M
Mayer Kahan
I’d like to see Huntress ESPM expand into Windows endpoint hardening checks and remediation/enforcement.
The idea is to help MSPs baseline and harden devices against common attack paths by validating security best practices such as:
  • Secure Boot status
  • TPM 2.0 status
  • SMBv1 enabled/disabled status
  • Local Security Authority protection / LSASS protected process
  • Virtualization-based Security
  • HVCI / Memory Integrity / Core Isolation
  • Credential Guard
  • Firmware protection
  • Memory access protection / Kernel DMA protection
  • Microsoft Vulnerable Driver Blocklist
  • UAC best-practice configuration
Individually, these settings are not a huge deal but together they create meaningful endpoint defense. They also give MSPs a much clearer way to identify endpoints that are technically “protected” by EDR but still poorly hardened at the Windows security configuration layer.