Endpoint Detection & Response (EDR)

Endpoint Detection and Response (EDR) is a security solution that helps organizations detect and respond to threats on their endpoints

Why is EDR Required?

Cyberattacks on higher education are increasing. EDR enhances security by detecting and responding to threats in real-time, helping protect university data and systems.

What is EDR and How Do I Get It?

EDR stands for Endpoint Detection and Response. It is a cybersecurity tool that monitors devices like laptops, desktops, and servers and helps our security team quickly find and fix any harmful activities. We offer standalone EDR installers for servers, and EDR is also part of our Berkeley Security...

How can I tell if EDR has been installed on my machine?

Berkeley IT uses Trellix for our Endpoint Detection and Response software. Trellix was formerly named FireEye, so you will see references to ‘FireEye’ on your computer after it’s installed.

To see if EDR has been installed on your university machine, follow these steps based on your operating system.

Operating system Easy way Technical way macOS (Apple)

Search for “FireEye Helper” in the Applications folder

...

Can I install EDR on my personally-owned computer?

Not at this time. We are only installing the EDR software on campus-owned machines and we strongly encourage staff to utilize university-owned and managed machines because IT staff will be better able to support those devices and configurations.

Note: Per UC-wide requirements, in future phases of the campus EDR project, personally-owned devices used to connect to University "trusted networks" and "enterprise systems" (to be defined by the campus) will also require EDR software.

What can I do to protect my privacy?

The use of EDR-collected information is limited to what is required for analysis and remediation of security incidents; you may feel that you do not want your personal online activity included in EDR data collection that security analysts could review. We recommend conducting such personal online activity on a device not owned or managed by the University.

Will I Be Notified of Security Alerts Found on My Computer?

Yes. If a security event occurs on your device, ISO will follow established procedures to notify you and provide guidance.

Can I request an exception from EDR?

Most campus users are required to use EDR. Before requesting an exception, please review the exception requirements and process

How Does EDR Impact My Computer Performance?

EDR runs in the background and has minimal impact on performance. It does not interfere with your work, software, or internet browsing.Trellix was formerly named FireEye, so you may see references to ‘FireEye’ on your computer after it’s installed.

Who Can Access EDR Data?

Only authorized Information Security Office (ISO) and EDR vendor analysts can review security alerts. Data access follows strict campus policies and privacy guidelines.

What’s the simple version of how EDR Data Collection Works?

The software collects system activity data, primarily keeping it on your computer. Data is sent for analysis only if a security issue is detected and all handling follows strict privacy policies. Any security-related data is reported to Berkeley’s Privacy Office, and false alarms result in immediate data deletion.

Normal Process:

The software continuously documents recent system activity, like websites visited, names of files opened, and network connections. Data is stored on your computer for about 10 minutes, constantly updating as new activity replaces old...