Managed AV (Beta)
- New and Upcoming Feature: Huntress Recommended Defaults. This offers Huntress's security expertise to help enforce recommended settings to managed endpoints, providing a secure foundation to our Partners' configuration. These settings are part of an initial effort to roll Huntress's recommended settings to partners to ease overall management and maintain best-practice configuration and compliance.
- Huntress Recommended Defaults provide best practice configuration of Microsoft Defender security settings in Windows to take advantage of Microsoft Defender capabilities.
- Partners can now choose to Inherit Huntress Recommended Defaults at the Account level to easily set a base recommended configuration set, enabling the ability to easily set secure Defender best practices.
- This feature will be rolled out in phases, starting with new Huntress accounts and then to existing accounts (if you would like to this feature earlier, please contact support.
- For more information, please see the support article here: https://huntress.zendesk.com/hc/en-us/articles/4404012729747-Upcoming-Feature-Huntress-Recommended-Managed-AV-Defaults
The settings below are only supported on Windows Server 2012+ and Windows 8+
- Applied defaults for MAV quarantine and scan settings.
- When MAV is set to Enforce, Huntress actively applies the following Microsoft Defender Quarantine configuration:
- Set "Configure removal of items from Quarantine folder" to disabled (matches Defender default setting). This is to ensure that Defender does not automatically remove files in quarantine, maintaining those files for future and potential investigation by ThreatOps if needed.
- When MAV is set to Enforce, Huntress actively applies the following Microsoft Defender Scanning defaults:
- Set "Scan archive files", "Scan network files", "Scan packed executables", and "Scan removable drives" to Enabled; (matches Defender default settings). This is to ensure that Defender has full scanning visibility to all aspects of the endpoint environment.
- When MAV is set to Enforce, Huntress actively applies the following Microsoft Defender Quarantine configuration:
- Applied defaults for MAV Network Inspection Service-related items.
- When MAV is set to Enforce, we apply the following Microsoft Defender Network Inspection settings:
- Set "Turn on definition retirement" and "Turn on protocol recognition" to enabled (matches Defender default settings). This is to ensure maximum security efficacy and resource utilization for the Network Inspection Service
- When MAV is set to Enforce, we apply the following Microsoft Defender Network Inspection settings:
- Updated hover text for Managed AV update (Windows 10 Home).
- For Windows 10 Home, the wording for the Hover text was "Not Compatible - Huntress does not currently support this OS." We have changed it to say "Not Compatible with Managed AV - Huntress Managed AV does not currently support this OS". This is to clarify that Windows 10 Home is only not compatible with Managed AV, but is still supported with other Huntress services.
- Allowed partners to suppress all notifications via the MAV settings interface.
- Users are now able to select whether or not they want end-user UI notifications from Microsoft Defender. This allows our partners to control the visibility of Defender alerts to prevent their users from being potentially alarmed by Defender notifications.
[Fixed]
- Antivirus exclusion policy auditing was treating case sensitivity as a non-match on Windows hosts, resulting in policies showing ‘non-compliant in the portal. This is fixed by down-casing and de-duplicating each string before comparison, improving the accuracy of policy assessments.
New Features
- New and Upcoming Feature: Huntress Multi-Factor Authentication.
- Huntress is releasing the ability to enforce multi-factor authentication (MFA) for all users in an account. This is a critical security feature that safeguards the Huntress platform from attempted brute-force intrusions.
- MFA/2FA will be enforced in August 2021 for all Huntress users.
- This MFA enforcement will include:
- Requiring Time-Based One-Time Passwords (TOTP) 2FA setup when registering a new account.
- Requiring existing users, within an MFA-enabled account, to set up MFA when logging in if not already set up.
- Requiring new users to set up MFA, when they are invited to join an existing account.
- Huntress is releasing the ability to enforce multi-factor authentication (MFA) for all users in an account. This is a critical security feature that safeguards the Huntress platform from attempted brute-force intrusions.
- Currently, this feature is in beta and can be enabled per account. If interested, please follow the guide here: https://support.huntress.io/article/338-enforcing-multi-factor-authentication.
Feature Enhancements
- CW Integration testing:
- Partners who use the ConnectWise integration can now send a test ticket to their default configured mapping. This helps partners verify that their PSA integration is functioning properly (the test button is located on the integrations settings page next to your ConnectWise integration).
- The Portal now displays host service pack information correctly for Windows 10 systems. This info is helpful for Partners and ThreatOps to understand the current OS version.
Comments
0 comments
Please sign in to leave a comment.