Endpoint Detection & Response (EDR)

Endpoint Detection and Response (EDR) is a security solution that helps organizations detect and respond to threats on their endpoints

How Does EDR Impact My Computer Performance?

EDR runs in the background and has minimal impact on performance. It does not interfere with your work, software, or internet browsing.Trellix was formerly named FireEye, so you may see references to ‘FireEye’ on your computer after it’s installed.

Who Can Access EDR Data?

Only authorized Information Security Office (ISO) and EDR vendor analysts can review security alerts. Data access follows strict campus policies and privacy guidelines.

What’s the simple version of how EDR Data Collection Works?

The software collects system activity data, primarily keeping it on your computer. Data is sent for analysis only if a security issue is detected and all handling follows strict privacy policies. Any security-related data is reported to Berkeley’s Privacy Office, and false alarms result in immediate data deletion.

Normal Process:

The software continuously documents recent system activity, like websites visited, names of files opened, and network connections. Data is stored on your computer for about 10 minutes, constantly updating as new activity replaces old...

How does EDR work?

EDR runs seamlessly in the background while you do your regular work. It uses real-time information and machine learning to detect, contain, and respond to threats quickly to stop further damage.

Who do I contact for help with Endpoint Detection & Response (EDR)?

For questions or issues with this installation, email endpoint-security@security.berkeley.edu