Powershell Access during isolation
M
Matt Stanchfield
We recently transitioned from a different solution, SentinelOne, and Huntress is certainly better. There is only one thing we miss: having PowerShell access through the system. I assume Huntress uses PowerShell to manage remediations, as that would be the most logical method. Is this something that can be integrated into the portal? If it comes from the Huntress portal, it could be tied into the same ip exceptions that huntress already uses to talk to the device during isolation.
L
Luke Steward
If this is implemented, I would prefer this to be disableable at a level that is above admin. IE we can contact our account manager to get a flag put on our instance that this is disabled and only our account manager or support can revert this.
I get the technical desire for this feature; however, this has the possibility for another privileged tool to have the ability for a technician's account to become compromised and have command execution on a system.
Don't get me wrong, I do understand that Huntress support likely has the exact ability at the moment, but they are governed by their own security policies.
Because we used to run SentinelOne alongside an RMM, I had the ability disabled in SentinelOne to force all of our techs to do this through the RMM, so I had one central place for activities and auditing.
I'm not against this idea, I just think that it is suited towards certain business use cases and some use cases would prefer a one-way toggle for this ability.