Skip to main content

Supported Operating Systems / System Requirements / Compatibility

Alan
  • Updated

TEAM: Huntress Managed Endpoint Detection and Response (EDR) 
PRODUCT: Huntress EDR, MAV, SIEM
ENVIRONMENT: Windows, macOS, Linux
SUMMARY: Huntress supported Operating Systems, requirements and compatibility 

See Also: Networking Requirements and 3rd party security tools (AV/EDR/MDR/ThreatLocker)

Huntress Feature

 Windows 10 & 11
Server 2016+		 Windows 8.1, Windows Server
2012-2012r2		 Legacy Windows
Versions		 macOS
(2)		 Linux
(5)
 
Footholds
Footholds 		Supported (1) (1) Supported Supported
Managed Antivirus
Managed Antivirus 		Supported (3)   (4)  
Ransomware Canaries
Ransomware Canaries 		Supported (1) (1)    
External Recon
External Recon 		Supported Supported Supported Supported Supported
Host Isolation
Desktop.svg 		Supported (1) (1) Supported Supported
Process Insights
process insights 		Supported (1)   Supported Supported

SIEM

 Supported (1)     (6)

* ARM-based CPU's are only supported with Windows 11, macOS, and 64-bit ARM Linux currently.

(1) Legacy Windows Versions include all Microsoft Operating Systems that have reached Microsoft's 'extended' End Of Life more than 1 year ago. Product support for these legacy versions is limited to "best-effort" for OS no longer supported by Microsoft; please see Huntress Agent: End of Support Policy for more details

(2) macOS currently includes Ventura 13 (support ending soon), Sonoma 14, Sequoia 15.1+, and Tahoe 26 (sometimes unofficially referred to as version 16). If you are running macOS 15.0.x, please update to at least version 15.1 as there are several known issues with 15.0. macOS Ventura 13 will soon reach end of life with Apple, please see our Huntress Agent: End of Support Policy for more details.

(3) Huntress can pull Defender telemetry data and manage configuration on Server 2012 R2 only if Defender for Endpoint / Defender for Business / Defender ATP was purchased from Microsoft. Windows 8.0 and 8.1 do not have a working Defender API and since that OS is EOL it's unlikely Microsoft will fix this, thus Huntress does not have the ability to manage Defender on Windows 8/8.1.

(4) Huntress is currently able to access logs (i.e. telemetry data) from XProtect (AV built in to macOS) as well as Defender Antivirus for macOS. However, Huntress AV for macOS is not currently able to manage or make changes to the antivirus tool (ie: applying settings, managing exclusions).

(5) Linux support is limited to these distributions running on kernel 5.14.50+ on 64-bit systems. A 2GHz dual-core or faster CPU, 2 GB of RAM, and 2 GB of disk space is required.

Linux Distribution Versions
Ubuntu 22.04, 24.04, 25.04
Debian 11, 12, 13
RHEL 8.6+, 9.x, 10.x
CentOS Stream 9, Stream 10
SUSE Linux 12.x, 15.x
Fedora 41, 42

(6) Linux agents can ingest Linux OS log files (flat files). The ability to ingest other SIEM sources data (syslog) is coming soon!

 

Resource Dependencies

Resource Utilization

If you notice an issue with excessive resource utilization, try creating exclusions in your AV. Due to the deep reaching nature of Huntress EDR, most AV's and other security tools will need Huntress assets added to that 3rd party's allow or exclusion list.

Huntress Installer (HuntressInstaller.exe)

  • Requires Administrative permissions to run
  • Roughly 250 MB of disk space needed to install HuntressAgent and HuntressRio.
  • The Huntress Installer will automatically install the applicable .NET 2.0 or .NET 4.0 version of the updater utility. The installer will also auto-select the correct agent for you based on the version of Windows and the CPU architecture. 

Huntress Agent (HuntressAgent.exe)

  • The typical Huntress Agent generally consumes about 1% CPU and 20MB of RAM. However, this can increase to 5-10% when a survey is running. On average, the size of the survey sent to the Huntress Cloud (AWS) is about 700KB. 
  • Written in Go (aka "Golang")
  • Does not have any dependencies
  • The Huntress Agent uses TLS 1.2/1.3 to communicate with the Huntress Dashboard.

Huntress Rio EDR Agent (HuntressRio.exe)

  • The agent’s memory consumption is typically around 400MB. In 99% of cases, it remains below 950MB even on high resource utilization servers with a general average consumption of less than 500MB. However, the agent is designed to be adaptive and may temporarily use more memory if additional resources will help improve its performance. If you notice an issue with utilization, especially on servers with high PPM (typically high load DC's and database servers), you may need to increase the resources as Rio's usage can spike with high PPM machines.
  • This agent is built into HuntressAgent on macOS endpoints, while Linux and Windows environments have two separate agents (HuntressAgent and Rio).

HuntressUpdater.exe

  • Written in .NET (previously used hUpdate). 
  • The HuntressUpdater uses
    • TLS 1.2/1.3
    • hUpdate and wyUpdate have been phased out (however you may still see placeholders for these EXEs).

 

 

Workstation

  • Windows 10 & 11
    • Pro & Pro for Workstations
    • Enterprise
    • Education
    • Pro Education
    • Home

Server

Managed AV works with Windows Server 2016, 2019, 2022 but may show empty under "registered antivirus" (Since there is no Windows Security Center on Servers, we must manually classify AV products which can sometimes affect which AV shows up in our portal [no effect on operation!])


Only versions of Windows that shipped with Windows Defender are supported for Huntress Managed AV, i.e. Server 2016+. All versions prior to 2016 (2012r2, 2012, 2008 r2, 2008...) are not supported by Managed AV (except if you purchase MDE/MDB/ATP licenses from Microsoft). See also: Managed Antivirus on Windows Server 2012 R2

 

 Related articles:

 

Related articles