Endpoint Detection & Response (EDR)

Endpoint Detection and Response (EDR) is a security solution that helps organizations detect and respond to threats on their endpoints

EDR Exception Request

Endpoint Detection and Response software is required on all university-owned computers and servers (referred to as endpoints) per the UC President’s Information Security Investment Plan. If you have a business need that prevents you from installing EDR on your endpoint, you may request a one-year exception from this requirement....

Who has been involved in approving EDR?

Berkeley prioritizes privacy and data protection for individuals with Endpoint Detection and Response (EDR) software installed on university-owned computers and servers. Campus EDR is not intended for installation on personally owned devices.

The Campus Privacy Office and the Information Risk Governance Committee (IRGC) are...

What data is analyzed by the EDR software?

EDR scans continuously and keeps a 10-minute record of your machine's activity, which is saved only if a security alert is triggered.

The regular scan includes:

Network activity, such as URL data and DNS lookups File activity, such as downloads Images loaded System processes and registry events (applications and tasks running on the device)

When a security alert is triggered, EDR takes a copy of a second 10-minute interval, including:

Applications running Web sites visited File activity, such as downloads Processes running on the machine

See our detailed...

What does EDR software do?

Once installed, the software runs seamlessly in the background while you do your regular work. It uses real-time information and machine learning to detect, contain, and respond to threats quickly to mitigate further damage.

Specifically, EDR uses several techniques, including:

Signature-based engine to find and block known malware (akin to traditional anti-virus and anti-malware software). MalwareGuard machine learning using seeded threat intelligence. Behavior-based analytics engine to stop advanced threats....

When will EDR be deployed to my computer?

If your desktop or laptop computer is centrally managed by campus, EDR will automatically be installed on your machine. Beginning in October 2024, ISO will be working to roll out installation across campus. If you wish to install EDR on your system before, please email us at endpoint-security@security.berkeley.edu

How can I tell if EDR has been installed on my machine?

Berkeley IT uses Trellix for our Endpoint Detection and Response software. To see if Trellix has been installed on your university machine, follow these steps based on your operating system.

Apple machines:

Search for a file called “FireEye Helper” in the applications folder

- or -

Open terminal and run:

ps aux | grep xagt...

What can I do to protect my privacy?

Although the UC Electronic Communications Policy allows for the incidental personal use of University electronic resources, and use of EDR-collected information is limited to what is required for analysis and remediation of security incidents, you may feel that you do not want your personal online activity included in EDR data collection that security analysts could review. We recommend conducting such personal online activity on a device not owned or managed by...

I am an employee performing work functions on my personal computer. Can I install EDR?

We are only installing the EDR software on campus-owned machines. Additionally, we strongly encourage staff to utilize Berkeley-owned and managed machines because IT staff will be better able to support those devices and configurations.

How do I know if my machine is managed?

In general, you can tell if your computer is centrally managed if you see the Self Service app on your Apple machine, or the BigFix Self Service app on your Windows machine.

What is the difference between Trellix and FireEye?

Trellix was formerly named FireEye. You may see references to FireEye on your computer after this product is installed on your machine. The screenshot below shows a popup message you may receive on your Apple machine after Trellix is installed via BigFix.