Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Your sites firewall, router, DNS, and/or content filtering platforms
Environment: Huntress Management Portal
Summary: If you use deep packet inspection (DPI), TLS/SSL interception, certificate pinning, certificate interception, Acronis DeviceLock DLP, or any type of certificate inspecting service you will need to allow-list/exclude the huntress.io certificate or the common name (CN) huntress.io from TLS/SSL inspection. The Huntress Agent uses certificate pinning to verify the huntress.io domain certificate and will cease communications if presented with an unexpected huntress.io certificate.
We provide these tools to test connectivity between your machines and Huntress Portal. If the tool is unable to connect it's highly likely the Huntress agent will be unable to as well. In addition to writing to the console, the tools will also log to huntress_network_test.log in the same directory it was run in. An example snippet of the output is shown below (both environments have virtually the same output)
Windows
HuntressSupport.exe (updated May 3, 2024) - You must run this as an Administrator with
.\HuntressSupport.exe connect
macOS
Test.network.Huntress.sh (updated Oct 17, 2024) - You must run this with Admin access with
sudo bash Test.network.Huntress.sh
--- Testing DNS Resolution ---
[ DNS resolution successful. ]
--- Testing Certificate Validation ---
[ Downloaded fingerprints ]
[ Connection to huntress.io successful. ]
[ Certificate Validation successful. ]
--- Verifying Huntress services can be reached ---
[ Connection to bugsnag.com successful. ]
[ Connection to eetee.huntress.io successful. ]
[ Connection to huntress-installers.s3.us-east-1.amazonaws.com successful. ]
[ Connection to huntress-rio.s3.amazonaws.com successful. ]
[ Connection to huntress-survey-results.s3.amazonaws.com successful. ]
[ Connection to huntress-updates.s3.amazonaws.com successful. ]
[ Connection to huntress-uploads.s3.us-west-2.amazonaws.com successful. ]
[ Connection to huntress-user-uploads.s3.amazonaws.com successful. ]
[ Connection to huntress.io successful. ]
[ Connection to huntresscdn.com successful. ]
[ Connection to update.huntress.io successful. ]
[ Successfully connected to Huntress services. ]
Failure output can vary depending on environmental factors so please contact us if the output from huntress_network_test.log
if it doesn't match the above.
The web browser on one of the endpoints where the error occurred may help to further identify the issue. Navigate to https://huntress.io and click the lock next to the URL to reveal the certificate details. If the details differ from the image below there is likely an certificate interception device in use. Often times, the device vendor's name will appear in the "Issued By" field.
Note: HuntressSupport.exe is the current file. We are providing previous versions here for compatibility reasons.