Today, Huntress focuses on malicious footholds and behavior, so the presence/installation of these tools alone does not generate an alert. This can lead to situations where tools are discovered “by accident” on a host and Huntress has not surfaced anything notable because there’s no confirmed malicious activity yet.

I expect visibility and some level of escalation for these sensitive tools so we can quickly confirm whether these tools were intentionally deployed.

I also wants the ability to distinguish between “expected” dual‑use tools and unexpected ones and feels this isn’t possible from the current UI/detections.

This creates a perception gap where companies like mine feel that potentially risky monitoring/remote‑control software can hide in plain sight unless we manually deep‑dive each host.