Managed EDR

Presently, a user must be an account level admin or security engineer to deploy the macOS System Extension, but setting up a computer is more of a tier 1 / tier 2 level task, and we do not want t1/t2 engineers to have rights beyond read access and deploying the System Extension. Can we add the ability to manage the System Extension deployment to the User and Read-only roles or better yet let us choose on a case-by-case basis or create 2 new roles which are User + System Extension or Read-only + System Extension? Unfortunately, we don't have MDM everywhere yet, and it'll be a while before we do. Alternatively, or in addition to the above, adding this functionality via API would also be acceptable. Then we can build a form to let them choose the macOS device and push out the System Extension. Would also need to be able to report on the System Extension status, Full Disk Access status, and the network filter status.

Adding additional insights into file and application based malware/attacks

Does anyone have a recommendation on how to monitor a Mac endpoint running Huntress, that the Huntress agent is functional and healthy? Like on Windows we use our RMM to check that the Huntress service is running and run a powershell script daily to check for if the agent became orphaned.

This update to the EDR Agent software for MacOS will stop unauthorized removal as well as making any attempt to stop associated processes or elements more difficult, which would render the EDR non-functional.

Huntress currently lacks support for Ransomware Canaries on MacOS, which are available on Windows. Adding this feature to MacOS would provide a more comprehensive security solution, aligning the capabilities across different operating systems and improving threat detection and response for Mac users.

With the new MAV integration of macOS Defender installations, we can see missing permissions on individual Macs. Identifying Macs with missing Defender permissions would require checking individual Macs one by one. Add a way to identify Macs that have Defender installed but are missing permissions in the Command Center dashboard (similar to the macOS Fleet Readiness or Managed Antivirus widgets)

I noticed that macOS agents with Defender for Endpoint activated show 'Active (XProtect)' instead of 'Active (Defender)' in the defender portal. It would be helpful to identify devices that might miss Defender quickly if the UI displayed Defender status instead of XProtect when Defender is active.

Additional MDM providers added to make the deployment of Huntress EDR for MacOS seamless. Currently vetting out vendors so leaving agnostic. Please do suggest MDM vendors you'd like to see us working with!

Currently, the Mac endpoint does not perform scans after 24 hours, and the console shows 0 scans. It would be beneficial to have the ability to manage and schedule antivirus scans directly from the Console for Mac endpoints, similar to other platforms. This feature would enhance the usability and effectiveness of the antivirus tool for Mac users.

We often perform installations manually and would greatly benefit from the ability to install Huntress via the command line. This would streamline our process, especially since we use VSA 9, and make installations more efficient.