Password protect installation
in progress
R
Robert Dana
R
Robert Dana
in progress
We are beginning work to add tamper protection (including uninstallation safeguards) to the Huntress agent. Stay tuned for more details!
NW
Robert Dana you must have sensed me looking at this post again today :)
R
Robert Dana
NW 👀
M
Michael Chan
There should be a notification or some kind of awareness if it is removed. We use our RMM and run reports if we're missing Huntress, however similar solutions like Carbon Black, S1 and other EDR solutions have it. Its a standard feature, not a nice to have. Indicating its a part of administration settings on the OS is brushing off the lack of feature to be honest.
J
Justine Gleichner
Agreed....an ABSOLUTE MUST. If I were to breach a computer with bad intentions, the FIRST thing I would do is try to remove Huntress (or the like) so nobody could see what I was doing.
I'm not sure how this was not one of the first priorities.
1) I would suggest removing it from Add/Remove programs and/or at-minimum require an uninstall password.
2) IF an MSP removes an org from their portal, tamper protection should be disabled automatically prior to the org being removed - this way organizations are not stuck with a dead MDR agent on the PC (echoed from Jared Roy).
3) I would NOT agree with an uninstall tool because that's likely the first thing a hacker would try to use/re-engineer for malicious purposes.
J
Jared Roy
Tamper protection is a must. While a hacker will often easily bypass tamper protection, as they would have already secured elevated privileges, the bigger issue is users, shadow IT, and unqualified comanaged IT. Even with RMMs reinstalling, security is lost when the service is removed before reinstallation, and there is time to rebuild lost canaries.
Tamper Protection should be done via a command requirement from the portal, a password at the local level, or the use of a specific uninstall tool. In any case, a uninstall tool should be developed to bypass in rare circumstances.
IF an MSP removes an org from their portal, tamper protection should be disabled automatically prior to the org being removed - this way organizations are not stuck with a dead MDR agent on the PC.
D
Derik Sarver
Any update on this?
G
Greg Budzynski
Why this request is being ignored? This is major security flaw. Every respectable security vendor protect it's own agent from uninstallation and it's own services from termination. Right no I can go to serivces and just disable and delete huntress services. Voila 10 sec job and no protection.
N
Nick Whittome
Day 20 of using product, and someone with a local admin elevated account already uninstalled.
S
Scott Harkness
100% required as is a huge security flaw if can simply be removed by user or malicious software and no one knows.
A
Annie Ballew
Merged in a post:
Agent Uninstall
Ali
It would be nice that Agent can't be uninstalled locally. Just like Sentinel One, you have to go into portal and send Uninstall command before it can be locally removed from the machine. More Security just in case the local user has admin access to their machine.
Thank you.
Load More
→