Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Your sites firewall, software firewall, router, DNS, or content filtering platforms
Environment: Scripts and binary executables for Windows (PowerShell), macOS (Bash), Linux (Bash)
Summary: To ensure uninterrupted connection when communicating between Huntress Agents and our cloud servers, confirm all network settings are correct (proper open ports, allowed URLs and certificates, exceptions for Deep Packet Inspection [DPI], TLS / SSL interception, etc...). Huntress uses certificates for encrypted communication to ensure agents and our cloud servers are able to communicate securely. Use our connection testers to verify connectivity is uninterrupted!
Do you use Deep Packet Inspection or some other form of TLS/SSL certificate interception?
You'll need to allow-list the certificate for huntress.io (i.e. exclude the huntress.io certificate from being intercepted or inspected). More information can be found here.
Does your firewall restrict outgoing communication on port 443?
Check out our KB on which URL's you'll need to allow communications on
Still having connectivity issues?
Verify your network is ready for Huntress by running one of these testers. All of the testers have roughly the same output, in which you'll want to verify that DNS resolution / port 80, certificate validation, and Huntress service tests all pass.
Windows Script (PowerShell) // Windows executable
macOS Script (Bash) // macOS executable
Linux Script (Bash) // Linux executable
Failure output can vary depending on environmental factors so contact us if the output from huntress_network_test.log (PoSh or Bash script) or huntress_diagnose_result.log (executable) indicates a networking issue. Either log files should be found in the working directory you were in when you ran the network tester.
In general the choice between script and executable depends on your needs:
- Choose the script if you need a tool you can store in a local tool repository or you're working in an environment that can't run unsigned or self-signed executables (macOS primarily). The script is significantly smaller and auto-updates testing data.
- Choose the executable if you can't grant port 443 outbound access to
githubusercontent.comor if you're in need of slightly better accuracy (such as doing on-site testing). Linux only: the executable is also less likely to encounter missing dependencies, thus is better for lightweight distros. macOS only: the executable is easier to run without Gatekeeper interference.
Windows PowerShell Tester
Test everything at once using Huntress-TestNetwork.ps1. Save that file and run it as admin from the file's location:
powershell -ExecutionPolicy bypass -f .\Huntress-TestNetwork.ps1
PowerShell success example:
Windows Executable
- Save HuntressSupport-Windows.exe and make a note of what directory the file went into
- Open an admin level PowerShell window and navigate to the directory noted above
- Execute the binary like this:
.\HuntressSupport-Windows.exe diagnoseOutput should be similar to the Windows PowerShell Tester, with some additional info about interfaces and a trace route. Primarily you'll want to confirm DNS resolution/port 80 connectivity, certificate validation, and verifying that Huntress services can be reached. The network interfaces and traceroute are for troubleshooting and not usually indicative of any issues.
Executable success example:
Bash Tester (Linux and macOS)
Note: some Linux distros may not have every command this script uses so you may need to use your package manager to install curl, jq (EPEL may also be required), openssl (rare), and nc (netcat)
Test everything at once using Test.network.Huntress.sh Save that file and run it from the file's location:
sudo bash Test.network.Huntress.sh
Bash success example:
macOS Executable
- Download the appropriate executable below and make note of what directory the file went into. If you're unsure which architecture the machine is you can run this Bash command:
uname -m- HuntressSupport-macOS-amd64 (AMD and Intel 64 bit chips)
- HuntressSupport-macOS-arm64 (Apple Silicon M-series)
-
Replace
$FileNamein the commands below with the name of the file you downloaded in step 1.
- Open a Terminal window and navigate to the directory noted above
- You may need to add the execute permission to the downloaded file, use this command:
sudo chmod +x $FileName - Execute the binary like this:
sudo ./$FileName diagnose - If you see an error referencing "zsh: killed" you may need to remove the file from Gatekeeper's quarantine using this command:
sudo xattr -d com.apple.quarantine ./$FileName - If you still see an error referencing "zsh: killed" or "unidentified developer" you'll need to add a signature using "macOS Signatures" below.
- Output should be similar to the Bash Tester, with some additional info about interfaces and a trace route. Primarily you'll want to confirm DNS resolution/port 80 connectivity, certificate validation, and verifying that Huntress services can be reached.
macOS Signatures
The binary has an ad-hoc local signature which should prevent Gatekeeper from blocking execution, as long as the extended attributes weren't altered in transit (step 3 and 5 above address this) and the file isn't quarantined (check step 5 above). You can verify the signature by running this Terminal command:
sudo codesign -dv -verbose=4 ./$FileNameIf the output doesn't include "edited signature" or "Signature=adhoc" then you'll need to add an ad-hoc signature to the file with this Terminal command:
sudo codesign -s - --deep --force ./$FileName
Executable success example:
Linux Executable
- Download the appropriate executable below and make note of what directory the file went into. If you're unsure which architecture the machine is you can run this Bash command:
uname -m- HuntressSupport-Linux-amd64 (x86_64 - AMD and Intel 64 bit chips)
- HuntressSupport-Linux-arm64 (ARM based 64 bit chips)
-
Replace
$FileNamein the commands below with the name of the file you downloaded in step 1.
- Open a Terminal window and navigate to the directory noted above
- You may need to add the execute permission to the downloaded file, use this command:
sudo chmod +x $FileName - Execute the binary like this:
sudo ./$FileName diagnose - Output should be similar to the Bash Tester, with some additional info about interfaces and a trace route. Primarily you'll want to confirm DNS resolution/port 80 connectivity, certificate validation, and verifying that Huntress services can be reached. Error "traceroute executable not found" can be ignored as long as the 3 main tests outlined above pass.
Executable success example: