Overview
When managing cybersecurity in a regulated environment, certain capabilities are required for handling files containing sensitive data during threat detections. For example, retrieving files for malware investigations could unwittingly expose sensitive information.
Recognizing this challenge, Huntress built our new Sensitive Data Mode—a configuration designed to strike the perfect balance between effective threat investigation and compliance requirements.
In this Article
Huntress' Sensitive Data Mode Explained
Enabling and Disabling Sensitive Data Mode
Blocked Extensions List
Huntress' Sensitive Data Mode Explained
Here is what the new mode delivers to help you support regulated clients:
1. Blocking SOC Access to Potential CUI Data
Specific Impact on Endpoint Investigations
Huntress now enables organizations to block our Security Operations Center (SOC) from accessing files and data likely to contain CUI (Controlled Unclassified Information) during investigations. Huntress blocks high-risk file types (e.g. documents, spreadsheets, CAD files) from being retrieved during investigations. This measure reduces risk and protects compliance objectives.
Specific Impact on Identity Investigations
Huntress Managed Identity Threat Detection and Response (ITDR) has the ability to detect mass outbound emails from a user. In order to confirm a business email compromise (BEC), we alert when a user has sent email at a frequency which is abnormally high. In normal operation, our SOC has the ability to view the contents of those emails to verify they are malicious before taking measures to contain the threat. When Sensitive Data Mode is enabled for an organization, our SOC will be blocked from viewing the contents of these emails utilizing the Mail.ReadWrite permission for our app.
2. Effective Threat Detection for Analysts
Huntress analysts can still retrieve and analyze executable files, scripts, or other non-sensitive file types often associated with malicious activity. This means we can continue to deliver critical incident reports at 99% accuracy without compromising compliance.
Enabling and Disabling Sensitive Data Mode
Enabling Sensitive Data Mode
Sensitive Data Mode must be enabled per-organization. To enable Sensitive Data Mode, simply open a support request for it to be enabled and include the organization(s) you need it enabled for. If you or your client’s environments require additional extensions added to the list of Blocked Extensions, please include this information in your request.
Disabling Sensitive Data Mode
Sensitive Data Mode can not be disabled by our SOC nor our Support Team. If you wish to disable Sensitive Data Mode, please open a support ticket with the request. This ticket will be escalated to our Leadership team for review.
Blocked Extensions List
Below you will find a list of all extensions blocked by Sensitive Data Mode.
| Blocked Extension | Description | Category |
| .3dm | Rhinoceros CAD 3d model format | CAD |
| .3dmxl | 3D XML-based file format | CAD |
| .3mf | 3D printing format | CAD |
| .7zip | Container file that bundles multiple files together | Data |
| .asc | ASCII plain text file | Document |
| .asm | Assembly language source code | Document |
| .bak | Generic backup file | Document |
| .bmp | Bitmap Image File | Image |
| .catdrawing | Dassault Systèmes' CATIA 2D technical drawing software | CAD |
| .catpart | Dassault Systèmes' CATIA 3D model file | CAD |
| .catproduct | Dassault Systèmes' CATIA links 3D models together | CAD |
| .cgr | Dassault Systèmes' CATIA fast loading 3D view-only file | CAD |
| .csv | Comma Separated Values File | Spreadsheet |
| .ctb | AutoCAD file for maintaining printing standards | CAD |
| .dbf | Database File | Database |
| .dcs | Desktop Color Separation file | Document |
| .dif | Data Interchange Format File | Spreadsheet |
| .doc | Microsoft Word Document | Document |
| .docm | Microsoft Word Macro-Enabled Document | Document |
| .docx | Microsoft Word Open XML Document | Document |
| .dot | Microsoft Word Document Template | Document |
| .dotm | Microsoft Word Macro-Enabled Document Template | Document |
| .dotx | Microsoft Word Open XML Document Template | Document |
| .drw | Generic extension for a drawing file (vector graphics for CAD) | CAD |
| .dwf | Autodesk 2D/3D CAD compressed secure file | CAD |
| .dwg | 2D/3D CAD file | CAD |
| .dws | AutoCAD drawing standards file | CAD |
| .dwt | Drawing Template file for CAD standards | CAD |
| .dxf | Drawing Exchange Format File | CAD |
| .easm | Dassault Systèmes' CATIA view-only 3D CAD file | CAD |
| .edrw | SolidWorks eDrawings read-only file for 2D/3D CAD | CAD |
| .eft | Electronic Fingerprint Transmission | |
| .emf | Enhanced Metafile | Image |
| .eml | Email Message File | |
| .ems | Generic template file | Document |
| .eprt | Read-only eDrawings file | CAD |
| .esp | Encapsulated PostScript image file (vector based) | Image |
| .esp_bak1 | custom | |
| .esp_bak2 | custom | |
| .esp_bak3 | custom | |
| .esp_bak4 | custom | |
| .esprit | ESPRIT CAM software | CAD |
| .etl | Event Trace Log stores performance/diagnostic data | Document |
| .fpt | Database memo file | Data |
| .gdml | Geometry Description Markup Language | Document |
| .gif | Graphical Interchange Format File | Image |
| .html | Document for displaying content | Document |
| .iges | Initial Graphics Exchange Specification File | CAD |
| .igs | IGES Drawing File | CAD |
| .ipl | various uses | |
| .jpg | JPEG Image | Image |
| .jt | Jupiter Tesselation File | CAD |
| .lck | Temporary file to prevent access from multiple sources | Data |
| .lib | various uses | |
| .lin | various uses | |
| .model | Generic file for defining structure | Data |
| .mp4 | MPEG-4 Video File | Video |
| .mpp | Microsoft Project File | Project Management |
| .mpx | Microsoft Project Exchange File | Project Management |
| .msg | Outlook Email Message File | |
| .nc | various uses | |
| .neu | various uses | |
| .odp | OpenDocument Presentation | Presentation |
| .ods | OpenDocument Spreadsheet | Spreadsheet |
| .odt | OpenDocument Text Document | Document |
| .ost | Outlook Offline Storage Table File | |
| .pak | Raw log data from instrumentation | Data |
| .pc3 | AutoCAD plotter config file | CAD |
| Portable Document Format | Document | |
| .png | Portable Network Graphics | Image |
| .pot | Microsoft PowerPoint Template | Presentation |
| .potm | Microsoft PowerPoint Macro-Enabled Presentation Template | Presentation |
| .potx | Microsoft PowerPoint Open XML Presentation Template | Presentation |
| .ppa | Microsoft PowerPoint Add-in | Presentation |
| .ppam | Microsoft PowerPoint Macro-Enabled Add-in | Presentation |
| .pps | Microsoft PowerPoint Slideshow | Presentation |
| .ppsm | Microsoft PowerPoint Macro-Enabled Slideshow | Presentation |
| .ppsx | Microsoft PowerPoint Open XML Slideshow | Presentation |
| .ppt | Microsoft PowerPoint Presentation | Presentation |
| .pptm | Microsoft PowerPoint Macro-Enabled Presentation | Presentation |
| .pptx | Microsoft PowerPoint Open XML Presentation | Presentation |
| .prn | Printer File | |
| .prt | various uses | |
| .pst | Outlook Personal Storage Table File | |
| .rtf | Rich Text Format File | Document |
| .sab | ACIS SAT File (Binary) | CAD |
| .sat | ACIS SAT File (ASCII) | CAD |
| .sec | various uses | |
| .session | Generic file that saves the state of an application | Data |
| .shx | various uses | |
| .sim | various uses | |
| .sldasm | SolidWorks Assembly 3D file format for linking CAD models | CAD |
| .sldprt | SolidWorks 3D file format for individual models | CAD |
| .slk | Symbolic Link File | Spreadsheet |
| .stb | various uses | |
| .step | STEP 3D CAD File | CAD |
| .stl | Stereolithography File | CAD |
| .stp | STEP 3D CAD File | CAD |
| .sv$ | AutoCAD backup file | CAD |
| .tap | various uses | |
| .tar | Container file that bundles multiple files together | Data |
| .thmx | Microsoft Office Theme File | Theme |
| .tif | Tagged Image File Format | Image |
| .tl | various uses | |
| .tpl | Analysis templates used to support the generation of .tsc files | Data |
| .tsc | PAK log data that's been parsed / processed by analysis tools | Data |
| .vcproject | Visual C++ project file (pre 2009) | Data |
| .vda | various uses | |
| .vdf | various uses | |
| .wmf | Windows Metafile | Image |
| .wmv | Windows Media Video File | Video |
| .wps | Microsoft Works Word Processor Document | Document |
| .wrl | VRML World File | 3D Graphics |
| .wrz | VRML Compressed World File | 3D Graphics |
| .x3d | X3D (eXtensible 3D) File | 3D Graphics |
| .x_b | Parasolid Binary Part File | CAD |
| .x_t | Parasolid Text Part File | CAD |
| .xla | Microsoft Excel Add-in | Spreadsheet |
| .xlam | Microsoft Excel Macro-Enabled Add-in | Spreadsheet |
| .xls | Microsoft Excel Spreadsheet | Spreadsheet |
| .xlsb | Microsoft Excel Binary Workbook | Spreadsheet |
| .xlsm | Microsoft Excel Macro-Enabled Workbook | Spreadsheet |
| .xlsx | Microsoft Excel Open XML Spreadsheet | Spreadsheet |
| .xlt | Microsoft Excel Template | Spreadsheet |
| .xltm | Microsoft Excel Macro-Enabled Template | Spreadsheet |
| .xltx | Microsoft Excel Open XML Spreadsheet Template | Spreadsheet |
| .xlw | Microsoft Excel Workbook | Spreadsheet |
| .xml | XML File | Data |
| .xmp_bin | XMP Metadata File (Binary) | Metadata |
| .xmp_txt | XMP Metadata File (Text) | Metadata |
| .xmt_bin | Parasolid Transmission File (Binary) | CAD |
| .xmt_txt | Parasolid Transmission File (Text) | CAD |
| .xps | XML Paper Specification File | Document |
| .zip | Container file that bundles multiple files together | Data |