Introducing an additional opt-in setting within Tamper Protection—specifically requiring a code or password to disable or uninstall Huntress services—would provide significant value. Many MSPs prefer a fully automated approach when monitoring agents and handling ransomware events, but others benefit from maintaining more granular administrative control. This feature would offer that flexibility.

Threat actors continue to leverage a wide range of attack vectors, and we recently encountered an incident in which an attacker, after gaining administrative privileges, was able to disable Huntress and reboot each affected endpoint. This effectively neutralized the platform’s ability to detect, respond, and collect evidence during the attack.

Implementing a password- or code-protected tamper-prevention mechanism would help ensure Huntress remains operational during an incident, preserving forensic visibility and enabling both MSPs and Huntress analysts to perform proper investigation, containment, and remediation while keeping the environment secure.