I have done some testing with canary files. One thing I have noticed is that it does not seem like encrypting a canary file causes the agent to sync early. As in both tests it took 15-20 minutes for it to detect the canary has been encrypted. Then 5-10 minutes for the host to be isolated and a report sent. With things like SSD's being more common that time period allows a lot of damage to be done and for network shares to be encrypted. Maybe have it check the canaries every 60 seconds and force sync with Huntress if one turns up missing. This would take down the time to around 10-15 minutes for a response instead of 25-30 minutes. It appears this happened to someone on reddit already. It probably would have been stopped much earlier if it force synced. Full conversation here for context: https://www.reddit.com/r/msp/comments/16xfmou/bitdefender_mdr/k32q8fp/?context=3

With the addition of new 'password-related' LOW severity incidents, it's become difficult to filter incidents without clicking through each one. Given password-related incidents can be longer lived while we switch associates to appropriate tooling, it creates distractions in the dashboard that make responding to actual incidents more challenging. I would recommend placing an 'incident type' column on the dashboard in order to quickly see the type of incident - Plain Text Passwords, Malware, Trojan, etc.

Hi team, would love the ability to control tamper protection for MAV via Huntress. We have a few clients that use it and it can get turned off for a variety of reasons and would love to have that control in a policy.

We have a fair amount of customers in the portal by now and it is getting harder to navigate and find customers in the drop down list. It would be very good to incorporate an search window to speed things up

My team especially could use the Managed AV functionality. Having the Health Status and Policy Status available through the API would help us ensure coverage while we are balancing multiple AV products.

Most of our devices are windows but having coverage on linux would be nice.

https://docs.microsoft.com/en-NZ/microsoft-365/security/defender-business/?view=o365-worldwide

For the love of my retinas, please develop a dark mode

Can you guys update your API so that we can get tickets into slack and perform remediation through slack?

Ability to customize the web timeout for the Huntress Dashboard and/or include a "stay logged in" button.