Windows EDR - Tamper Protection Improvements | Voters

Windows EDR - Tamper Protection Improvements

next quarter

James Mason | SE @ Huntress

Increase the capabilities of Tamper Protection to further stop attackers from manipulating the Huntress Windows EDR agent and associated technology

February 21, 2025

Matthiew Morin (Huntress)

marked this post as

next quarter

This item got tangled up / duplicated with the "Windows EDR - Tamper Protection Improvements - Prevent Windows Firewall Tampering" item (https://feedback.huntress.com/feature-requests/p/windows-edr-persistent-foothold-improvements)

We have some additional improvements that we would like to make in Q4. This item will be updated in the near future with more details.

Yidel Steinfeld

Is tamper protection applying in Windows when running as SYSTEM?

James Mason | SE @ Huntress

Merged in a post:

Tamper protection does not prevent ending processes

Stevie'la Ullrich'la

Able to kill huntress agent, rio, and updater processes even though tamper protection otherwise working to prevent changing the service. Can take 5+ minutes to respawn.

Prevent ending processes.

February 24, 2025

James Mason | SE @ Huntress

marked this post as

this quarter