DNS allow list / cloud RMM and AV access for isolated endpoints
R
Robert Dana
Huntress now supports an IP address allow list for isolated hosts, but this doesn't work with Cloud RMM, AV, or other tooling which typically uses dynamic IP addresses for agent connectivity. Vote here if you'd like to see this capability added.
Even better, it would be great to hear what specific tools you'd want to use it with; the list of DNS names that need allowing for typical cloud tooling is long, and we could potentially preconfigure them (just check a box) for common-needed tools.
Z
Zach Galifianakis
FYI, for those that use Gorelo, they have dedicated IPs for Gorelo Connect which you can add to your Huntress Tooling Allowlist. This way you can still remotely access a host even during isolation.
https://help.gorelo.io/articles/8651857-gorelo-connect-remote-control#wfiq7qsk1p6
https://support.huntress.io/hc/en-us/articles/26620768607891-Host-Isolation-IP-Allowlist
B
Brant Ray
Yes, I hope this will be added very soon.
Mason Schmitt
Given the rise in abuse of legitimate RMM tools by attackers, it certainly doesn't seem like a good idea to have a big default allow list of IPs and/or URLs. If Huntress ever decides to implement this feature, I'd suggest that the initial enablement of host isolation blocks all non-huntress outbound traffic, so that an attacker isn't able to continue their attack using the RMM tool they've decided to abuse.
To allow an MSP tech to begin remediation, Huntress could allow a couple options:
1 - An MSP tech could look at Huntress' reason for enabling host isolation and decide that allowing access to the MSP's RMM tool is necessary for remediation. They could then toggle on their specific RMM tool in the Huntress UI. In this case it would be assumed that all LAN access would still be blocked, so that no lateral movement is possible in the LAN.
2 - An MSP tech could look at Huntress' reason for enabling host isolation and decide that this machine needs to be wiped and rebuilt. They could then manually disable host isolation and immediately kick off the wipe and rebuild.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist to include URLs
Nicholas Gusto
When partners work with third-party vendors for IR, Forensics, etc., sometimes those teams need to use additional tooling that is difficult to do when a host is isolated.
The partner in this example has a team needing to use CrowdStrike and the allowlist the app says it needs is by URL only and there are about 30 of them. They would like the option to add the URLs or select specific tools instead of having to lookup each IP tied to the URL, add IP, rinse, repeat, etc.
Matthiew Morin (Huntress)
Merged in a post:
RMM Tool Exclusion for Cloud Hosted Systems
H
Hayden Drummond
We want to use our RMM tool while it's isolated during testing. Currently, if we are using a cloud-hosted RMM, we cannot employ an RMM exclusion. It would be beneficial if we could add an RMM tool exclusion for cloud-hosted systems to ensure seamless testing without interruptions.
N
Nick
Another vote from me. There are multiple duplicates of this request across this system that should be merged.
Daddy McDadface
Please do this. Much needed. Not having CW/Screenconnect access to isolated devices is crippling.
F
Francis Germain
+1 for NinjaOne please !!!
Thank you.
B
Bill Hinson
As an MSP managing a variety of cloud-hosted services for our clients, we’d love to see Huntress expand the Isolation Mode allow list to include DNS-based rules or domain-level exceptions. Many critical business applications rely on dynamic cloud infrastructure, and being able to whitelist by domain would make Isolation Mode far more flexible and viable in real-world MSP environments.
Adding DNS capability would help us maintain business continuity for tools like remote management, cloud-based email security gateways, and VoIP services—even during an active containment scenario. We fully support the security-first approach Huntress takes, and this addition would make Isolation Mode even more powerful for MSPs without compromising on protection.
Looking forward to seeing this considered in future roadmap within the next quarter!
D
Devin Shirkey
Much needed for screenconnect and automate instances
Load More
→