Historical Huntress Agent and Platform Release Notes

Team: Huntress Mannged Endpoint Detection and Response (EDR)

Summary: Huntress updates detailed with features and bug fixes. 

For recent release notes, see Huntress Release Notes and Agent Version

Table of Contents

Historical Versions

2023   Jan   Feb   Mar   May   Jul   Aug   Sep  Oct   Nov  Dec

2022   Jan   Feb   Mar   Apr   May   Jun   Jul   Aug   Oct   Nov   Dec

2021   Apr   May   Jun   Jul   Aug   Sep   Oct   Nov   Dec

 

Historical Release Notes

Release Date: December 2023

Features:

Portal Platform

• Launched the new Command Center! The new homepage allows partners to streamline their security operations. Partners with both products will receive information about both Managed EDR and Managed ITDR from their home page. Key context that was previously absent from the EDR dashboard, such as Escalations and MAV data, is now surfaced.

Windows EDR

• Agent connectivity resilience: We want to be sure that our agents always stay in contact with Huntress, even in challenging situations. We’ve made improvements that ensure that will happen in cases where an endpoint’s configured DNS servers aren’t reachable; this most commonly happens if local active directory domain controllers are isolated as part of an incident. Our agent will now fall back to a public DNS service to maintain connectivity to Huntress, which is particularly crucial during a significant incident.

Managed ITDR

• We’ve added routine Microsoft 365 user license updates to ensure that no Huntress account gets incorrectly billed with Managed ITDR

• We've updated our Microsoft 365 license billing policy to exclude Microsoft 365 tenant-wide “exploratory” trial licenses from billing. This change is designed to enhance license management and ensure fair billing practices.

• We’ve released anomalous user location detections to counteract elusive unauthorized access from threat actors and stop attacks before damage is inflicted. We’re experiencing early success in detecting anomalous user locations, accounting for 37% of Microsoft 365 Security Incidents reported in the last two weeks.

• We’ve released anonymizing proxy and VPN detections to intercept deceptive threat actors' attempts to evade unauthorized access defenses. We’re experiencing early success detecting defense evasion via VPN, accounting for 15% of Microsoft 365 Security Incidents reported in the last two weeks.

• We’ve released credential stuffing detections to ensure users' first line of defense, their password, remains as effective as possible. We’re experiencing early success in detecting credential stuffing, accounting for 11% of Microsoft 365 Security Incidents reported in the last two weeks.

Security Awareness Training

• Huntress Managed Phishing is in general availability for all MSPs and paid mid-market customers. We often hear that admins don’t want to manage simulated phishing and would like to just put phishing “on autopilot.” This feature satisfies the need and takes it one step further: Huntress’ security experts steer the program on your behalf with monthly simulated phishing campaigns. Every enrolled learner will receive one email per month beginning in the month after they are enrolled. In keeping with best practices, messages are sent out over the course of the month rather than all at once and learners receive one of the several selected scenarios. Administrators get visibility into next month’s scenarios in the portal so that they can let their user-facing teams know what to expect in advance of messages getting sent and results of the campaign are included in monthly value reports.

• Start managed phishing and learning immediately, which allows prospects and new customers to start this month’s campaign/assignment right away rather than waiting for next month to start.
• Improvements to learner login experience have been made. We heard partner feedback and have made it easier for learners to log in. Magic links now last a full week rather than one hour. In addition, learners now have the option to authenticate with Microsoft without any admin set up required. 

Security Portal

• Signals Investigated is in Beta with the release of the Command Center! Investigated signals highlight potential security threats that a SOC analyst investigated to determine if an attacker has compromised an endpoint or identity. This is a proof of work feature that will allow all partners, but especially trialing and renewing partners, to see all the work the Huntress SOC has been doing for them. Read more about the feature and why it will be in Beta until mid-January 2024 here.

  • Multiple summary data charts were added to the Signals Investigated table. The charts give partners a breakdown of the most investigated signals, the status of the signals (reported vs. closed), and the different data sources the signals were generated from.

 

Bug Fixes:

Windows EDR

• Restart Loop Hotfix While working on other improvements, an issue caused our agent service to go into a restart loop on a small number of machines, so we created a hotfix to reverse the change.  

• Security fix We addressed an issue with our installer where it was possible to execute an incorrect file under specific circumstances. We recommend that customers only use our latest installer.   

• Defender Escalations We had turned off escalations that report that Windows Defender is disabled while we address an issue that caused them to be sent erroneously due to false positives. They are now active again.

• “Unknown” Defender status Fixed an issue where some fields in the UI showing Windows Defender status for specific agents were incorrectly showing “unknown”.

• Fixed an issue where the agent would log and send errors for expected conditions that didn’t need to be reported.
• We’ve improved how we handle legitimate software updates from certain known vendors to reduce the number of updates sent from agents to our servers. This will help ensure that we’re always processing and acting on data from our agents in a timely way as our agent population grows.

macOS

• Removed a line of text on the agent install page that said the macOS agent was still in Beta. This was old text from when the agent was in beta last year and is no longer true.

Managed ITDR

• Pre-existing inbox rule detection Addressed an issue where users' pre-existing inbox rules were not being analyzed for malicious activity. ALL users' pre-existing inbox rules have been scanned to ensure no detection gaps. Also addressed an issue where users' pre-existing inbox rules were not being automatically remediated via Huntress. Previously reported incidents have been regenerated to resolve the issue.

• Insufficient permissions identified Addressed an integration issue where 71 protected organizations lacked sufficient permissions to support assisted remediations; all impacted accounts have been notified.

• Trials can now view organization dashboard Addressed an issue where accounts only trialing Managed ITDR could not view their customers' Managed ITDR organization dashboard in the Huntress portal.

• Addressed an issue where Managed ITDR Huntress Escalations would not auto-resolve upon completion of Managed ITDR trials or subscriptions. Impacted Huntress Escalations have been resolved.

 

Release Date: November 2023

Features:

Portal

• Updated instructions on the Agent Installation page to make it easier to install the Huntress Agent.
• Enabled users to see the status of Windows Defender Firewall. On the EDR Dashboard, partners can now see how many hosts in their organization have the Windows Defender Firewall enabled. This visibility enabled partners to address an important security risk in organizations without another tool for managing Windows Defender Firewall.
• Allow Partners to Regenerate Account Key. Partners previously had to reach out to support to request their account key be reset. With this update, partners can self-serve, can now do this by themselves.
• ConnectWise billing integration can now be enabled by partner admins and no longer requires assistance from Huntress support to enable. This feature currently supports both Managed EDR and Managed ITDR billing. 

Incident Reports

• Added UTC timestamps for autorun investigations in multiple partner facing views in response to a partner request  that highlighted the limitations of only showing relative timestamps.

macOS

• Eligible Mac agents will now be isolated when the entire organization is isolated. Mac endpoints that have our new system extension installed, that enables host isolation, will now be isolated along with other hosts. This allows the Huntress SOC to protect macOS devices during a critical incident.
• Easily grant necessary privileges to our MacOS agent using your MDM. We now provide .mobileconfig files that partners can upload to their MDM to automatically create all of the necessary policies for the Huntress Agent for macOS to have full-disk access, allow host isolation, and support our future EDR.

Security Awareness Training

• Partners and customers now have a unified monthly report with a summary of: 

  • Learner enrollment/offboarding activity 
  • Completion rate stats for all assignments active last month 
  • A list of learners who have uncompleted learning 
  • Stats on simulated phishing campaigns
  • A list of learners who interacted with simulated phishing campaigns

  This report is available to all customers and partners under the Reports tab, to highlight the value delivered and note any exceptions that might warrant managerial intervention. 

  Automated email delivery of the report is also available by adding recipients to the Monthly Email Report list under the organization's Team settings page.
• Opt learners out of simulated phishing
  • When this flag is enabled on the Learners page for a specific learner(s), all currently scheduled and future campaigns will fail as “blocked” at time of send – even if the learners were enrolled in the campaign before. This feature is in general availability and available to all administrators.
• Custom branding in the learners dashboard
  • Custom logos can now be displayed on the Learner dashboard in addition to the existing customization of transactional email notifications and reports.

Bug Fixes:

Incident Reports

• Fixed bug that caused partner-facing incident report tables to not be sorted by Sent At descending; our users expect incident data to be sorted chronologically.
• Enabled Partner Organization Admins and Security Engineers to resolve incidents in bulk to expedite incident resolution. We failed to grant this permission when we initially released the bulk resolve feature to partners last month.
• Fixed a bug that was causing incidents with manual remediations, requiring a system reboot to stay active when all other remediations (including the reboot) had been completed

Potentially Unsecured Credential Signals

• Fixed a bug that prevented partners from exporting the CSV for potentially unsecured credential signals when one of their Huntress Organizations had been deleted.

 

Release Date: October 2023

Features:

Incident Reports

• Incident reports for accessing files with clear text passwords. We rolled out a proof of concept feature which sends partners a one-time notification via LOW severity incident reports when a user on their network is accessing a file that may contain clear text passwords. The Huntress Product and SOC teams are evaluating options to enable re-notification and partner opt-out capabilities. More to come!
  • UPDATE: New “Credential Reports” provide visibility into usage of plain text password files. Following up on a recent one-time notification, this provides Huntress partners with ongoing visibility into a very common, wildly insecure practice that should be mitigated. It provides the opportunity to introduce customers to more secure practices for credential management. Partners will need to opt-in to this feature to enable it. We’ve also added other management features like CSV exports and bulk resolution to make it easier to use. More details here.
• Updated incident report rejection reason options to be specific to the entity type. Options are based on whether it’s a user or an endpoint, making it easier on partners when selecting a reason and easier for the Huntress Product and SOC team to analyze.

Security Awareness Training

• Microsoft 365 API Insertion is now in GA. This feature allows partners to skip the cumbersome step of allow listing domains in phishing/spam filters for Microsoft 365 users. Huntress does this by creating messages directly in their inboxes through APIs rather than sending SMTP emails.
  • Note: This feature only bypasses filter-type email security products but does get caught by products that scan messages inside the inbox and wrap links, like Microsoft Defender for Office (P1 as included in Microsoft 365 Business Premium).
• Partners can now specify their own sender name and email address. Notifications and reminders for learning assignments can come from their trusted IT professionals rather than Curricula.
• QR code bait-link shortcode added to simulated phishing scenario creator. In response to reports of increasing use of QR codes in phishing emails to bypass email security product protections, we’re enabling SAT admins to create custom phishing scenarios that use QR codes for bait links so they can train users to recognize this new technique. Huntress R&D is building a scenario that will be available to everyone soon. In the meantime, you can benefit from the feature by using the new bait-link in a custom scenario using the phishing creator.

Windows EDR

• New “Credential Reports” provide visibility into usage of plain text password files. Following up on a recent one-time notification, this provides Huntress partners with ongoing visibility into a very common, wildly insecure practice that should be mitigated. It provides the opportunity to introduce customers to more secure practices for credential management. Partners will need to opt-in to this feature to enable it. We’ve also added other management features like CSV exports and bulk resolution to make it easier to use. More details here.

macOS

• Manual Host Isolation is now available for macOS devices. Like Host Isolation for Windows, this feature severs attacker access to a compromised host until it can be remediated, preventing expansion of an incident. This feature for macOS won’t have any automated triggers yet and must be manually isolated through the portal. Host Isolation is only available for macOS agents on version 0.13.72+, after the instructions have been followed to install and permission granted to the new system extension.
• We now support macOS Sonoma.

Incident Reporting

• Bulk incident resolution is now available for applicable incident reports. This time saving feature can help partners bulk action reports that do not require remediation actions. More information on this feature can be found here.
• Critical Incident Notifications (SMS text/call) now support International phone numbers! Partners can now input phone numbers from a variety of international locations, see the full list here.
• Partners who select voice call only for Incident Notifications can now verify landline numbers. Previously, the Huntress Portal only sent verification pin codes through text messages, but call verification is now supported. 

Bug Fixes:

• N/A

 

Release Date: September 2023

Features:

Platform

• Critical Incident notifications are here! The Huntress Portal now notifies account admins, who have opted-in, via text/call when the Huntress SOC sends a critical incident. This feature will hugely benefit our partners during off hours when they need to be notified ASAP of an incident. Check out our blog on the new feature!

SecOps

• Managed Microsoft 365 Identity Isolation feature is now available!. This automates the Microsoft 365 identity isolation when a SOC analyst sends the associated incident report in order to isolate compromised Microsoft 365 users. The feature also enables our partners to configure user/org level exclusions within Account Settings and filter incidents by managed response actions in the Portal.
• Partners can now isolate an entire Huntress Organization (network with multiple hosts) at once from the Organizations table if they are logged in as an Account Admin or Security Engineer role.

Bug Fixes:

• N/A

 

Release Date: August 2023

Features:

Portal Update

• Made slight improvements to the navigation to support multi-product workflows.

Host Isolation

• Enabled partners to bulk release isolation for all hosts in their organization. This is helpful for partners that have experienced a site wide attack and are in the process of recovery.
• Added a new Escalation type that will alert when an entire organization has been isolated. This escalation will send in tandem with the Incident Report that is currently sent due to the criticality of the incident.

External Recon

• Added the ‘Internal IP’ and ‘External IP’ columns to the Agents table to make correlating External Recon ports easier.

Security Awareness Training

• GA: Customers with Microsoft 365 integrations can now enable an option to exclude unlicensed identities when synchronizing learners. This is helpful to automatically ignore non-humans such as printers or backup appliances.
• BETA FEATURE: We have built an oauth based integration onboarding for Microsoft 365, Google, and Okta. This makes onboarding new accounts much faster and easier! For access to this feature, please contact your account manager.

Managed ITDR

• Enabled Microsoft 365 inbox rules to be deleted via Assisted Remediations to help partners delete nefarious inbox rules faster as part of the Huntress Incident resolution workflow.

Bug Fixes:

• N/A

Release Date: July 2023

Features:

Portal Updates

• Local Time Zones feature is fully live
• Security Engineer role has been added as a user permission
  • These users can perform most security functions such as host isolation or assisted remediation, but cannot view/edit billing

Incident Reports

• Moved entity information (hosts/user) to the top of incident reports to improve readability for partners.

Bug Fixes:

• N/A

 

Release Date: May 2023

Features:

Host Isolation

• Added a capability to cancel host isolation from the Host Overview page to provide analysts and partners a mechanism for undoing isolation tasks sent to the host.

 

Bug Fixes:

• N/A

 

Release Date: March 2023

Features:

• N/A

 

Bug Fixes:

• Fixed an issue that caused an unintended Huntress-initiated host reboot when partners opted to reboot manually during Assisted Remediations

• Resolved a bug where some Incident Reports weren’t automatically closing after their Remediation Plan completed

 

Release Date: February 2023

Features:

• N/A

 

Bug Fixes:

Agent Installer

• Resolved an issue where updates to Huntress Agents on 32-bit Windows received a 64-bit binary due to a build system error causing Huntress services to no longer run.

  • If you manage a Huntress Agent on a 32-bit Windows host that is on version 0.13.38 or below and is not updating, please reinstall the latest Huntress agent. Affected partners have been notified.

 

Release Date: January 2023

Features:

• Added messaging on the host overview page to prevent accidental manual host isolation by warning analysts and partner admins that a given host is excluded from Managed Host Isolation. A host can be excluded via specific exclusions in Account Settings OR by an account having disabled Managed Host Isolation.

• In Security Awareness Training, MSPs can now go to the partner-level Library and create custom content (with text, videos, links, and test questions) that is assignable to any and all customers.
  • Custom Content creation is set to enable a partner admin to create content once and publish it to all sub-accounts managed by the partner. 

 

Bug Fixes:

• We identified an issue that may have over reported the number of Changes Analyzed in the Huntress Monthly/Quarterly Threat Summary Reports. This issue has been fixed going forward, however it may mean that the “Changes Analyzed” quantity in your account and organization reports may appear to be out of typical ranges. There was no impact to the number of potential threat indicators, in-depth investigations, or incidents reported.

 

Release Date: December 2022

Features:

Security Awareness Training

• MSPs can now upload a logo and set color at the partner level to brand all Huntress Managed SAT emails that go to end customers without having to repeat it for each end-customer. Just go to the partner portal → settings → branding. MSPs can still drill down into customer organizations and override for individual customers if needed.

 

Bug Fixes:

Managed Defender

• Fixed an issue that could result in an endpoint being incorrectly marked as unhealthy due to Defender settings.

 

Release Date: November 2022

Features:

macOS

• The Huntress macOS Agent for Persistent Footholds is now generally available! For more information and details, please visit our Huntress macOS documentation: 

• • Huntress macOS Agent for Persistent Footholds FAQ
  • Installing the Huntress macOS Agent for Persistent Footholds
  • Full Disk Access for the macOS Huntress Agent

Managed Defender

• Added new logic to auto-remedy unhealthy endpoints due to scanning or signatures being out of date to reduce the amount of unhealthy endpoints without needing any partner interaction.
• Improved the logic we use to set Managed Defender policies to reduce the amount of non-compliant endpoints due to policies not applying properly.
  •  

 

Bug Fixes:

• N/A

 

Release Date: October 2022

Features:

Managed Defender

• Huntress Managed Defender now supports policy configuration for Windows 10 Home and Windows 11 Home

macOS

• Added macOS patch version for macOS agents into the portal. 
• Updated the monthly and quarterly reports to include information on macOS endpoints
• Added serial number to the portal Host view 
• Added the following parameters to the `Agents` API endpoint:
  • platform: The platform of the endpoint machine (darwin or windows)
  • os_patch_version: The patch version of the macOS update installed on the endpoint machine, such as 1 in version 12.5.1
  • serial number: The serial number of the endpoint machine as reported to the operating system
• Launched the macOS GUI installer and implemented foundational work to prepare for the upcoming GA rollout and end of Catalina support.

Integrations

• Implemented links to setup documentation on integration pages in order to make the documentation more accessible.

• Implemented support for specific company selection when sending test PSA tickets.

• Implemented additional mappings in ConnectWise in order to improve customer workflow experience within ConnectWise

 

Bug Fixes:

• N/A

 

Release Date: August 2022

Features:

Process Insights

• Process Insights is now Generally Available to all Huntress customers. See our press release for more details.

 

Bug Fixes:

• N/A

 

Release Date: July 2022

Features:

Managed Defender

• Managed Defender is now supported on Windows Server 2012 R2 endpoints with MDE - for more details, see our support article.

Huntress API

• The Huntress API provides programmatic access to your data in the Huntress Managed Security Platform. It’s designed to improve mapping and integration between MSP services, assist billing reconciliation and support operational dashboards.
• A new option, API Credentials, is now present under Account Settings in the Huntress Portal. A short wizard will help generate account credentials to authenticate requests for account data. Learn more about the Huntress API here: Huntress REST API

macOS

• Public Beta is now available for macOS!
• Special request is no longer needed to access the macOS agent. For access to the macOS agent install script, navigate to the top right hamburger menu in your Huntress Portal and go to “Download Agent”.  
• More information can be found with our macOS Beta FAQ 

 

Bug Fixes:

• N/A

 

Release Date: June 2022

Features:

Portal Updates

• To help MSPs that have dedicated finance and marketing staff apply the principle of least-privileged access, we have added two new roles at the account level. 

  • The new “Finance” role is limited to viewing past invoices, viewing Huntress invoices and receipts (including the invoice drill down showing agent breakdown by organization) as well as making updates to payment information, and billing contact. 
  • The Marketing role only allows access to the Partner Enablement System (PES). Neither of these roles have access to security reports, configurations, or access to customer organizations (unless explicitly added at the org level.) 

SSO

• SSO account-wide enforcement now requires successful user login before it can be enabled. This is to prevent account lockout.

 

Bug Fixes:

• N/A

 

Release Date: May 2022

Features:

API

• The Huntress API has been released into Public Beta which will allow partners to programmatically gather agent, organization and incident report data. Check out our blog for more information!  

Ransomware Canaries

• Partners can now add exclusions at the organization and endpoint level for Ransomware Canaries. Adding an exclusion will prevent canaries from being deployed on the excluded endpoints; excluded endpoints with existing canaries will have their canaries removed. Configuration options for exclusions can be found on the account settings page.

Role Based Access Control

• MSP org admins are now able to approve assisted remediations. Historically this was limited to account admins and reseller org admins. This change enables MSPs with co-managed customers and with staff members limited to a subset of customers to better leverage the Huntress platform.

macOS 

• Private Beta: The Huntress macOS agent is now available in private beta!  For more information, please check out this FAQ for more details, including how to be added to the private beta. 

 

Bug Fixes:

Managed Defender

• Bulk Manafed Defender scan actions will no longer result in an error when overlapping with endpoints already running a scan.

 

Release Date: April 2022

Features:

Process Insights

• Incidents with associated process detections or Managed Defender detections will now have assisted remediations automatically added if recommended. This functionality is available with Huntress agent v0.13.10+.

Managed Defender

• Managed Defender now supports user configuration for Removable Drive Scanning. 

ACH Payment Support

• ACH is now available as a payment method for US-based MSPs on 500+ agent plans. 

Portal User Experience

• Added Kaseya’s Business Mgmt. Solution for Asia Pacific customers (BMPS APAC) as a server dropdown option for the Kaseya BMS integration.
• Added manual remediation and resolution features to incident reports, enabling partners to close incident reports that do not have assisted remediations.
• Monthly and Quarterly Threat Summary reports as well as the weekly summaries now come from noreply@huntress.io to avoid partner confusion and spam email filtering
• The Exclusions portion of the Account Settings page now has a searchable, sortable, tabbed layout to make it easier for partners to configure a variety of exclusion types.

 

Bug Fixes:

SSO / MFA

• Resolved a potential security issue where account admins were able to bypass SSO/MFA by resetting their password. Using the reset password link in their email allowed the user to gain access to the Huntress console.

 

Release Date: March 2022

Features:

Portal User Experience

• Added a link to the incident report inside the emails and PSA tickets that Huntress sends to partners enabling MSP technicians to quickly lookup the associated report in the Portal.
• Added copy functionality to the SHA256 value on the collected files page to allow analysts and partners to easily copy and reference the SHA hash

 

Bug Fixes:

• N/A

 

Release Date: February 2022

Features:

Endpoint Isolation

• The newest version of the Huntress Agent 0.13.4 supports Windows Filtering Platform as a fallback Endpoint Isolation mechanism when GPO-based isolation fails.

SSO / MFA

• Single-Sign-On (SSO) SSO general availability is now available! Now, account administrators can enforce SSO for all account-level users and disable 2FA when SSO is enabled. For more information, please visit the SAML SSO Informational Page.

 

Bug Fixes:

• N/A

 

Release Date: January 2022

Features:

Endpoint Isolation

• Endpoints running the latest 0.12.44 agent and above will now verify their isolation status using a network connectivity check. If the endpoint fails to isolate, the Portal will communicate this clearly to partners and revert any changes to the host firewall and registry.

Ransomware Canaries

• New features to Ransomware Canaries will roll out to existing partners over the next several weeks and will be enabled by default. New features include:  
  • Additional canary file types: PDF and XLSX in addition to DOCX
  • System profile canaries
  • Embedding partner logos and support URLs into each canary file
  • EFS detection
  • Ability to disable canaries at an account level 
    • For more details, please refer to Huntress Blog and Product Support.

Portal User Experience

• Added a banner warning accounts with Windows Server 2008 non-R2 or Windows Vista agents that those OS versions will soon reach the end of support with Huntress. These operating systems will reach end-of-support on Feb 4th.
• Implemented detailed Threat Summary reporting at the Organization level 
  • This feature can be enabled via a setting called “Provide Detailed Organization Reporting” - when enabled, the organization-level reports will have the same detail as the account-level reports.
• Updated our individual “Service Dashboards” layout to distinguish visualizations.
  • We added “Service Banners” with the “Service Title” and a brief, on-click information popover which includes a link to our knowledge base to learn more.
• Introduced an “Agent Status” filter to both Account and Organization level Agents pages.
  • Filter agents by Unresponsive, Outdated, and Isolated states. As well as view “Service Exclusions,” e.g., Host Isolation.

SSO (BETA)

• Removed requirement forcing new SSO-enabled user accounts to pre-set their password prior to using SSO. 
• Account administrators can now enforce SSO for all account users. 
• Account administrations can also disable 2FA when SSO is both enabled and enforced.

•  

Ransomware Canaries

• Updates to Ransomware Canaries are currently being rolled out to all partners and accounts over the next several weeks. Accounts that are part of the rollout will now see a modal that provides more information on the changes. See here for more details.  

 

Bug Fixes:

• N/A

 

Release Date: December 2021

Features:

Escalations

• A Huntress Escalation is used to notify Huntress account administrators that something in their account requires attention.
  • The first supported Escalation type will be for misconfigured PSAs. Huntress will notify you via email if we cannot send an incident report.
• Escalations are not incident reports however they do have severities (low, high, critical) associated with them that dictate an expected response time. If no response is received account administrators will be re-notified.

SSO (Beta)

• Added a link to Single Sign On (SSO) on the Huntress login page. SSO-enabled users can now log in using the link to "Sign in with SSO" from the Huntress login page. SSO is currently behind a feature flag and target to be released for GA in 2022 Q1.  If you are interested in enabling SSO (currently in beta), please reach out to Huntress Support.   

ServiceNow

• Removed ServiceNow integration to await further development

Endpoint Isolation

• Added a ‘Endpoint Isolation Recommended’ filter option to the Incident Report table which allows users to search for all incident reports where Huntress recommended endpoint isolation.
  • Note: Endpoint isolation does not always occur due to account opt-outs, endpoint exclusions and Huntress SOC overrides.

Ransomware Canaries

• Ransomware Canaries is now enabled by default for all new customer accounts and trials with additional functionality. This new functionality includes:  
  • Additional canary file types: PDF and XLSX in addition to DOCX
  • System profile canaries
  • Embedding partner logos and URLs into each canary file
  • EFS detection
  • An ability to disable canaries at an account level 
• Note: a future rollout is planned for existing partners to receive new functionality.  

 

Bug Fixes:

Portal User Experience 

• Added frontend validation to require the e-mail address field to be filled out when partner admins add new users to their account.
• Fixed a problem where Partners would see “You are not authorized to perform that action” when viewing host details pages 

 

Release Date: November 2021

Features:

Managed Defender

• Added a filter option to the Managed Defender Dashboard for ‘Other AV'
  • This filter option allows admins to see a list of all hosts observed running another antivirus solution that is not Microsoft Defender.
• Updated Managed Defender Health status for Windows 8.1 and Windows Server 2016
  • Windows 8.1 and Windows Server 2016 endpoints are deemed Healthy if their NISEngineVersion == 2.1.14600.4 and the NISSignatureVersion == 119.0.0.0. Because this NIS Engine / Signature version is the latest available for these operating systems, these endpoints are now marked Healthy even without recent updates.
  • An informational popover is also shown when this condition appears to help admins understand why the endpoint is Healthy without a recent update.
• Moved the Managed Defender service shield icon up in the Huntress dashboard sidebar, making it more easily accessible under the Persistent Footholds section.

Portal User Experience

• Required a comment to be entered for rejected Assisted Remediation plans. Huntress SOC analysts need to know why a given remediation plan is being rejected by a partner so that they can update the incident report appropriately.
• Windows 11 is now officially supported and is identified correctly in the Portal

 

Bug Fixes:

Managed Defender

• Fixed bug where the Managed Microsoft Defender Detections tab was not present on the Organization’s Infection Report

  • Managed Microsoft Defender Detections were present within the Account > InfectionReport > Show page click path, but not within the Organization > InfectionReport > Show page click path. Managed Microsoft Defender Detections are now seen in both paths.

Portal User Experience

• Fixed a bug where ConnectWise billing syncs were failing for companies that had more than one addition. This is for accounts that have the CW Billing integration feature enabled; please reach out to support if you would like more information.

 

Release Date: October 2021

Features:

Managed Defender

• Added Service Status to the Antivirus Product details in the Managed Defender Endpoint page.

  • This allows Huntress to identify the status of any antivirus running on a Windows machine, including Windows Server where Microsoft Security Center is not available.
  • Windows Servers are now marked as Unmanaged when Defender is not running and an additional AV is detected through the new Service Status.
  • Admins can now see both the Microsoft Security Center status and the Service Status of running antivirus products. This additional information will also help troubleshoot situations where there are conflicting antivirus products on a system.
• Added ability to update Policy Mode (Audit/Enforce) at Account and Org Levels 

  • The policy mode is now part of the configuration policy for an Account or an Org that can be inherited just like any other configuration policy setting. This is so that when new endpoints are onboarded into an existing Account/Org, they can immediately receive the Policy Mode for that Account/Org without having to take additional manual steps.  

• Added Inherit Policy Mode bulk action 
  • This new bulk action allows admins to apply this inheritance setting across multiple endpoints from the Managed Defender dashboard table rather than having to update inheritance by drilling down into each host.  
• Added ability to perform Signature Update and Scan for Windows 10 Home 
  • This allows admins to perform the following actions on Windows 10 Home endpoints at both the host level and as a Bulk Action in the Account/Org Managed Defender dashboards:
    • Manual Signature Update
    • Manual Quick or Full Scan

  • Windows 10 Home will continue to be Incompatible for now due to group policy limitations for enforcing policy configuration settings. 

Portal User Experience

• Updated the Integrations page and “Send Test” modal to contain more information when errors have occurred with a PSA Integration.
  • This will make it easier for Partners to identify and fix problems with their PSA integration configuration.
• Removed Ninja RMM from the list of available integrations.
  • See our support article for more information about why this integration is no longer needed
• Updated the Portal’s support documentation links to point to Zendesk, Huntress’s new product support platform.
  • Huntress recently migrated support documentation to Zendesk from Helpscout. To ensure users are directed to the correct resources these links were changed on the Managed Defender dashboard and within the hamburger dropdown menu at the top right corner of the Portal.

Endpoint Isolation (Beta)

• Endpoint Isolation is moving into Public Beta! All accounts should have these features available by 10/20.
• Automated and manual endpoint Isolation can limit the spread of a cyber attack, quarantining the infected endpoint from the rest of the network. 
• Partners can opt into Automated Endopoint Isolation for their account within Settings. 
• Opting into Automated Endpoint Isolation authorizes Huntress to isolate endpoints when critical malware, such as ransomware, is detected.
  • Exclusions can be configured within Account Settings to exclude entire organizations or specific endpoints from automated isolation events.
• Isolated Endpoints will be released from isolation when the associated incident is resolved.
• Manual Endpoint isolation features are also available from the host overview page.

Bug Fixes:

• N/A

 

Release Date: September 2021

Features:

Managed Defender

• Added a Managed Defender detector that looks for remediation recommendations from Microsoft Defender so they can be used as Assisted Remediation steps

• Enabled Managed Defender detection filtering from Managed Defender Needs Review, Account, Organization, and Endpoint detection tables so that it’s easier for partners and the Huntress SOC to see specific types of detections.
• Updated Managed Defender endpoint page with new layout
  • The Managed Defender endpoint page is restructured and formatted to make the status of Managed Defender for the endpoint clearer to end-users. This includes rearranging table order and table layout within the Managed Defender endoint page.
  • The Managed Defender endpoint page has also added an indicator to show the number of policy settings that are out of compliance 
• Added ability to delete file upon reboot 
  • In some situations, incident reports get hung because normal file deletion cannot be completed because the file is in use when we attempt to delete the file. This capability allows us to mark the file for deletion upon reboot if the normal deletion fails. When the machine is finally rebooted, the delete file task can be successfully completed and the report can be closed.

Assisted Remediation

• Added an assisted remediation option for a full scan to Managed Defender incident reports

  • There are some cases where Microsoft Defender recommends a full scan to entirely clear the malware infection.

• Allowed for Reboot and Full Scan Remediations to be added to assisted remediation plans

 

Bug Fixes:

Managed Defender

• Corrected Managed Defender detection numbers for Monthly/Quarterly Reports 
• Corrected sorting Last Seen column by date for Managed Defender dashboard
• Corrected task status of Delete Scheduled Task 
  • Delete scheduled task playbook items now report that the Delete Scheduled Task succeeded when the file associated with the scheduled task is not found. This corrects the user experience where a delete scheduled task appears as though it failed but in reality, the file is already gone.

 

Release Date: August 2021

Features:

Managed Defender

• Huntress SOC workflow to investigate high impact Microsoft Defender detections
  • New Huntress SOC workflow now allows SOC Analysts to investigate high impact Microsoft defender detections and deliver a Managed Defender incident report to email and/or existing PSA integrations based on the outcome of the investigation
  • Huntress SOC can also pull in quarantined files and artifacts from agents above 0.12.18 to support their Managed Defender investigation 

Scans

• Retired Weekly Full Scans due to updated recommendations. 
  • Based on research from the Huntress R&D team, running scheduled Full Scans is no longer recommended by Microsoft. Therefore, Huntress is updating its own recommendation to not regularly run a Defender Full Scan.
• Updated Unhealthy "Scan Required" substatus logic
  • An endpoint is now marked as Unhealthy due to "Scan Required" substatus when either a Quick or Full Scan has not run in the last 14 days. Based on recent scanning research, a Quick Scan is also run as part of a Full Scan; this change clears up recent confusion where hosts were deemed as Unhealthy because a Full Scan was run without updating the Quick Scan time.
• Updated portal so that a single "Last Scan Time" column reflects both Quick OR Full Scan Time.
  • Because Full Scans are now manual only and reserved for when absolutely necessary (see above), this also resulted in retiring the “Last Full Scan” column in the MAV table. Time of Last Full Scan is still available in the Managed Defender endpoint view.
• Added hover on the "Scheduled Scans" table for failed status that shows failure details.
  • Additional failure information details are now available when a manual scan cannot complete; this allows administrative users to have more information to help understand why a manual scan fails.
• Added bulk actions capability for Full Scan, Quick Scan, and Signature Updates
  • This provides the ability to easily take necessary action for multiple endpoints. Admins can first sort on which endpoints need a scan or update, then easily run that action for multiple endpoints.

Incident Reports and Assisted Remediation

• Added task for agent to reboot the endpoint 

  • The agent now has the ability to task a reboot in preparation for Assisted Remediation actions for Managed Defender. Additional work is still needed to add endpoint reboot as an Assisted Remediation action into an incident report.
• Huntress Incident Reports now display the logged-in user who approved the Assisted Remediation actions. 
• The details within Exchange Incident Reports were updated to account for the new ProxyShell vulnerability disclosed in August. This helps partners understand the reports they are receiving and not confuse them with the previous Exchange vulnerability from March 2021.

Partner User Experience (Dashboard)

• Added a popup warning modal for manual Full Scans 
  • Due to the resource intensive nature of full scans on managed endpoints, this popup modal provides awareness of the potential impact prior to queuing up a scan.
  • This appears for Manual Full Scan in the Endpoints view as well as Manual Full Scan Bulk Selection in the main Managed Defender Dashboard table.
  • In addition, this modal also calls out the inability to run manual scans for incompatible OSs.
• Added a substatus column in Account View
  • This column provides additional context to the health state of the managed endpoints 
• Added an informational popover to Managed Defender account / org views that defines "Reported Detection”
  • On the Managed Defender account/organizational dashboard, there is a detections graph that shows Managed Defender detections vs reported detections; this popover provides definition and clarification of these items.
• Huntress removed the Exchange vulnerability dashboard notification pop-up for new users. This was a notification that was added after the Exchange vulnerability event back in March 2021.
• Updated default sorting of Detections Table based on most recent detection.
  • This helps Partners quickly see the most recent Managed Defender detections in their environment.
• Added "Unmanaged" as an additional primary Status.
  • This allows partners to easily identify endpoints already managed by another AV.
• Added Health Substatus column to the Managed Defender endpoints table.
  • Allows partners to view the Health Substatus for endpoints in order to easily identify what actions need to be taken
• Added a Managed Defender Substatus filter.
  • Allows partners to limit the endpoint list view based on status in order to assist on specific workflows, such as running a bulk signature update for out-of-date endpoints.
• Added an Organization column to the Managed Defender Account View.
  • Allows account-level users to clearly identify what hosts belong to what organizations.
• Added a "Reported Detections" plotline to Managed Defender Dashboard Detections Graph.
  • This allows partners to know and understand how many detections were included in an incident report in a given week compared to the Total Detections.

Partner Enablement Service (PES)

• Developed Asset Collections, enabling the Huntress Marketing team to group related content together within one Asset, similar to a folder. Assets can be downloaded individually or all together from a Collection. This makes it so Partners no longer have to download entire zip files from PES.

Threat Summary Reports

• Account admins now receive a more detailed threat summary report, which includes a breakdown of each Huntress service (Footholds, Canaries, Managed Defender, Incident Summary).

  • Partners can now generate reports using a custom date range (up to 90 days)!
• Created new Detailed Threat Reports at the account level that includes additional pages geared towards account admins / MSP owners. The new pages include an Incident Log for all critical/high incidents and a Managed Defender page, detailing detection triage data. These reports provide account users detailed threat data on the variety of services that Huntress offers.
• Added the ability for Partners to specify custom Threat Report timeframes, to better customize reports for their end-users.

 

Bug Fixes:

Billing

• Fixed Partner accounts that were affected by cross-month billing errors within Huntress’s payment processing system.

 

Release Date: July 2021

Features:

Incident Reports

• The Managed Defender detector framework is tuned and refined in preparation for sending a limited set of actionable Managed Defender Incident Reports to partners. Delivery of a limited set of actionable Managed Defender incident reports will begin around the week of July 26 to existing account integrations. This will include detections that have a ‘quarantine/remove failed’ threat status and will only apply for hosts in Managed Defender Enforce mode. 

Scans

• Manual Full Scanning is now available for all hosts. This allows partners to trigger an ad-hoc full scan in cases where a full scan has not been performed or if there is a significant event that would warrant running an immediate Full Scan.  

Partner User Experience (Dashboard) for Managed Antivirus

• “Mode” column and “Policy Status” column are now merged to simplify how admins determine why a host is Non Compliant. 
  • The Policy Status column now has the following statuses, which includes Audit Mode:
    • Audit: Host is in Audit Mode (no compliance status)
    • Compliant: Host is in Enforce Mode; current settings match the configuration policy
    • Not Compliant: Host is in Enforce Mode; current settings do not match the configuration policy
    • Pending: Host is in Enforce Mode; policy status has changed, waiting for the endpoint to take on the new configuration changes.
    • Unknown: Host has not checked in or does not have a survey with Managed Defender details
  • Compliant / Non Compliant are now treated as sub statuses of Enforce mode in the UI.
• "Agent Outdated" substatus. 
  • Added an “Agent Outdated” substatus for Agents who are running version < 12.2. This is in order to highlight agents that do not support Managed Defender and therefore cannot be managed by Managed Defender.
• “Offline” substatus. 
  • Added “Offline” substatus for agents where Last Seen > 60 min. This is to understand why an agent has not recently scanned or has out-of-date definitions because it has not updated its status to Huntress.
• “Missing” registered AV status to identify 3rd Party AV on Windows Workstation OS. 
  • Added a “Missing” substatus for Registered Antivirus. This is to verify what 3rd party AVs are still registered to Windows but are not actually present on the host. This story is primarily related to a common scenario in which Webroot does not fully uninstall cleanly (it still appears to be registered to the OS but isn't actually installed or running).
• Huntress Recommended Defaults has now been enabled for all accounts in order to easily provision best-practice configuration settings for Managed Defender. 

• Updated incident report and the Defender detection display on the Managed defender dashboard. 

  • The Managed Defender incident report display was updated to match the main Huntress dashboard incident report display, showing active and resolved Managed Defender incidents.

  • Clicking on Resolved Incidents or Active Incidents will take the user to a pre-filtered view of the incidents reports table.

• A “Defender Detections by Week” chart was added to the Managed Defender dashboard. 

  • A “View All Detections” button on the chart now takes users to all Defender detections for the given Org or Account

Threat Reports

• Updated the Monthly/Quarterly Threat Reports that Huntress sends to Partners. 
  • The monthly and quarterly Huntress Threat Reports have been updated to include additional Huntress service data.  The 'Autoruns Reviewed' section of the report has been changed to 'Potential Threat Indicators' and now also considers Managed Defender (MAV) detections and Ransomware Canaries triggered. In addition to the threat data changes, other cosmetic and wording changes were made to highlight our Partner's security team, rather than Huntress directly.
  • To provide Partners with requested incident metric data and highlight the value that Huntress provides, an Incident Summary page was added to the Threat Reports which breaks down incident data by severity, identifying service, virus types, and devices targeted 

Ransomware Canaries

• Added an opt-out toggle for Partner Admins to opt-out of the Ransomware Canaries service across their account via the account settings. Opting out of the service will remove Ransomware Canaries from all hosts in the account. It may take several days for the removal to complete, and agents must be online for the files to be removed. 
• Canaries V2 are currently undergoing Huntress Insider testing. V2 will be rolled out to all Partners later this Summer.

SSO / SAML

• Added additional features to support SSO/SAML rollout to Huntress customers:
  • A UI was added for account administrators to setup SAML SSO. Partner Admins can specify the parameters required to set-up SAML for their account (SSO service URL, entity ID, certificate, etc).
  • Account administrators can enable/disable SSO. This enables Partner Admins to disable/enable SSO without having to delete and re-create SSO details.

PSA Integrations

• Updated the ConnectWise Test Ticket Interface to have more clear error messaging to Partners when a test ticket can not be sent, such as when an Account is missing a default mapping. 
• Improved usability of the PSA integration org mapping tables. 
  • When configuring explicit mappings for PSA integrations, it’s helpful to know and understand what mappings have been created and if there are additional configurations required without having to page through all mappings. This update provides admins with a visual cue to understand how many Huntress orgs still need to be mapped.
• Added the ability to send a test ticket via the Portal for the Kaseya BMS integrations.
  • When setting up a PSA integration, it is helpful to have a test ticket sent so that an admin can validate that the integration is functional and have confidence that they will receive incident reports that are sent through the integration.
  • Sending a test ticket was already available for ConnectWise manage; this capability has now been extended to other PSA integrations. 

Partner Enablement Service (PES)

• Built a filter feature to allow users to search marketing assets within the PES dashboard using asset tags. Tags are defined and added to assets by the Huntress marketing team in order to organize/categorize assets. 

 

Bug Fixes:

• Fixed a bug between the Huntress Portal and Huntress’s backend payment processing system that caused customers to be stuck in the activation state and not receive a Huntress invoice.
• Fixed an issue in the Autotask integration where the primary customer account was not available for selection when mapping Huntress organizations.
• Added a hostname check to the agent deduplication logic in order to determine agent uniqueness when an agent with the same hardware ID registers with the Portal.
• Customers using the Kaseya BMS Integration are now able to load more than 100 records when mapping to Huntress organization IDs.  Pagination was added to improve Partner user experience and allow for more efficient page loads.
• Improved Partner user experience and allowed for more efficient page loads in the Portal for Partners with a 1000+ accounts in their Autotask integration. 
• Fixed billing address validation checks on the Huntress subscription page, which was causing new customer sign-up issues.
• Changed billing address logic to only require a postal code for US and GB addresses. 

 

Release Date: June 2021

Features:

SSO / SAML

• Added support at the Account level for Single Sign-On (SSO) with most SAML 2.0 providers, including Google Apps, Okta, Duo, and Microsoft 365/Azure AD. This is helpful to streamline user experience to reduce the number of accounts/passwords that need to be tracked and monitored by the partner; it may also potentially improve security by allowing users to consolidate accounts to a smaller set of strong MFA-enabled accounts rather than a myriad of weak passwords across all supported apps. Setup guide: SAML SSO Setup

Integrations

• Enabled Partners to configure their ConnectWise integration so that they could have their invoiced agents quantities synced to ConnectWise from the Portal. This allows partners using the ConnectWise interface to more easily know what to bill their customers without having to manually update billing quantities based on their Huntress monthly invoices. This billing integration is currently available to customers who reach out as a beta and will be rolled out to all customers in the future. For more information, please see our support page: ConnectWise Manage Billing Sync (Beta)
• Enhanced Datto Autotask PSA and Kaseya BMS integrations in order to support both default and explicit mappings between a Huntress Organization and a PSA company. 

Partner Enablement Service (PES)

• We added an informational modal for Resellers that explains monthly vs annual billing options.
  • To make it easier for Resellers to understand why we need a Credit card for monthly billing, and how they will be invoiced for annual billing, the team added an informational (i) icon on the revamped Subscription modal and the billing settings page. 
• Huntress now allows Resellers to enter a purchase order (PO) number per annual subscription/contract 
  • To make billing and payments easier for customers, specifically, customers who want to pay via "push" ACH, we needed a way for them to add a PO number during checkout. The PO number entered then populates onto all invoices Huntress’s payment processing provider generates. This aids the accounting departments of Resellers and reduces manual communications for Huntress’s Finance department.
• Huntress now supports Affiliate, aka Referral, Partners. This new Partner type will be provided with a special purpose Reseller Dashboard, enabling AppSmart and their Sub Agents to refer Huntress to prospective customers. The program enables Affiliates to create accounts for prospective customers, start free trials, and receive commission payouts from Huntress when customers sign-up for service. 
  • In the future, Huntress will be enabling features to accommodate additional channel personas, such as Security Consultants and Incident Response Partners.

Managed Defender (Beta)

• Minor UI enhancements
  • We made a few small adjustments to the Managed Defender user interface, particularly in relation to an upcoming feature: Huntress Recommended Defaults
  • Updated the Managed Defender Detections table to improve the usability of the information showcased; this includes additional information columns, granular tael export, and an updated table layout. 

MFA (2FA)

• Enabled recovery 2FA 'life raft' functionality at the Organization-level.
  • We added the ability for account administrators and reseller administrators (on accounts that are Huntress Managed) to initiate the recovery process for organization users who have lost their 2FA credentials.
• Enforced 2FA/MFA
  • Allowed account administrators under account settings to opt-in to 2FA enforcement, enforcing 2FA for all of their users.
• 2FA vulnerability fixes
  • Restricted 2FA setup wizard to users who actually need to set up 2FA.
    • Previously the 2FA setup wizard was accessible to anyone at any time. This was allowed for testing but created the potential for 2FA to be bypassed after logging in. This was done by navigating to the backup code and verification pages.
• Stopped allowing users to disable 2FA when they belong to an account that enforces 2FA. Previously, if a user had belonged to 2 accounts, and one of the accounts didn’t enforce 2FA, they could disable their 2FA, even though the secondary account required it.

Agent Deduplication

• Huntress noticed that some partners save a deployed Huntress agent as a VM-baseline, and then clone the VM as needed. In these situations, only a single agent is shown under the Organization in the Portal versus an agent for each system. For Huntress agent 0.12.12 or higher, Huntress will now perform backend de-duplication of agents so that even when baseline systems are cloned, they will show up as separate hosts in the Portal.

 

Bug Fixes:

• N/A

 

Release Date: May 2021

Features:

Managed Defender (Beta)

• New and Upcoming Feature: Huntress Recommended Defaults. This offers Huntress's security expertise to help enforce recommended settings to managed endpoints, providing a secure foundation to our Partners' configuration. These settings are part of an initial effort to roll Huntress's recommended settings to partners to ease overall management and maintain best-practice configuration and compliance. 
  • Huntress Recommended Defaults provide best practice configuration of Microsoft Defender security settings in Windows to take advantage of Microsoft Defender capabilities.
  • Partners can now choose to Inherit Huntress Recommended Defaults at the Account level to easily set a base recommended configuration set, enabling the ability to easily set secure Defender best practices.
  • This feature will be rolled out in phases, starting with new Huntress accounts and then to existing accounts (if you would like to this feature earlier, please contact support.

Note that the following are for Windows Server 2012+ and Windows 8 +

Managed Defender (Beta)

• Applied defaults for Managed Defender quarantine and scan settings
  • When Managed Defender is set to Enforce, Huntress actively applies the following Microsoft Defender Quarantine configuration: 
    • Set "Configure removal of items from Quarantine folder" to disabled (matches Defender default setting). This is to ensure that Microsoft Defender does not automatically remove files in quarantine, maintaining those files for future and potential investigation by the Huntress SOC if needed.  
  • When Managed Defender is set to Enforce, Huntress actively applies the following Microsoft Defender Scanning defaults: 
    • Set "Scan archive files", "Scan network files", "Scan packed executables", and "Scan removable drives" to Enabled; (matches Defender default settings). This is to ensure that Defender has full scanning visibility to all aspects of the endpoint environment. 
• Applied defaults for Managed Defender Network Inspection Service-related items.
  • When Managed Defender is set to Enforce, we apply the following Microsoft Defender Network Inspection settings: 
    • Set "Turn on definition retirement" and "Turn on protocol recognition" to enabled (matches Defender default settings). This is to ensure maximum security efficacy and resource utilization for the Network Inspection Service
• Updated hover text for Managed Defender update (Windows 10 Home).
  • For Windows 10 Home, the wording for the Hover text was "Not Compatible - Huntress does not currently support this OS." We have changed it to say "Not Compatible with Managed Defender - Huntress Managed Defender does not currently support this OS". This is to clarify that Windows 10 Home is only not compatible with Managed Defender, but is still supported with other Huntress services. 
• Allowed partners to suppress all notifications via the Managed Defender settings interface.
  • Users are now able to select whether or not they want end-user UI notifications from Microsoft Defender. This allows our partners to control the visibility of Defender alerts to prevent their users from being potentially alarmed by Microsoft Defender notifications.

MFA (2FA)

• Huntress is releasing the ability to enforce multi-factor authentication (MFA) for all users in an account. This is a critical security feature that safeguards the Huntress platform from attempted brute-force intrusions.
  • MFA/2FA will be enforced in August 2021 for all Huntress users. 
• This MFA enforcement will include:  
  • Requiring Time-Based One-Time Passwords (TOTP) 2FA setup when registering a new account.
  • Requiring existing users, within an MFA-enabled account, to set up MFA when logging in if not already set up.
  • Requiring new users to set up MFA, when they are invited to join an existing account.
• Currently, this feature is in beta and can be enabled per account.

Integration

• Partners who use the ConnectWise integration can now send a test ticket to their default configured mapping. This helps partners verify that their PSA integration is functioning properly (the test button is located on the integrations settings page next to your ConnectWise integration). 

Partner User Experience

• The Portal now displays host service pack information correctly for Windows 10 systems. This info is helpful for Partners and the Huntress SOC to understand the current OS version. 

 

Bug Fixes:

Managed Defender

• Antivirus exclusion policy auditing was treating case sensitivity as a non-match on Windows endpoints, resulting in policies showing ‘non-compliant in the portal. This is fixed by down-casing and de-duplicating each string before comparison, improving the accuracy of policy assessments.

 

Release Date: April 2021

Features:

Managed Defender (Beta)

• Introduced "3rd Party AV" status reasons for unhealthy defender endpoints to give context to partners that run other AV services on their endpoints.
• A Manual Signature Update button is available in the Huntress Dashboard to force a signature update as needed at the endpoint level. Partners requested this Managed Defender feature to ensure their endpoints were updated with the latest signatures.
• Default values were added to always receive signature updates from Microsoft Update and ensure signatures are checked for updates at every startup when Managed Defender settings are in “Enforce” mode. This ensures that Defender Signatures are regularly updated on managed endpoints.

 

Bug Fixes:

• Managed Defender CPU utilization is capped at 30% to prevent deleterious configuration settings that could negatively impact managed hosts.

• The Microsoft Defender Detection Time in the Huntress Dashboard has been changed to display the timestamp for when the detection was logged by Defender instead of the time that Huntress first saw the detection event. This will clarify when a Microsoft Defender detection was seen on a device that came from an infection before installing Huntress.