Product: Huntress Managed Endpoint Detection and Response (EDR)
Environment: Ransomware Canaries
Summary: This guide will cover how to disable the Ransomware Canaries feature at the Account or Org or Host level.
This action allows you to remove all canaries off of managed endpoint machines and turn off the ransomware canaries service.
This is NOT recommended as this will limit visibility by Huntress' SOC Team in alerting you of potential ransomware incidents.
If you are sure you do not wish to roll out canaries to your managed endpoints in your account, you can disable them by locating the Hamburger Drop down Icon below and clicking Settings and scrolling down to Ransomware Canaries.
Disabling canaries will be logged.
If you wish to just disable Ransomware Canaries at the Organization or Host level please see below.
In the Settings page click Manged Response
Under Exclusions click Ransomware Canaries and then click the green Add Exclusion icon to the right.
Fill out the appropriate Org/Host information here
And then click Save. This will conclude the process and disable Canaries for the given Org / Host.
If you would like to reenable Canarines simply just click the red trash can icon below. This will remove the exclusion and renable the feature.