Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Huntress Agent
Environment: Windows, MacOS
Summary: Agent bandwidth/network usage
The Huntress Agent was designed to use as few system resources as possible and still be effective, bandwidth included.
There are three operations the agent performs that use network bandwidth:
Surveys
A typical Huntress survey is about 550KB. The agent surveys at regular intervals, but the survey data is only sent to the cloud for analysis when a change is detected from the previous survey. Most agents only send a few surveys a day. The exception to this is when there is malware on a endpoint that is constantly changing or software updates are occurring.
File Collection
Huntress will automatically collect files it has never seen. These files are used to determine the validity of an auto-starting application. The files that are automatically collected are limited to 15 megabytes in size. That said, our SOC team can override the limit if something seems suspicious.
Updates
The agent is configured to automatically update when an update is available. Updates are approximately 8 megabytes in size.