Managed EDR

Endpoints may be put in storage or inactive for some time for a expected reason, it would be nice to be able to list these devices as such to differentiate from the current unresponsive agent view/settings.

On the dashboard for EDR there is a widget/tile for detected screen connect hosts. This shows the detected hosts in the last 30 days. This is great and we review this regularly to ensure we don't have any unexpected screen connect installs that we need to clean up. When clicking into the dashboard widget/tile it gives us a list of the hosts and the agent count that we can click on for more details. The main widget is filtered by the last detected date being less than 30 days. However, every page past this does not apply this same filter and always causes some confusion as old data is then displayed and techs need to pay attention to realize those devices were most likely already remediated. To improve consistency - these additional detail pages should also be filtered by the last 30 days by default.

The new Huntress detection of Connectwise has been fantastic, we caught some previous IT companies software on our recently acquired clients workstations. It would be amazing if huntress continued this detection and expanded it to detecting other remote access software such as splashtop, teamviewer, anydesk, etc..

Huntress now supports an IP address allow list for isolated hosts, but this doesn't work with Cloud RMM, AV, or other tooling which typically uses dynamic IP addresses for agent connectivity. Vote here if you'd like to see this capability added. Even better, it would be great to hear what specific tools you'd want to use it with; the list of DNS names that need allowing for typical cloud tooling is long, and we could potentially preconfigure them (just check a box) for common-needed tools.

As browser-based applications become central to modern workflows, the security risks associated with Chromium-based browser extensions are increasing significantly. We request improved monitoring, control, and policy enforcement capabilities for browser extensions to mitigate risks related to malicious plugins and shadow IT. In today’s work environment, the reliance on browser applications continues to grow. At the same time, the number of malicious or compromised extensions in the Chrome Web Store and other Chromium-based marketplaces is rising rapidly. This creates several security challenges: Malicious extensions can exfiltrate sensitive data, inject scripts, or act as persistence mechanisms. Shadow IT risks increase as users install extensions tied to unapproved SaaS platforms, leading to uncontrolled data distribution. Lack of centralized visibility makes it difficult for IT and security teams to audit and manage extension usage across endpoints. Existing endpoint security solutions, including Huntress, have limited visibility and control over browser extensions, particularly: No centralized inventory of installed extensions Limited insight into extension permissions and behaviors No enforcement of allow/block policies at scale Lack of alerting on high-risk or newly installed extensions We propose adding dedicated browser extension security capabilities, including: Extension Inventory & Visibility Centralized dashboard of all installed Chromium extensions across endpoints - Metadata including publisher, permissions, install source, and user Risk Assessment & Detection Flag extensions with high-risk permissions (e.g., access to all sites, clipboard, downloads) Detection of known malicious or suspicious extensions Alerts on newly installed or recently updated extensions Policy-Based Control Ability to create allowlists and blocklists Enforcement of approved extensions only Optional auto-removal or disablement of unauthorized extensions Shadow IT Insights Identify extensions linked to unapproved SaaS or data-sharing services Reporting on potential data exposure vectors Integration & Response Tie extension activity into existing Huntress detection and response workflows Enable automated or guided remediation actions Conclusion: As browsers increasingly function as primary work platforms, extension security must be treated as a first-class concern. Enhanced control and visibility over Chromium extensions would provide significant security value to customers operating in today’s threat landscape.

Allow settings like Host Isolation, Auto-Remediations, Credential Reports and Identity Isolation to be changed at the Organizational level

It would be nice to be able to schedule the exclusion of an isolation for times when a pen or vulnerability test is scheduled by an auditor / examiner.

There don't seem to be many products in the MSP space that do CVE-based alerting. Those that do try to be "one stop" tools that replace Huntress (such as RocketCyber.) I would love it if you added this as a feature, even if it was an add-on.

I have a couple of clients where some workstations go unused for months. I've also had clients who have moved or remodeled, or had a disaster like flooding, and certain workstations are packed up for months and aren't planned to be pulled out until things are fixed. It would be nice to have an option to delete the agent instead of just uninstall, so that when the workstation is finally reconnected to the portal, they reappear, but aren't being billed for in the meantime.

Alert when a computer has installed malicious browser extensions