Adding Command Shell/Prompt access to Huntress | Voters

Adding Command Shell/Prompt access to Huntress

Sonny

We would love for Huntress to also feature a command shell option that we could hit. This would help investigation when a device is isolated as well as another way to start or stop processes.

September 25, 2024

Autopilot

Merged in a post:

Powershell Access during isolation

Matt Stanchfield

We recently transitioned from a different solution, SentinelOne, and Huntress is certainly better. There is only one thing we miss: having PowerShell access through the system. I assume Huntress uses PowerShell to manage remediations, as that would be the most logical method. Is this something that can be integrated into the portal? If it comes from the Huntress portal, it could be tied into the same ip exceptions that huntress already uses to talk to the device during isolation.

June 3, 2026

Luke Steward

If this is implemented, I would prefer this to be disableable at a level that is above admin. IE we can contact our account manager to get a flag put on our instance that this is disabled and only our account manager or support can revert this.
I get the technical desire for this feature; however, this has the possibility for another privileged tool to have the ability for a technician's account to become compromised and have command execution on a system.
Don't get me wrong, I do understand that Huntress support likely has the exact ability at the moment, but they are governed by their own security policies.
Because we used to run SentinelOne alongside an RMM, I had the ability disabled in SentinelOne to force all of our techs to do this through the RMM, so I had one central place for activities and auditing.
I'm not against this idea, I just think that it is suited towards certain business use cases and some use cases would prefer a one-way toggle for this ability.

Nikos Fronimakis

We are looking into Huntress coming from S1. We are an MSSP and use the terminal to do our investigations. Also as someone said we need access if we isolate an endpoint. It is really important. We are stalling the migration for this reason.

The system is already in place because Huntress engineers can run commands remotely. I think it will be kind of easy to activate for us.

Bryce Skelton

Nikos Fronimakis Same issue being found here.
The other use case we've found in S1 is when our RMM agent acts up but shows in S1 still.  Makes keeping on top of that super simple and avoids user-downtime where possible (while maintaining patched devices).
Hope they can implement this soon...

Nikos Fronimakis

Bryce Skelton Nice to hear others wanting this to be implemented. As i said before i think the feature is there in the background, hope they can enable it for us. Also i would like to hear directly from someone in Huntress about this.

Adam Kemp

I am moving from ESET PROTECT to DfB/Huntress, the ability to remotely run commands on endpoints as admin via ESET PROTECT has saved me a few times. Would be great to see the same function with Huntress.

Paul Pfeister

I was genuinely stunned that this wasn't an option when I first went looking for it. I would think that this sort of feature would be a basic requirement, especially considering endpoints are supposed to be otherwise fully isolated.