Managed EDR

I want to monitor data extraction using USB storage to detect if a user is stealing data by moving it to a USB device. It would be beneficial to have a feature that allows real-time monitoring of USB storage activity to prevent unauthorized data transfers.

I am looking for a way to create an MSI agent for Huntress. This would simplify the deployment process across multiple machines, especially in environments where group policy deployment is not functioning as expected. Having an MSI package would streamline installations and ensure consistency.

We would like to be able to have isolation exception rules mapped to specific executables in addition to IP addresses. Currently, cloud RMMs/remote tools can't be effectively allowed, nor other tools like endpoint PAM that would be useful in isolation incidents, without having to un-isolate the host. The WFP filter engine appears to allow rules defined by executable, which seem like would give us the capabilities needed.

I noticed that the 'System Health - Defender Unhealthy' type Escalation is not sent to PSA integrations. It would be beneficial if we could customize these settings to allow such Escalations to create a ticket via our PSA. This feature would enhance our ability to manage system health alerts more effectively.

Please add DNS Filtering to your agent!!! :)

The EDR Agent will be able to automatically respond to known malicious tradecraft

We are aware of process insights and its capabilities, along with possibly creating a scheduled SIEM query. However, we would like to know if the platform itself does or will have in the future a dedicated mechanism for detecting rogue remote access software. This would greatly enhance our ability to identify unauthorized access attempts and ensure the security of our systems.

It would be very helpful to either give us a button to enable the windows firewall, or allow us to set it to automatically be enabled. I can do this through my RMM too, but the script to do so is trivial and could be very helpful in the EDR dashboard.

Microsoft_Defender_for_Endpoint_P1_for_GCC license shows as "No active license available for this tenant". GCC High tenants seem to be supported, but not low.