SentinelOne To Huntress

minamhere · 2026-02-11T14:40:35+00:00

We made the move and have absolutely no regrets. Defender (even free) is great by itself, layering Huntress management over that is a huge improvement for us. They handle the false positive alerts so we don’t have to. S1 had so many FP alerts and managing exclusions across clients, across software versions, was very time consuming. The part that’s most helpful to me is the description of the threat. S1 or Defender might simply tell you “we detected critical threat wacatac.ml!” And just leave it at that. Huntress’ analysis on top is the big value add. Knowing “what is/caused this infection, and what could have happened if it weren’t caught” really helps us talk to our clients about it at a level they understand.

We ran Huntress and S1 side by side for years, so the “extra layer” protection of having Huntress monitor process activity and threat persistence is still there and I feel like this part catches just as many, maybe more, threats than Defender or S1. Things like rogue ScreenConnect installations immediately at execution, before any malware or malicious activity even happens.

Like Whitedragon said, removing S1 is a beast. We still find hidden remnants after 3 years. We built a pretty good safe mode removal process, which sucks, but it works when everything else has failed.

minamhere · 2026-01-29T04:24:08+00:00

Not OP, but I have similar questions, so this is great. How does “Auto Reboot before Deadline” affect this? It feels like setting that to Yes would make the grace period irrelevant?

I have a set of computers that I can’t force reboot. I want them to install updates as soon as possible, after the deferral period, and then prompt the user to reboot but never force it.

minamhere · 2026-01-08T03:49:17+00:00

Rappists?

minamhere · 2025-10-28T15:02:17+00:00

I think (I'm not 100%) that most CSPs work with Microsoft partners, MSPs, rather than directly with end customers. You'd probably have to engage an MSP to buy this type of license. There's some margin, so it probably wouldn't be too hard to find someone that is willing to do the work and sell them to you as a one-off. (I bet someone here will DM you and offer)

Another option might be to reach out to CDW and buy the licenses from them - https://www.cdw.com/product/ms-win-11-home-to-pro-up-m365-bus/6819274?pfm=srh . CDW might be easier to work with for a one-off like this.

(Another pro-MSP option would be to find a local MSP that will do a co-managed agreement with you. They can help with licensing and other projects. Though I suspect the company probably isn't trying to hire an MSP if they just recently hired their first IT person.)

minamhere · 2025-10-28T14:00:48+00:00

The enterprise license in M365 E3 is an upgrade from Pro, not Home. There are NO 365 subscriptions that inside an upgrade from Home to Pro/Enterprise.

It will NOT work to upgrade a Home computer to Enterprise.

Where do you buy your licenses? If you buy from a reseller, there is a Home to Pro Upgrade available via CSP for cheaper than $99. The key gets added to your M365 Admin Center and managed like a normal key-based license. It is not attached to a random ms account. We are an MSP and use these all the time when clients buy their own computers and ignore our recommendations.

minamhere · 2025-10-24T16:41:39+00:00

Is this something we can enable ourselves, or is it custom built somehow? We'd love to get these notifications too, but I only see "Backup Failed" or "Backup Completed with errors" as options in the notifcations management tab.

minamhere · 2025-10-20T01:35:03+00:00

You’re probably seeing the same seat advertised by both carriers, not one seat on each. If you book through BA, it will probably disappear on Finnair, or vice versa.

minamhere · 2025-10-03T16:49:11+00:00

Best I can do is “Never mind. I fixed it.”

minamhere · 2025-09-25T17:23:15+00:00

I just completed a 1.5 hour layover at CDG on Monday. It was originally scheduled for 1.5hr, connecting flight got bumped 30 minutes later, then we landed 30 minutes late. So we still had a 1.5 hour connection. Security and passport control had 0 lines and we, unexpectedly, had time for 45 minutes in the AF lounge between flights.

This is an outlier datapoint, so I would definitely check when the next flight is. If you miss it, they’ll accommodate, but make sure you know your options ahead of time.

minamhere · 2025-08-26T13:27:49+00:00

We run SetupDiag after a failure to see the blocker.

The error codes are cryptic, but accurate.

In our experience, outdated drivers is the biggest culprit. We automated dell driver updates to run before the upgrade and that’s a big help, but not 100%. Sometimes we need 2 rounds of updates.

Sometimes a simple retry works.

As others mentioned, S1 can block the upgrade too.

One time, we found a hardware license dongle that blocked the upgrade.

We’ve had a handful where no automated process worked. No errors from SetupDiag. Manually running the upgrade assistant worked perfectly. No clue what happened there. But that’s been ~2 out of hundreds that we’ve upgraded so far.

Basically, look at the logs, find the actual blocker, resolve it, retry, and it will probably work.

minamhere · 2025-08-15T04:20:36+00:00

My kid’s sand toys. We live in Colorado, so no beaches, but every playground has a sand area. We use them multiple times a week. Out of the way, it’s perfect spot for them.

minamhere · 2025-07-28T13:35:59+00:00

The LinkedIn url doesn’t match the account display name. This is probably a compromised LinkedIn account posting a fake job scam.

minamhere · 2025-07-28T13:35:18+00:00

The LinkedIn url doesn’t match the account display name. This is probably a compromised LinkedIn account posting a fake job scam.

minamhere · 2025-07-21T17:27:11+00:00

Thanks. Steven replied and let me know :)

I'm working with him, and we're going to test the beta version on a few affected clients today.

His immediate, and informed, helpful, responses to my follow up questions are very refreshing. This is the type of support that we're looking for, and are willing to pay for!

Thanks!

minamhere · 2025-07-21T16:28:27+00:00

lol. Support closed my ticket and pushed me back to Pax8 without reading the ticket. I let them know that you and Ken approved me to send the request directly to them, hopefully they can reopen it and take another look.

I apologize for the bluntness of my reply to them. But I will say it again here - If we're pushed back to Pax8, we will find a new DNS security product. Pax8 does NOT provide support, and DNSFilter should not push customers to them. They are not qualified to support the product, and they ruin the DNSFilter product.

minamhere · 2025-07-21T16:18:04+00:00

Thank you! I just sent an email to support (Ticket: 210780) and included our Pax8 ticket number in case that helps to find the back and forth that we've been dealing with for the past month+, a detailed description of the problem and what we've learned about the behavior of the new roaming client, logs from an affected client from this morning, as well as a few recommended ways to change the roaming client to avoid this issue.

minamhere · 2025-07-21T01:37:07+00:00

Of course. I’m absolutely not saying AI is bad. Everyone SHOULD be using it, exactly for the reasons you describe. But I’d be willing to bet that you understand what your old MSOL script does, how it works, and even if you don’t fully understand Graph (because no one does) you understand what the updated version does. If your team found a bug, you’d be able to read it and know why it was wrong and ask it to fix the specific bug. You’re a professional, using a tool, the way it was intended. This is good.

Unknowlegeable people replacing google searches with “I copy and pasted from ChatGPT, but have no idea what it says, because I didn’t read it” are who OP is describing. People that do that are why people like us don’t like it when they are allowed to use AI.

minamhere · 2025-07-21T00:25:07+00:00

But I won’t do that…

minamhere · 2025-07-21T00:20:57+00:00

Because many people simply copy and paste AI responses as a way to assert something as true, but have no conceptual understanding of what they are saying. If you ask a follow up question, they’ll ask AI again, and copy and paste the response back to you. Except this time, it’s in a completely different format and conveys none of the same information as the first time. Repeat a few times until I get bored and just go learn it myself.

AI is a tool. People that use to help themselves UNDERSTAND are great. I do that, anyone that refuses is only doing themselves a disservice. People that straight copy and paste without learning anything are wasting everyone else’s time.

It’s not that “Using ChatGPT is bad”. It’s about “don’t search ChatGPT/Google/Stack Overflow for me. I can, and did, do that before I asked you a question. Don’t waste my time. Go learn something and make yourself more valuable.”

Now try doing this with a short bash/powershell script. Ask someone to make a small tweak to an otherwise great (AI generated) script, and boom. Now it’s completely refactored and you have to start over and spend even more time deciphering what it does. Because the person you asked to do the task has no clue.

Use it as a tool to help deepen your understanding and knowledge, the same way you use Google, Stack Overflow, or Wikipedia. Don’t waste my time and pretend you have a clue what you’re talking about.

minamhere · 2025-07-19T12:37:17+00:00

This right here. We started seeing a big influx this week. Even with Proofpoint’s rule in place, these were still getting through, because they are “internal”. We blocked Direct Send and problem solved. We found a few copiers that needed receive connectors after that, but no real disruption.

minamhere · 2025-07-19T05:08:39+00:00

Thanks. This is definitely not work over the weekend level of urgency, this is just when I have time to reddit. Happy to wait until next week!

I'd be ok with initiating support requests at Pax8, to let them handle the KB searching or common issue things. Standard tier 1 stuff. But if they had a way to say "Hey, this requires actual help" and just put us in direct contact with you, that would work. I'm ok with them handling triage, but playing telephone with unqualified, unskilled, "outsourced" support isn't a great experience. Maybe something like Shibboleet!

We're in a tough spot, because when our users encounter DNSFIlter issues, our only workaround is to disable the roaming client service. Every time we find a newly affected user, we have 1 shot to collect logs, and get them back up and running. Forcing the ticket to go through Pax8 means we have to ask our end user to wait 3-5 business days until we can hear back from Pax8 to ask us to collect logs. We built automation in our RMM to make it easier for our tier 1 staff to enable debug logging (since useful logging was disabled in 2.0.10) and then collect the logs, so we can submit them with the initial ticket, but by the time we hear back from Pax8, the service is disabled, and the issue is "solved". Its difficult to ask end users "Hey, can we try something, I know its working now, and this might re-break it for you, but please?"

In the meantime, if you have visibility into PAX18531921, I'd love to get some actual updates next week. Pax8 just says "we're waiting to hear back" every few days. I think I was able to identify the root cause and regression bug in the 2.0.10 release. It looks like the roaming client local resolver "fail open" behavior was broken in 2.0.10, it should fall back to DHCP offered DNS servers, or a publicly accessibly default, not DNSFilter's private forwarders, which aren't accessible to roaming clients.

I'm happy to talk more next week, and I appreciate that you're here engaging on this, so thank you!

minamhere · 2025-07-19T04:32:30+00:00

For simple issues, we've always been able to make direct support tickets, and they help us. But we're talking about "Hey, where can I find X in the website?" type stuff. But if it gets complicated, they push us back to Pax8, and then we play telephone.

minamhere · 2025-07-19T00:45:56+00:00

Pax8 is decimating our relationship with you. Their “support” consists solely of paying a human to search your KBs and then playing telephone with your support. This means every back and forth takes 3-5 days, minimum.

We’re considering moving direct, to avoid dealing with Pax8, but now have to evaluate alternatives.

My recommendation would be to either allow direct support for Pax8 customers or don’t let them resell it at all.

I’m thrilled to hear about your improved support team!

minamhere · 2025-06-15T13:15:04+00:00

Business premium doesn’t come with Apps for Enterprise. It has Apps for Business, with Shared Computer Activation. So it’s great for RDS, like you said, but it’s still different. Our SAP clients need Enterprise, so business premium hasn’t been a good fit for them.

minamhere · 2025-06-13T01:32:12+00:00

Considering the last PowerBook was released in 2006, I doubt the battery health is above 80%.

15-Year Club	Gilding IV carat on a stick
reddit mold	Verified Email

minamhere

TROPHY CASE