Managed EDR

Adding a new ability to detect phishing when a user connects to a fake web page with a spoofed favicon that does not match the Microsoft favicon

Currently, the tooling allowlist only allows for individual IP addresses. I went to add Microsoft Defender for Endpoint Public IPs to this list, however I see this is not currently available. With the integration with Defender for Endpoint, we are significantly limited when using isolation in Huntress and lose the telemetry from MDE, as well as the ability to do things like collect investigation packages from MDE without removing isolation and leaving the environment at risk.

Huntress reports are great, however sometimes, I'd like to see the "behind the scenes" of what the root cause was. I know we can see malware analysis in the defender portal, or by submitting a sample to any.run , but it would be nice to have some more information / on what the malware did, like a execution process map or something within huntress.

EDR Capabilities for specific flavors of Linux, offering the same level of security and protection as our Windows and MacOS agents.

Huntress can show in each agent whether Defender tamper protection is enabled or not. To find & remediate these, it is impractical to check each one individually. A single page or report that shows all these devices would allow us to keep on top of this much more efficiently.

Ability to track new sign-in from a device not running the Huntress agent.

It would be invaluble for huntress to be able to mark a file as tamper-proof/offer tamper protection for various system files. We had a TA bypass DUO by pushing changes to the host file and flooding the API to localhost .

After fixing "Unmanged" clients, it can take up to 24 hours for the portal to update. Support said that they need to send a force survey command. I would like to see a "Force Survey" button added to the client portal.

Ability similar to SentinelOne to be able to remove a Huntress Agent via a Huntress controlled script from safe mode. Avoiding issues where previous IT has passed away, disappeared, or is refusing to comply with the clients request even after legal action. Or potentially a legal form/request the client themself can make to Huntress with a legal proof they've terminated services with the other provider.

We have a client who manages his own clients, and likes the branding to be his. However, the name of our main account shows up at the bottom of the "Isolation messages" which are displayed for his clients. I see that the report are banded. Can the isolation messages, (and any other branding visible to the end user), be branded for our client?