TEAM: Huntress Managed Endpoint Detection and Response (EDR)
PRODUCT: Huntress, Windows systems and macOS
ENVIRONMENT: Windows, macOS
SUMMARY: Huntress supported Operating systems, requirements and compatibility
See Also: Huntress Agent: End of Support Policy
Huntress Feature |
Windows Pro, Education, Enterprise, Home: |
Windows 8.1 | Windows Server 2012-2012r2 |
Windows Server 2016+ |
Legacy Windows Versions (1) |
macOS
(2) |
Footholds |
||||||
Managed Antivirus |
(3) | (4) | ||||
Ransomware Canaries |
||||||
External Recon |
||||||
Host Isolation |
||||||
Process Insights |
||||||
* ARM-based CPU's are only supported with Windows 11 and macOS currently, Windows 10 support is in progress
(1) Legacy Windows Versions include Windows 7, Windows 8.0, Server 2008 R2, Small Business Server 2011 (Product support for these legacy versions is limited to "best-effort" for operating systems no longer supported by Microsoft, thus this list can change at any time)
(2) macOS currently includes all versions of macOS Ventura 13 and 14. If you are running macOS Sequoia 15, please update to at least version 15.1 as there are several known issues with 15.0. macOS Monterey 12 has reached end of life with Apple, and while the Huntress Agent will continue to run for now as a legacy agent, you will not be able to install Huntress on macOS 12 machines after Huntress version 0.14.16. We highly recommend updating to macOS 15.1+ to ensure continued security updates from Apple.
(3) Huntress can pull Defender telemetry data and manage configuration on these OS only if Defender for Endpoint / Defender for Business / Defender ATP was purchased from Microsoft. Additionally, Huntress can only access the base Defender data and manage the base Defender features.
(4) Huntress is currently able to access logs from XProtect (built in to macOS) as well as Defender Antivirus macOS. However, our MAV for macOS is not currently able to manage / make changes to the antivirus tool (ie: applying settings, managing exclusions).
Resource Dependencies
Resource Utilization
Huntress Installer (HuntressInstaller.exe)
- Requires Administrative permissions to run
- Roughly 100 MB of disk space needed to install HuntressAgent and HuntressRio.
Huntress Agent (HuntressAgent.exe)
- The typical Huntress Agent generally consumes about 1% CPU and 20MB of RAM. However, this can increase to 5-10% when a survey is running. On average, the size of the survey sent to the Huntress Cloud (AWS) is about 700KB. If you notice an issue with Huntress utilization, try temporarily disabling your AV on your machine to see if the issue subsides. Sometimes you need to create exclusions in your AV.
- Written in Golang
- Does not have any dependencies
- The Huntress Agent uses TLS 1.2/1.3 to communicate with the Huntress Dashboard.
Huntress Rio EDR Agent (HuntressRio.exe)
- The agent’s memory consumption is typically around 400MB. In 99% of cases, it remains below 950MB even on high resource utilization servers with a general average consumption of less than 500MB. However, the agent is designed to be adaptive and may temporarily use more memory if additional resources will help improve its performance. If you notice an issue with utilization, especially on servers with high PPM (typically high load DC's and DB servers), you may need to increase the resources as Rio's usage can spike with high PPM machines.
- Like the HuntressAgent.exe, sometimes adding exclusions to your AV can help with resource usage spikes.
HuntressUpdater.exe
- Written in .NET (using the utility hUpdate). The Huntress Installer will automatically install the applicable .NET 2.0 or .NET 4.0 version of the updater utility. The installer will also auto-select the correct 32-bit or 64-bit Agent for you based on the version of Windows.
- The HuntressUpdater uses
- hUpdate (new updater) which uses TLS 1.2/1.3.
- wyUpdate (old updater) has been phased out.
Footholds
Mac
Huntress Agent for macOS supports Ventura 13 and later, including Sequoia 15.1. Version 15.0 has known issues and should be updated.
Windows Compatibility
See table above for compatibility matrix.
Workstations
Our Agent currently supports 32-bit (x86) and 64-bit (x86_64) versions of Windows starting with Windows Vista / Server 2008.
The Huntress agent can be installed on ARM64 systems, but currently the EDR agent can only be installed on Windows 11 ARM (Windows 10 ARM support is being worked on).
- Windows Vista
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Home
- Pro
- Pro for Workstations
- Pro Education
- Education
- Enterprise
- Windows 11
- Home
- Pro
- Pro for Workstations
- Pro Education
- Education
- Enterprise
Servers
Huntress supports all versions of Windows Server starting with 2008 R2, including, Hyper-V Server, Windows Server Essentials, Windows Server Standard, Windows Server Data Center, etc.
We also support the Core versions of all Server versions (please follow Single Command Installation). To utilize the Managed AV service, the "Windows Defender" Role needs to be installed (support for 2016+), please see Managed AV Support OSes for more information.
The Huntress Agent works with all Windows Server Roles including, Hyper-V, MS SQL Server, RDS (including RDS with CALs), Exchange, etc. Please note that if you are running a virtual environment, you do need a licensed copy of Huntress for each machine that's running Windows. For example, the Huntress Agent running on a Hyper-V server does not have visibility into its VMs.
- Server 2008 R2
- Small Business Server 2011
- Server 2012
- Server 2012 R2
- Server 2016+
Managed Antivirus
Workstation
-
-
- Windows 10
- Windows Pro Education
- Windows Pro & Pro for Workstations
- Windows Enterprise
- Windows Education
- Windows Home
- Windows 11
- Pro & Pro for Workstations
- Education
- Pro Education
- Enterprise
- Home
- Windows 10
-
Server
Managed AV works with Windows Server 2016, 2019, 2022 but may show empty under "registered antivirus" (Since there is no Windows Security Center on Servers, we must manually classify AV products which can sometimes affect which AV shows up in our portal [no effect on operation!])
Only Server 2016+ is supported. All versions prior to 2016 (2012r2, 2012, 2008 r2, 2008...) are not support by Managed AV (except if you purchase MDE/MDB/ATP licenses from Microsoft).
- Windows Server 2016+ (with the 'Windows Defender' feature installed)
- Essentials, Standard, Datacenter
See also: Managed Antivirus on Windows Server 2012 R2
Related articles: