Automatically terminate processes when malicious activity is detected
complete
Matthiew Morin (Huntress)
updated the status to
complete
We enabled Attack Disruption (https://www.huntress.com/blog/disrupting-endpoint-attacks-with-huntress-managed-edr) on all Windows endpoints a few months ago to target very specific ransomware tradecraft.
Check out June 2026's Product Lab episode for more details on how we're now combating ClickFix with Attack Disruption (https://www.youtube.com/live/1EyqZnc0b30?si=i_L9Hdn56Laa8aSt)
Since rolling out the ClickFix disruptors early last week, we've already stopped over 100 ClickFix attacks and will continue to see our efficacy increase with some additional changes this week.
The best part is, you don't have to do any configuration to reap the protective benefits of Attack Disruption. We keep the disruption logic extremely accurate and precise to reduce the management overhead.
Keep an eye out for more on this topic. We're not going to be able to stop everything but it helps level the playing field by shifting our EDR from a pure "detection and response" product to a "detect, disrupt, and respond" product.
Matthiew Morin (Huntress)
updated the status to
future planned
J
Jeff Creed
Can you also add a kill list? so, I can just have anydesk.exe killed. That would make this butterly good for us
F
Fred Holzsager
Sounds like a valid buy in to Huntress EDR.
D
David Stevens
Seems like a no-brainer!
M
Mike Dalickas
Just saw this on Product Lab! Would be killer.
N
Neil O'Sullivan
Looks amazing, please and thank youuuu!