Endpoint Detection & Response (EDR)

Endpoint Detection and Response (EDR) is a security solution that helps organizations detect and respond to threats on their endpoints

What Trellix EDR product is Berkeley using?

Trellix offers a suite of products in the endpoint security solutions space. UC Berkeley is only adopting Trellix HX.

The most commonly referenced products when searching for Trellix EDR are Trellix Endpoint Security (ENS) and Trellix Endpoint Security (HX). Both protect endpoints, but in different ways:

ENS is a complete platform with features like Endpoint Protection, Next-Generation Antivirus, and Endpoint Detection and Response.

HX focuses on Endpoint Detection...

Why is EDR Required?

Cyberattacks on higher education are increasing. EDR enhances security by detecting and responding to threats in real-time, helping protect university data and systems.

What is EDR and How Do I Get It?

EDR stands for Endpoint Detection and Response. It is a cybersecurity tool that monitors devices like laptops, desktops, and servers and helps our security team quickly find and fix any harmful activities. We offer standalone EDR installers for servers, and EDR is also part of our Berkeley Security...

How can I tell if EDR has been installed on my machine?

Berkeley IT uses Trellix for our Endpoint Detection and Response software. Trellix was formerly named FireEye, so you will see references to ‘FireEye’ on your computer after it’s installed.

To see if EDR has been installed on your university machine, follow these steps based on your operating system.

Operating system Easy way Technical way macOS (Apple)

Search for “FireEye Helper” in the Applications folder

...

Can I install EDR on my personally-owned computer?

Not at this time. We are only installing the EDR software on campus-owned machines and we strongly encourage staff to utilize university-owned and managed machines because IT staff will be better able to support those devices and configurations.

Note: Per UC-wide requirements, in future phases of the campus EDR project, personally-owned devices used to connect to University "trusted networks" and "enterprise systems" (to be defined by the campus) will also require EDR software.

What can I do to protect my privacy?

The use of EDR-collected information is limited to what is required for analysis and remediation of security incidents; you may feel that you do not want your personal online activity included in EDR data collection that security analysts could review. We recommend conducting such personal online activity on a device not owned or managed by the University.

Will I Be Notified of Security Alerts Found on My Computer?

Yes. If a security event occurs on your device, ISO will follow established procedures to notify you and provide guidance.

Can I request an exception from EDR?

Most campus users are required to use EDR. Before requesting an exception, please review the exception requirements and process

How Does EDR Impact My Computer Performance?

EDR runs in the background and has minimal impact on performance. It does not interfere with your work, software, or internet browsing.Trellix was formerly named FireEye, so you may see references to ‘FireEye’ on your computer after it’s installed.

Who Can Access EDR Data?

Only authorized Information Security Office (ISO) and EDR vendor analysts can review security alerts. Data access follows strict campus policies and privacy guidelines.