Endpoint Detection & Response (EDR)

Endpoint Detection and Response (EDR) is a security solution that helps organizations detect and respond to threats on their endpoints

What Data Does EDR Collect?

EDR monitors system activity, such as running processes, network connections, and security alerts. It does not track personal browsing habits, private files, or non-work-related activity. When a security alert is triggered, EDR captures info on metadata (such as hashes or ‘fingerprints’ of files) related to the security event, not entire files. Full file collection is rare, reviewed by at least two Information Security analysts, and occurs only when flagged by known signatures associated with malicious activity. See our...

EDR Exception Request

Endpoint Detection and Response software is required on all university-owned computers and servers (referred to as endpoints) per the UC President’s Information Security Investment Plan. If you have a business need that prevents you from installing EDR on your endpoint, you may request a one-year exception from this requirement....

What Trellix EDR product is Berkeley using?

Trellix offers a suite of products in the endpoint security solutions space. UC Berkeley is only adopting Trellix HX.

The most commonly referenced products when searching for Trellix EDR are Trellix Endpoint Security (ENS) and Trellix Endpoint Security (HX). Both protect endpoints, but in different ways:

ENS is a complete platform with features like Endpoint Protection, Next-Generation Antivirus, and Endpoint Detection and Response.

HX focuses on Endpoint Detection...

Why is EDR Required?

Cyberattacks on higher education are increasing. EDR enhances security by detecting and responding to threats in real-time, helping protect university data and systems.

What is EDR and How Do I Get It?

EDR stands for Endpoint Detection and Response. It is a cybersecurity tool that monitors devices like laptops, desktops, and servers and helps our security team quickly find and fix any harmful activities. We offer standalone EDR installers for servers, and EDR is also part of our Berkeley Security...

How can I tell if EDR has been installed on my machine?

Berkeley IT uses Trellix for our Endpoint Detection and Response software. Trellix was formerly named FireEye, so you will see references to ‘FireEye’ on your computer after it’s installed.

To see if EDR has been installed on your university machine, follow these steps based on your operating system.

Operating system Easy way Technical way macOS (Apple)

Search for “FireEye Helper” in the Applications folder

...

Can I install EDR on my personally-owned computer?

Not at this time. We are only installing the EDR software on campus-owned machines and we strongly encourage staff to utilize university-owned and managed machines because IT staff will be better able to support those devices and configurations.

Note: Per UC-wide requirements, in future phases of the campus EDR project, personally-owned devices used to connect to University "trusted networks" and "enterprise systems" (to be defined by the campus) will also require EDR software.

What can I do to protect my privacy?

The use of EDR-collected information is limited to what is required for analysis and remediation of security incidents; you may feel that you do not want your personal online activity included in EDR data collection that security analysts could review. We recommend conducting such personal online activity on a device not owned or managed by the University.

Will I Be Notified of Security Alerts Found on My Computer?

Yes. If a security event occurs on your device, ISO will follow established procedures to notify you and provide guidance.

Can I request an exception from EDR?

Most campus users are required to use EDR. Before requesting an exception, please review the exception requirements and process