthy due to "Scan Required" substatus when either a Quick or Full Scan has not run in the last 14 days. Based on recent scanning research, a Quick Scan is also run as part of a Full Scan; this change clears up recent confusion where hosts were deemed as Unhealthy because a Full Scan was run without updating the Quick Scan time.
- Updated portal so that a single "Last Scan Time" column reflects both Quick OR Full Scan Time.
- Because Full Scans are now manual only and reserved for when absolutely necessary (see above), this also resulted in retiring the “Last Full Scan” column in the MAV table. Time of Last Full Scan is still available in the MAV host view.
- Added hover on the "Scheduled Scans" table for failed status that shows failure details.
- Additional failure information details are now available when a manual scan cannot complete; this allows administrative users to have more information to help understand why a manual scan fails.
- Added bulk actions capability for Full Scan, Quick Scan, and Signature Updates
- This provides the ability to easily take necessary action for multiple hosts. Admins can first sort on which hosts need a scan or update, then easily run that action for multiple hosts.
Incident Reports and Assisted Remediation
-
Added task for agent to reboot the host
- The agent now has the ability to task a reboot in preparation for Assisted Remediation actions for MAV. Additional work is still needed to add host reboot as an Assisted Remediation action into an incident report.
- Huntress Incident Reports now display the logged-in user who approved the Assisted Remediation actions.
- The details within Exchange Incident Reports were updated to account for the new ProxyShell vulnerability disclosed in August. This helps partners understand the reports they are receiving and not confuse them with the previous Exchange vulnerability from March 2021.
Partner User Experience (Dashboard)
- Added a popup warning modal for manual Full Scans
- Due to the resource intensive nature of full scans on managed endpoints, this popup modal provides awareness of the potential impact prior to queuing up a scan.
- This appears for Manual Full Scan in the Hosts view as well as Manual Full Scan Bulk Selection in the main MAV Dashboard table.
- In addition, this modal also calls out the inability to run manual scans for incompatible OSs.
- Added a substatus column in Account View
- This column provides additional context to the health state of the managed endpoints
- Added an informational popover to MAV account / org views that defines "Reported Detection”
- On the MAV account/organizational dashboard, there is a detections graph that shows MAV detections vs reported detections; this popover provides definition and clarification of these items.
- Huntress removed the Exchange vulnerability dashboard notification pop-up for new users. This was a notification that was added after the Exchange vulnerability event back in March 2021.
- Updated default sorting of Detections Table based on most recent detection.
- This helps Partners quickly see the most recent MAV detections in their environment.
- Added "Unmanaged" as an additional primary Status.
- This allows partners to easily identify endpoints already managed by another AV.
- Added Health Substatus column to the MAV hosts table.
- Allows partners to view the Health Substatus for endpoints in order to easily identify what actions need to be taken
- Added a MAV Substatus filter.
- Allows partners to limit the host list view based on status in order to assist on specific workflows, such as running a bulk signature update for out-of-date hosts.
- Added an Organization column to the MAV Account View.
- Allows account-level users to clearly identify what hosts belong to what organizations.
- Added a "Reported Detections" plotline to MAV Dashboard Detections Graph.
- This allows partners to know and understand how many detections were included in an incident report in a given week compared to the Total Detections.
Partner Enablement Service (PES)
-
Developed Asset Collections, enabling the Huntress Marketing team to group related content together within one Asset, similar to a folder. Assets can be downloaded individually or all together from a Collection. This makes it so Partners no longer have to download entire zip files from PES.
Threat Summary Reports
-
Account admins now receive a more detailed threat summary report, which includes a breakdown of each Huntress service (Footholds, Canaries, MAV, Incident Summary).
- Partners can now generate reports using a custom date range (up to 90 days)!
- Created new Detailed Threat Reports at the account level that includes additional pages geared towards account admins / MSP owners. The new pages include an Incident Log for all critical/high incidents and a MAV page, detailing detection triage data. These reports provide account users detailed threat data on the variety of services that Huntress offers.
- Added the ability for Partners to specify custom Threat Report timeframes, to better customize reports for their end-users.
Bug Fixes:
Billing
-
Fixed Partner accounts that were affected by cross-month billing errors within Huntress’s payment processing system.
Release Date: July 2021
Features:
Incident Reports
- The MAV detector framework is tuned and refined in preparation for sending a limited set of actionable MAV Incident Reports to partners. Delivery of a limited set of actionable MAV incident reports will begin around the week of July 26 to existing account integrations. This will include detections that have a ‘quarantine/remove failed’ threat status and will only apply for hosts in MAV Enforce mode.
Scans
- Manual Full Scanning is now available for all hosts. This allows partners to trigger an ad-hoc full scan in cases where a full scan has not been performed or if there is a significant event that would warrant running an immediate Full Scan.
Partner User Experience (Dashboard) for Managed Antivirus
- “Mode” column and “Policy Status” column are now merged to simplify how admins determine why a host is Non Compliant.
- The Policy Status column now has the following statuses, which includes Audit Mode:
- Audit: Host is in Audit Mode (no compliance status)
- Compliant: Host is in Enforce Mode; current settings match the configuration policy
- Not Compliant: Host is in Enforce Mode; current settings do not match the configuration policy
- Pending: Host is in Enforce Mode; policy status has changed, waiting for the endpoint to take on the new configuration changes.
- Unknown: Host has not checked in or does not have a survey with MAV details
- Compliant / Non Compliant are now treated as sub statuses of Enforce mode in the UI.
- The Policy Status column now has the following statuses, which includes Audit Mode:
- "Agent Outdated" substatus.
- Added an “Agent Outdated” substatus for Agents who are running version < 12.2. This is in order to highlight agents that do not support Managed AV and therefore cannot be managed by Managed AV.
- “Offline” substatus.
- Added “Offline” substatus for agents where Last Seen > 60 min. This is to understand why an agent has not recently scanned or has out-of-date definitions because it has not updated its status to Huntress.
- “Missing” registered AV status to identify 3rd Party AV on Windows Workstation OS.
- Added a “Missing” substatus for Registered Antivirus. This is to verify what 3rd party AVs are still registered to Windows but are not actually present on the host. This story is primarily related to a common scenario in which Webroot does not fully uninstall cleanly (it still appears to be registered to the OS but isn't actually installed or running).
- Huntress Recommended Defaults has now been enabled for all accounts in order to easily provision best-practice configuration settings for Managed AV.
-
Updated incident report and the Defender detection display on the MAV dashboard.
-
The MAV incident report display was updated to match the main Huntress dashboard incident report display, showing active and resolved MAV incidents.
-
Clicking on Resolved Incidents or Active Incidents will take the user to a pre-filtered view of the incidents reports table.
-
-
A “Defender Detections by Week” chart was added to the MAV dashboard.
-
A “View All Detections” button on the chart now takes users to all Defender detections for the given Org or Account
-
Threat Reports
- Updated the Monthly/Quarterly Threat Reports that Huntress sends to Partners.
- The monthly and quarterly Huntress Threat Reports have been updated to include additional Huntress service data. The 'Autoruns Reviewed' section of the report has been changed to 'Potential Threat Indicators' and now also considers Managed Antivirus (MAV) detections and Ransomware Canaries triggered. In addition to the threat data changes, other cosmetic and wording changes were made to highlight our Partner's security team, rather than Huntress directly.
- To provide Partners with requested incident metric data and highlight the value that Huntress provides, an Incident Summary page was added to the Threat Reports which breaks down incident data by severity, identifying service, virus types, and devices targeted
Ransomware Canaries
- Added an opt-out toggle for Partner Admins to opt-out of the Ransomware Canaries service across their account via the account settings. Opting out of the service will remove Ransomware Canaries from all hosts in the account. It may take several days for the removal to complete, and agents must be online for the files to be removed.
- Canaries V2 are currently undergoing Huntress Insider testing. V2 will be rolled out to all Partners later this Summer.
SSO / SAML
- Added additional features to support SSO/SAML rollout to Huntress customers:
- A UI was added for account administrators to setup SAML SSO. Partner Admins can specify the parameters required to set-up SAML for their account (SSO service URL, entity ID, certificate, etc).
- Account administrators can enable/disable SSO. This enables Partner Admins to disable/enable SSO without having to delete and re-create SSO details.
PSA Integrations
- Updated the ConnectWise Test Ticket Interface to have more clear error messaging to Partners when a test ticket can not be sent, such as when an Account is missing a default mapping.
- Improved usability of the PSA integration org mapping tables.
- When configuring explicit mappings for PSA integrations, it’s helpful to know and understand what mappings have been created and if there are additional configurations required without having to page through all mappings. This update provides admins with a visual cue to understand how many Huntress orgs still need to be mapped.
- Added the ability to send a test ticket via the Portal for the Kaseya BMS integrations.
- When setting up a PSA integration, it is helpful to have a test ticket sent so that an admin can validate that the integration is functional and have confidence that they will receive incident reports that are sent through the integration.
- Sending a test ticket was already available for ConnectWise manage; this capability has now been extended to other PSA integrations.
Partner Enablement Service (PES)
- Built a filter feature to allow users to search marketing assets within the PES dashboard using asset tags. Tags are defined and added to assets by the Huntress marketing team in order to organize/categorize assets.
Bug Fixes:
- Fixed a bug between the Huntress Portal and Huntress’s backend payment processing system that caused customers to be stuck in the activation state and not receive a Huntress invoice.
- Fixed an issue in the Autotask integration where the primary customer account was not available for selection when mapping Huntress organizations.
- Added a hostname check to the agent deduplication logic in order to determine agent uniqueness when an agent with the same hardware ID registers with the Portal.
- Customers using the Kaseya BMS Integration are now able to load more than 100 records when mapping to Huntress organization IDs. Pagination was added to improve Partner user experience and allow for more efficient page loads.
- Improved Partner user experience and allowed for more efficient page loads in the Portal for Partners with a 1000+ accounts in their Autotask integration.
- Fixed billing address validation checks on the Huntress subscription page, which was causing new customer sign-up issues.
- Changed billing address logic to only require a postal code for US and GB addresses.
Release Date: June 2021
Features:
SSO / SAML
- Added support at the Account level for Single Sign-On (SSO) with most SAML 2.0 providers, including Google Apps, Okta, Duo, and Microsoft 365/Azure AD. This is helpful to streamline user experience to reduce the number of accounts/passwords that need to be tracked and monitored by the partner; it may also potentially improve security by allowing users to consolidate accounts to a smaller set of strong MFA-enabled accounts rather than a myriad of weak passwords across all supported apps. Setup guide: SAML SSO Setup
Integrations
- Enabled Partners to configure their ConnectWise integration so that they could have their invoiced agents quantities synced to ConnectWise from the Portal. This allows partners using the ConnectWise interface to more easily know what to bill their customers without having to manually update billing quantities based on their Huntress monthly invoices. This billing integration is currently available to customers who reach out as a beta and will be rolled out to all customers in the future. For more information, please see our support page: ConnectWise Manage Billing Sync (Beta)
- Enhanced Datto Autotask PSA and Kaseya BMS integrations in order to support both default and explicit mappings between a Huntress Organization and a PSA company.
Partner Enablement Service (PES)
- We added an informational modal for Resellers that explains monthly vs annual billing options.
- To make it easier for Resellers to understand why we need a Credit card for monthly billing, and how they will be invoiced for annual billing, the team added an informational (i) icon on the revamped Subscription modal and the billing settings page.
- Huntress now allows Resellers to enter a purchase order (PO) number per annual subscription/contract
- To make billing and payments easier for customers, specifically, customers who want to pay via "push" ACH, we needed a way for them to add a PO number during checkout. The PO number entered then populates onto all invoices Huntress’s payment processing provider generates. This aids the accounting departments of Resellers and reduces manual communications for Huntress’s Finance department.
- Huntress now supports Affiliate, aka Referral, Partners. This new Partner type will be provided with a special purpose Reseller Dashboard, enabling AppSmart and their Sub Agents to refer Huntress to prospective customers. The program enables Affiliates to create accounts for prospective customers, start free trials, and receive commission payouts from Huntress when customers sign-up for service.
- In the future, Huntress will be enabling features to accommodate additional channel personas, such as Security Consultants and Incident Response Partners.
Managed Antivirus (Beta)
- Minor UI enhancements
- We made a few small adjustments to the Managed AV user interface, particularly in relation to an upcoming feature: Huntress Recommended Defaults
- Updated the Managed AV Detections table to improve the usability of the information showcased; this includes additional information columns, granular tael export, and an updated table layout.
MFA (2FA)
- Enabled recovery 2FA 'life raft' functionality at the Organization-level.
- We added the ability for account administrators and reseller administrators (on accounts that are Huntress Managed) to initiate the recovery process for organization users who have lost their 2FA credentials.
- Enforced 2FA/MFA
- Allowed account administrators under account settings to opt-in to 2FA enforcement, enforcing 2FA for all of their users.
- 2FA vulnerability fixes
- Restricted 2FA setup wizard to users who actually need to set up 2FA.
- Previously the 2FA setup wizard was accessible to anyone at any time. This was allowed for testing but created the potential for 2FA to be bypassed after logging in. This was done by navigating to the backup code and verification pages.
- Restricted 2FA setup wizard to users who actually need to set up 2FA.
- Stopped allowing users to disable 2FA when they belong to an account that enforces 2FA. Previously, if a user had belonged to 2 accounts, and one of the accounts didn’t enforce 2FA, they could disable their 2FA, even though the secondary account required it.
Agent Deduplication
- Huntress noticed that some partners save a deployed Huntress agent as a VM-baseline, and then clone the VM as needed. In these situations, only a single agent is shown under the Organization in the Portal versus an agent for each system. For Huntress agent 0.12.12 or higher, Huntress will now perform backend de-duplication of agents so that even when baseline systems are cloned, they will show up as separate hosts in the Portal.
Bug Fixes:
-
N/A
Release Date: May 2021
Features:
Managed Antivirus (Beta)
- New and Upcoming Feature: Huntress Recommended Defaults. This offers Huntress's security expertise to help enforce recommended settings to managed endpoints, providing a secure foundation to our Partners' configuration. These settings are part of an initial effort to roll Huntress's recommended settings to partners to ease overall management and maintain best-practice configuration and compliance.
- Huntress Recommended Defaults provide best practice configuration of Microsoft Defender security settings in Windows to take advantage of Microsoft Defender capabilities.
- Partners can now choose to Inherit Huntress Recommended Defaults at the Account level to easily set a base recommended configuration set, enabling the ability to easily set secure Defender best practices.
- This feature will be rolled out in phases, starting with new Huntress accounts and then to existing accounts (if you would like to this feature earlier, please contact support.
Note that the following are for Windows Server 2012+ and Windows 8 +
Managed Antivirus (Beta)
- Applied defaults for MAV quarantine and scan settings
- When MAV is set to Enforce, Huntress actively applies the following Microsoft Defender Quarantine configuration:
- Set "Configure removal of items from Quarantine folder" to disabled (matches Defender default setting). This is to ensure that Defender does not automatically remove files in quarantine, maintaining those files for future and potential investigation by the Huntress SOC if needed.
- When MAV is set to Enforce, Huntress actively applies the following Microsoft Defender Scanning defaults:
- Set "Scan archive files", "Scan network files", "Scan packed executables", and "Scan removable drives" to Enabled; (matches Defender default settings). This is to ensure that Defender has full scanning visibility to all aspects of the endpoint environment.
- When MAV is set to Enforce, Huntress actively applies the following Microsoft Defender Quarantine configuration:
- Applied defaults for MAV Network Inspection Service-related items.
- When MAV is set to Enforce, we apply the following Microsoft Defender Network Inspection settings:
- Set "Turn on definition retirement" and "Turn on protocol recognition" to enabled (matches Defender default settings). This is to ensure maximum security efficacy and resource utilization for the Network Inspection Service
- When MAV is set to Enforce, we apply the following Microsoft Defender Network Inspection settings:
- Updated hover text for Managed AV update (Windows 10 Home).
- For Windows 10 Home, the wording for the Hover text was "Not Compatible - Huntress does not currently support this OS." We have changed it to say "Not Compatible with Managed AV - Huntress Managed AV does not currently support this OS". This is to clarify that Windows 10 Home is only not compatible with Managed AV, but is still supported with other Huntress services.
- Allowed partners to suppress all notifications via the MAV settings interface.
- Users are now able to select whether or not they want end-user UI notifications from Microsoft Defender. This allows our partners to control the visibility of Defender alerts to prevent their users from being potentially alarmed by Defender notifications.
MFA (2FA)
- Huntress is releasing the ability to enforce multi-factor authentication (MFA) for all users in an account. This is a critical security feature that safeguards the Huntress platform from attempted brute-force intrusions.
- MFA/2FA will be enforced in August 2021 for all Huntress users.
- This MFA enforcement will include:
- Requiring Time-Based One-Time Passwords (TOTP) 2FA setup when registering a new account.
- Requiring existing users, within an MFA-enabled account, to set up MFA when logging in if not already set up.
- Requiring new users to set up MFA, when they are invited to join an existing account.
- Currently, this feature is in beta and can be enabled per account.
Integration
- Partners who use the ConnectWise integration can now send a test ticket to their default configured mapping. This helps partners verify that their PSA integration is functioning properly (the test button is located on the integrations settings page next to your ConnectWise integration).
Partner User Experience
- The Portal now displays host service pack information correctly for Windows 10 systems. This info is helpful for Partners and the Huntress SOC to understand the current OS version.
Bug Fixes:
Managed Antivirus
- Antivirus exclusion policy auditing was treating case sensitivity as a non-match on Windows hosts, resulting in policies showing ‘non-compliant in the portal. This is fixed by down-casing and de-duplicating each string before comparison, improving the accuracy of policy assessments.
Release Date: April 2021
Features:
Managed Antivirus (Beta)
- Introduced "3rd Party AV" status reasons for unhealthy defender endpoints to give context to partners that run other AV services on their endpoints.
- A Manual Signature Update button is available in the Huntress Dashboard to force a signature update as needed at the host level. Partners requested this MAV feature to ensure their endpoints were updated with the latest signatures.
- Default values were added to always receive signature updates from Microsoft Update and ensure signatures are checked for updates at every startup when MAV settings are in “Enforce” mode. This ensures that Defender Signatures are regularly updated on managed hosts.
Bug Fixes:
-
MAV CPU utilization is capped at 30% to prevent deleterious configuration settings that could negatively impact managed hosts.
- The Defender Detection Time in the Huntress Dashboard has been changed to display the timestamp for when the detection was logged by Defender instead of the time that Huntress first saw the detection event. This will clarify when a Defender detection was seen on a device that came from an infection before installing Huntress.
Comments
0 comments
Article is closed for comments.