Microsoft released their new operating system in early October. Installation and management is identical to other Windows operating systems. All Huntress services are officially supported, including Managed Antivirus.
For more information on installing the Huntress agent, please visit: https://support.huntress.io/hc/en-us/articles/4404005189011-Install-the-Huntress-Agent
August 18th, multifactor authentication will be required to log into the Huntress platform. For information and instructions on enforcing MFA please visit our
Why enforce Multifactor Authentication
Multifactor authentication provides an additional layer of security and scrutiny to your account. Not only will an attacker need to know your password, but they will also need to complete the second-factor check. Traditionally the second factor requires "something you have" to satisfy the check. This could be many things but is in most cases a mobile phone with a supported authentication app. Without this physical device, even an attacker who has your password won't be able to access your account.
August 18, Huntress will be requiring that all Huntress admin users will need a multifactor authentication mechanism set up and enabled in order to access the Huntress admin console.
Today, Huntress account administrators have the option of enforcing multifactor authentication across all users within their account, as is described in this support article. On August 18, this will no longer be optional for Huntress account administrators;
allHuntress user accounts will be required to have multifactor authentication enabled.
For users who have not yet set up their multifactor authentication on or after August 18, they will be prompted to set up multifactor authentication upon logging in.
July 14, all accounts will have Huntress Recommended Defaults enabled for Managed Antivirus (MAV). This will immediately apply for agents who are in
MAV Enforce mode(
see more details below).
Huntress Recommended Defaults simplifies configuration of best-practice Defender policies by automatically applying default settings recommended by Huntress.
What will change?
In the previous version of Managed AV configuration policy, all settings defaulted to
Use System Defaultat the Account level, which adopts the existing Microsoft Defender default that applies to each endpoint.
With Huntress Recommended Defaults,
Use System Defaultwill now be replaced with the Huntress Recommended Default setting based on the AV best practice at the Account level.
What do I need to do now?
Check out our support article to understand what settings may change:
Any overrides (or a changes from Use System Default) that are already configured at the Account, Organization, or Host level will be preserved. If you would like to maintain your own settings for your Account, you can make those explicit settings in your portal now before this feature is enabled on July 14.
For partners who are in Audit Mode, this will only update the configuration policy for Managed AV but will not modify any agents.
For partners who are in Enforce Mode, Huntress Recommended Defaults will take the place of "Use System Default" at the Account level.
Ransomware Canaries will now be enabled by default for all partners, including those who have not previously opted-in for this service.
How do canaries work?
Ransomware Canaries are small files placed on the endpoint and monitored for changes. Enabling this service allows our agent to kickstart an investigation with our ThreatOps teams when a change is detected, giving them additional visibility to identify ransomware incidents.
What is the impact?
The impact is extremely minimal for this service. Each canary file is very lightweight at approximately ~150 KB each with about ~500KB used per user profile. Our Huntress agent then reports any changes to these files in its periodic survey to trigger an incident investigation by our ThreatOps teams.
You will only be notified with an incident report if our ThreatOps team validates suspicious behavior potentially related to a ransomware incident.
Why are we doing this now?
With the news around Microsoft Exchange vulnerabilities, especially with the latest reported information indicating that these vulnerabilities are being used to install a new ransomware variant called DEARCRY, we believe it is important for us to continue doing what we can to protect our partners and the businesses you serve.
We will begin our phased rollout on March 12 with partners who are currently running Microsoft Exchange.
If you have any questions or concerns, please contact us at email@example.com.
If you would like to opt-out, please let us know by March 30th.
Join us for Tradecraft Tuesday on March 9 at 1pm ET where the Huntress team will uncover some major developments surrounding the Microsoft Exchange Server exploit—including newly discovered webshells and post-exploitation details.
We strongly encourage you to join us or sign up for the recording as we'll be going over:
- Screenshots of newly discovered webshells
- How the exploits bypassed most preventive security products
- How the threat actors maintained persistence by hiding in Windows services
- What the hackers dropped during the post-exploitation stage and what it means for future victims
On March 2, Microsoft disclosed multiple zero-day exploits being used to attack on-premise versions of Microsoft Exchange Server.
If you are running on-prem Microsoft Exchange,it’s critical that you immediately identify and patch potentially at-risk systems.
Huntress is actively monitoring and sending incident reports for any impacted endpoints discovered, including providing assisted remediation support to remove any webshells deployed as part of this attack.
This does not replace patching;to prevent re-exploitation, it is critical that you also patch vulnerable servers immediately.
As an additional step, we strongly encourage you to verify your own managed environments for potential vulnerabilities and indicators of compromise.
Managed Antivirus offers centralized management and monitoring capabilities for Microsoft Defender Antivirus, an existing next-gen antivirus solution built into Windows.
To learn more, join us for our Managed AV Announcement Webinar on
January 27 at 11:30am ETwith our Huntress founders to discuss this service in more detail. Hope to see you there!
And to keep the conversation going, join a follow up Public Beta Managed AV Webinar on
February 19 at 11am ET
How does Managed AV work?
Managed AV starts out in Audit mode. In this mode, Huntress captures data about Microsoft Defender Antivirus on all endpoints deployed within your Account. You can then head over to the Managed AV service dashboard where you will find detailed status information for Microsoft Defender Antivirus running on each of your endpoints.
Managed AV starts out by default in Audit mode. In Audit Mode, we gather information about Microsoft Defender’s status and configuration and use the data to populate the dashboard only; no changes are made to Defender's configuration.
How can I start managing policies for Microsoft Defender Antivirus?
If you want to start managing Microsoft Defender Antivirus, you can choose to move from Audit Mode into Enforce Mode.
Our Managed AV product provides an intuitive way to manage policies (such as path exclusions) at the account, organization, and agent level. The settings you configure will be applied according to that hierarchy. After your policy is defined, you can push it down to your endpoints by moving from Audit to Enforce mode on a per agent basis or to multiple agents via a bulk action from the Managed AV dashboard..
How do I check it out?
Head over to your left hand side bar and click on the Managed AV icon on your bottom left sidebar and check it out for yourself!
We've just added a bunch of new marketing assets to the Partner Enablement Service!
You'll find new co-brandable datasheets and presentation materials to help bolster security conversations with your customers, as well as recommended reading lists and new educational information.
Check out our blog to learn more!
Expansion of Partner Enablement Service
We are expanding our educational and marketing assets! We're planning on adding new materials into our Partner Enablement Service. If you want a preview of what we have in store, go to the sidebar on the left hand side and click on the Partner Enablement icon:
You’ll see three primary sections for Partner Enablement:
Mastering Huntress: This section will be packed with materials to become more knowledgeable with Huntress and ensure you’re maximizing your ROI. Check back for technical documentation and training, onboarding and configuration guides, and feature/benefit overviews—so your team can truly master the platform and effectively layer it into your security stack.
Growing Revenue: Once you’ve got a working knowledge of the Huntress platform, it’s time to turn your attention toward your clients. The materials here will include co-branded datasheets, videos and client-facing presentations for you to up level your clients.
Gaining Knowledge: Education, training and enablement are at the core of our business. Whether we’re exposing hackers’ tricks and methods or working with our partners to investigate active threats, our commitment to simplifying and improving SMB cybersecurity is unchanging. This section will focus on informational resources, recommended reading lists, demos and other materials to make you aware of emerging threats, provide frameworks for your security maturity journey, and more.
Keep checking back for new additions as we expand this part of our Huntress Platform!