Team: Huntress EDR
Product: 3rd Party Antivirus, EDR/MDR (SentinelOne, ESET, BitDefender, Symantec, Sophos, Webroot, ThreatLocker)
Environment: Exclusion list / Allow list
Summary: In order to allow full functionality, the Huntress Agent software may need to be added to the allow list of third party security software
Are Huntress exclusions necessary in third-party security software? The Huntress agent operates in read-only mode so it usually does not get flagged by other security products. However there are occasions where a third-party AV / EDR / MDR is present with alert settings on high, resulting in the Huntress Agent being flagged.
Note on some NGAVs: The Huntress Agent scans auto-runs in read-only mode and hashes the files. This tips off some NGAV products depending on their configuration, please create exclusions if you are experiencing network slow-down, CPU spikes, etc. related to the Huntress Agent.
We have observed unintended behavior when the Huntress Agent is not in the exclusion list (allowlisted/whitelisted) from the following products:
- HP SureSense will also block the installer for the Huntress Agent. See HP SureSense Blocks Huntress Download for more information
- SentinelOne (depends on how strict policies are)
- Sophos (Ransomware Detection/CryptoGuard)
- Symantec Endpoint Security
- ThreatLocker (use learning mode)
- Windows Defender with ASR rules in place (rare)
We recommend adding the Huntress executables to your exclusion list:
Additionally you may need the following exclusions in order to install Huntress:
32 bit Windows use "Program Files (x86)" instead of "Program Files"