Team: Huntress EDR
Product: Antivirus
Environment: Huntress Dashboard
Summary: Expedited Agent Tasking & Survey Processing
Huntress just got faster!
The release of agent version 0.12.46+ has greatly increased the speed at which Huntress agents can receive and process tasks (from minutes to seconds).
-
Host Isolation happens faster after malicious behavior is confirmed by the Huntress Security Operations Center (SOC).
-
Assisted Remediation tasks are expedited, allowing partners to remediate malware faster.
-
All other agent tasks are accelerated, such as:
-
Managed Antivirus scans
-
Deployment of Ransomware Canary files
-
Retrieval of files and other artifacts for Huntress SOC investigations
-
This new enhancement will undoubtedly keep our partners safer and increase the efficiency of the Huntress SOC.
FAQ
Do I need to add additional exclusions, etc. for the new tasking service to work on a host?
-
The agent will reach out to eetee.huntress.io to check for tasks so if domain-specific firewall rules exist, this may need to be added.
-
If the agent cannot reach eetee.huntress.io, then it will revert to normal behavior where it checks the Portal (huntress.io) for tasks every 15 minutes.
-
-
There are no additional binaries, etc. added to the system with this service enhancement - the functionality is built into the Huntress agent.
It’s been over a minute, why hasn’t the agent completed my task (host isolation, AV scan, etc.)?
-
The agent could be offline.
-
The agent may not be able to contact the new Huntress backend service that handle expedited task processing (eetee.huntress.io). If it can’t, then it will revert to normal behavior, checking the Portal (huntress.io) for tasks every 15 minutes.
-
The agent could be in a middle of a survey cycle. The agent runs a local survey after running through tasks that it has received. This can sometimes take 5 minutes - and during that time it would not poll the new accelerate service for more tasks. This behavior will be iterated on in future agent versions to account for the need to run multiple tasks in quick succession.
Comments
0 comments
Please sign in to leave a comment.