# Endpoint Security / Antivirus

## Current State (In Transition)
- Current Product: Datto EDR (part of Datto RMM suite)
- Status: **Migrating away** — Datto RMM being replaced by SyncroRMM
- Datto EDR will need to be replaced when migration completes
- **HIPAA:** §164.308(a)(5) requires security awareness and §164.312(a) requires access control. EDR/AV is a critical control for protecting PHI on staff workstations that access ALIS and file shares.

## Available Options Through Syncro
- Bitdefender GravityZone — available, Howard does NOT prefer this
- Emsisoft — available through Syncro

## Recommended: Huntress + SentinelOne (via Syncro)
See notes section for full recommendation.

## Deployment Status (audit 2026-03-20)
- Total Endpoints: 19 (1 server + 18 workstations)
- **Datto AV:** 17 machines (enabled and up to date on most)
- **Bitdefender + Datto AV (conflict):** RECEPTIONIST-PC — dual AV running
- **COMODO AV (disabled):** MDIRECTOR-PC — Windows Defender active instead
- **McAfee LiveSafe (bloatware):** LAPTOP-E0STJJE8 — conflicts with Datto
- **Malwarebytes (alongside Datto):** CRYSTAL-PC, MAINTENANCE-PC
- **Windows Defender active:** MDIRECTOR-PC (only machine using Defender as primary)

### Issues
| Machine | Issue |
|---------|-------|
| RECEPTIONIST-PC | Bitdefender + Datto AV both running — pick one |
| LAPTOP-E0STJJE8 | McAfee LiveSafe + WebAdvisor installed — remove |
| MDIRECTOR-PC | COMODO AV disabled, stale — remove |
| LAPTOP-DRQ5L558 | Multiple Datto AV instances, mixed enabled/disabled |
| LAPTOP-E0STJJE8 | Multiple Datto AV instances, mixed enabled/disabled |

### Previous MSP Software (on ALL machines — remove)
- Splashtop Streamer — on every machine
- Datto RMM agent — on CS-SERVER (at minimum)
- N-able Take Control — on some machines (stopped/stuck services)

## Notes
### Antivirus Recommendation for Syncro Integration

**Best option: Huntress + SentinelOne**

**SentinelOne (Singularity)**
- Native Syncro integration (built-in, deploy from Syncro)
- Full autonomous EDR — detects AND responds without human intervention
- Rollback capability (ransomware recovery)
- Consistently top-rated in independent AV tests
- Per-agent MSP pricing available
- Much stronger detection engine than Bitdefender GZ or Emsisoft

**Huntress (Managed Threat Detection)**
- Native Syncro integration
- Managed by Huntress SOC team — they investigate alerts FOR you
- Catches what traditional AV misses (persistent footholds, LOLbins, lateral movement)
- Lightweight agent runs alongside any AV
- Built specifically for MSPs
- 24/7 human threat hunters review detections before alerting you

**Why both?**
- SentinelOne = prevention + automated response (replaces Datto EDR)
- Huntress = detection + managed investigation (adds a layer Datto EDR never had)
- Together they cover the full kill chain with minimal MSP effort
- Both have one-click deploy through Syncro

**If only one:** SentinelOne alone is a strong standalone choice and integrates directly with Syncro's policy management. It's a significant upgrade over Datto EDR, Bitdefender GZ, and Emsisoft in both detection quality and automation.