Managed EDR

When partners work with third-party vendors for IR, Forensics, etc., sometimes those teams need to use additional tooling that is difficult to do when a host is isolated. The partner in this example has a team needing to use CrowdStrike and the allowlist the app says it needs is by URL only and there are about 30 of them. They would like the option to add the URLs or select specific tools instead of having to lookup each IP tied to the URL, add IP, rinse, repeat, etc.

Huntress now supports an IP address allow list for isolated hosts, but this doesn't work with Cloud RMM, AV, or other tooling which typically uses dynamic IP addresses for agent connectivity. Vote here if you'd like to see this capability added. Even better, it would be great to hear what specific tools you'd want to use it with; the list of DNS names that need allowing for typical cloud tooling is long, and we could potentially preconfigure them (just check a box) for common-needed tools.

allow users/admin to whitelist ip's that come from a certain user to stop the location alerts - e.g user is based in sri lanka and accesses all GA accounts. Being able to whitelist his ips in huntress to get rid of that alert would be nice.

We're concerned about a scenario where an attacker gains foothold and then creates local accounts or adds a compromised account to local Administrators group or similar. We're also concerned about scenarios where client admins make local accounts for whatever reason (troubleshooting GPOs, software, etc) and then forget to disable them, etc.

You don't currently detect the very common browser hijacker and adware known as OneLauch. I contacted support and was told you don't plan on doing so as it doesn't currently do anything more severe like provide remote access or execute commands. However, it installs itself through deceptive means through scareware advertisements. It makes itself very hard to remove and recreates links to itself when deleted. It serves up further scareware ads that other firms have said are linked to account compromises. It spreads through shared environments such as RDS servers and causes serious functionality issues. It also is detected by competing EDR solutions such as Crowdstrike. I implore you to reconsider and start detecting it. Thank you!

Creating an option to detect activity from known RMM's and remote access tools would be helpful. For example, it would be cool to have a list of known tools you could opt in to be notified about. They would need to be an option to whitelist valid hostnames (like whitelisting your RMM instance hostname). Once opted in, you would get alerts on endpoint activity detected. Last, being able to exclude or whitelist on a client level would allow us to indicate if a client DOES actually use one of these tools and we don't need to be alerted about it. ***I worry this is a duplicate but I couldn't find anything

The new Huntress detection of Connectwise has been fantastic, we caught some previous IT companies software on our recently acquired clients workstations. It would be amazing if huntress continued this detection and expanded it to detecting other remote access software such as splashtop, teamviewer, anydesk, etc..

Wave Browser and all files associated need to be labeled as PUP with the option to remediate.

I like this new feature but I think it would be better if we could specify what IP addresses we want to whitelist for specific VPNs, instead of just allowing all "SonicWall VPNs", etc. I also find that there are going to be a lot of issues with Apple's Private Relay stuff. Not sure how to handle those.

Add more details to escalation emails such as device or client affected so users with access to the email but not the Huntress Platform can assign the client properly.