u/Savings_Property6422

▲ 47 r/msp

Huntress - Is Windows Defender enough?

We have been using Huntress EDR with Windows Defender (not MDE) for a little less than a year now. We've had a great experience with their team and the success of the product. Coming from Bitdefender, it's been amazing.

We had an incident recently that has given me some concern. It was a Fake Captcha/ClickFix scam that tricked the user into running a malicious powershell command. Huntress caught it very quickly and isolated the endpoint. We re-imaged the machine.

However, it has me wondering if we can harden our endpoints further. EDR is by design a "reactive" tool. I'm not sure if there's something out there that can catch this stuff in the moment. I've researched S1, CS, and Field Effect in the past, but from what I've read these are all still reactive to these sort of attacks.

What's everyone else using to harden their endpoints and block these attacks as they're happening? Also, we do use DefensX - but unfortunately this website was categorized as low risk so wasn't blocked.

reddit.com
u/Savings_Property6422 — 7 days ago
▲ 9 r/msp

Checkpoint & MS Quarantine

Does anybody else have issues with Checkpoint & Microsoft Quarantine clashing?

We have the settings enabled to "Allow Checkpoint to restore clean emails from MS Quarantine".

However, we have lots of restore requests that all stem from Microsoft quarantine flagging emails as High Confidence Phishing. Checkpoint shows green everywhere (often with the semantic phishing score under 10) but consistently says "Smart-Phish confidence level is too low to restore this email"

Are there any settings we can tweak?

I have reached out to Checkpoint support, but figured I would ask here in case it takes a week or two to hear back.

TIA

reddit.com
u/Savings_Property6422 — 18 days ago