Windows EDR - Tamper Protection Improvements | Voters

Windows EDR - Tamper Protection Improvements

next quarter

James Mason | SE @ Huntress

Increase the capabilities of Tamper Protection to further stop attackers from manipulating the Huntress Windows EDR agent and associated technology

February 21, 2025

Scott Hunckler

I think it would be a good idea to have the ability to set a custom duration for disabling Tamper Protection instead of manually disabling it every 4 hours. I am in a situation now where a client is off-boarding and they want to have their new IT install their EDR to replace Huntress; The client does not want a lapse in EDR coverage and asked for us to disable Tamper Protection for the month while their new IT roles out their EDR.

Matthiew Morin (Huntress)

marked this post as

next quarter

This item got tangled up / duplicated with the "Windows EDR - Tamper Protection Improvements - Prevent Windows Firewall Tampering" item (https://feedback.huntress.com/feature-requests/p/windows-edr-persistent-foothold-improvements)

We have some additional improvements that we would like to make in Q4. This item will be updated in the near future with more details.

Yidel Steinfeld

Is tamper protection applying in Windows when running as SYSTEM?

James Mason | SE @ Huntress

Merged in a post:

Tamper protection does not prevent ending processes

Stevie'la Ullrich'la

Able to kill huntress agent, rio, and updater processes even though tamper protection otherwise working to prevent changing the service. Can take 5+ minutes to respawn.

Prevent ending processes.

February 24, 2025

James Mason | SE @ Huntress

marked this post as

this quarter