Team: Huntress EDR
Environment: Platform, Portal
Summary: What files does Huntress collect?
Collected files are opened in read-only mode by the Huntress Agent to send a "copy" to the cloud for analysis by our Security Operations Center (SOC). The original file remains on the host. We do not remove files when collecting them.
For additional examination the User agrees that the Huntress software automatically provides to us files (executable files and/or associated libraries, and scripts) for applications configured to start when the computer boots or when a user logs in that Huntress Labs has not catalogued.
The collected files are used to determine the validity of an autorun (auto-starting application). The examination of these files provide the SOC Analyst with the evidence to support whether an autorun is Reputable or Malicious. If the file is malicious, we use details learned from analyzing it to help develop the remediation instructions.
We believe in being transparent, therefore we show all files that were collected by Huntress from your computers on the "Collected Files" page.