Managed EDR

At present there is no option to create a set of Managed Antivirus Exclusions rules, save it as a policy and apply it to organisations as required. For example, I have 7 organisations that use a specific legal software platform that requires certain file, folder, process and .exe exclusions to operate, and another 5 organisations that use a different software platform with different required exceptions. It would be in line with the quaility of the rest of the Huntress Managed EDR offering if these could be created, saved and assigned as policies to an organisation, rather than having to input each exception manually for every organisation that needs them. This has been available in AVG/AVAST and BD for many years.

I am requesting a feature that allows us to brand the email that sends the monthly report, as well as utilize SPF records to have the email sent from our domain.

I am an MSP and fully manage Huntress for most of my clients. However, I have some clients with their own internal IT department and it would be great if I could grant them access to their areas in the MSP portal so that they can co-manage their services. Obviously, they should only have access to their customer area within the portal, but we should be able to specify which Huntress services they can access (EDR/ITDR/SIEM/SAT etc.) According to my account manager, the only way I can achieve this currently is to set up a separate Reseller account.

Currently, notifications for the "Microsoft Defender Needs Attention" escalation are only sent via email. It would be very helpful if these could be sent to the account configured PSAs instead.

Within External recon we see a large number of home user on their personal public IPs which are being picked up by the Huntress agent. To increase our efficiency we would like to see the ability to exclude IPs from external recon detection.

The ability to selectively disable your agent or enable a "troubleshooting mode" for a set period of time (4 hours, like Defender troubleshooting mode?) would be very helpful if we were to run into an issue that we had to disable huntress and defender to troubleshoot. Current method is to uninstall/reinstall the agent. This is not ideal either, as the workflows we have in place will automatically re-install it during check-in, which could occur at any point during troubleshooting.

Currently when a user attempts to use a prohibited VPN, their account is isolated and a critical alert is raised. Huntress says that the only option is that or no rule at all. I would like some greater control over how huntress responds to these.

Alert when a computer has installed malicious browser extensions

When a technician resolves or rejects the remediation in the Huntress portal Huntress sends an email with the following subject: [Huntress Detection] CRITICAL - Incident on... This subject looks like a new incident. Can you update the subject instead to say: RESOLVED - [Huntress Detection] CRITICAL - Incident on...

Can something be added to both email and SMS alerts that identifies the type of critical incident? Like your default email message starts like this today: [Huntress Detection] CRITICAL - Incident on However, the [Huntress Detection] CRITICAL often fills the screen when looking on mobile devices. Could you maybe change it to [Huntress MDR Detection] CRITICAL - Incident on Or [Huntress ITDR Detection] CRITICAL - Incident on The SMS message "This is Huntress Labs Incorporated. A cyber incident..." Could you please change "A cyber incident' to "A MDR incident..." or "An ITDR incident..." These small changes would improve our efficiency with dispatching the correct resources we need to respond.