Endpoint Detection and Response (EDR)

A service overview and catalog of Endpoint Detection and Response (EDR) provided by the UC Berkeley IT Service Hub.

Description

Endpoint Detection and Response (EDR) software is provided for computers and servers owned by the university. This software finds and identifies threats, helping to protect against complex and ongoing attacks.

EDR is a component of the Berkeley Security Software, which includes BigFix to identify assets and manage vulnerabilities alongside Trellix EDR.

Privacy Statement
Berkeley prioritizes privacy and data protection for individuals with EDR software installed on university-owned computers and servers. Campus EDR is not intended for installation on personally owned devices. See our detailed EDR Privacy and Process Documentation (requires CalNet login).

Benefits & Features

Available for University endpoint devices, including servers, workstations, and laptops.
Supported on Windows, MacOS, and Linux devices.
Compliance with regulations such as PCI-DSS and HIPAA.
Enables departments to comply with the UC Information Security Investment Program.

Getting Started

Workstations (university-owned computers, laptops)

If you have a campus-managed computer (aka Berkeley Desktop):

You do not need to take action.

If you do not have the Berkeley Desktop:

Install the Berkeley Security Software on your university-owned system(s)

Instructions for Windows Operating Systems
Instructions for Mac Operating Systems
For Linux machines, see instructions listed below under for Servers.

Servers (university-owned, including grant-funded and virtual machines)

If you don’t see your operating system listed below, email endpoint-security@security.berkeley.edu.

For Windows servers the latest version is 36.30.17:
HX_AGENT_WIN_DOCS_36.30.17.zip
https://drive.google.com/file/d/1kmHZdYwDCoRUdUPiWZiaC7ksoyCAkJf4/view?usp=drive_link
MD5 Hash Checksum of that installer: ea2b1185ae8d9b335d125bd67e762423
SHA-1 Hash Checksum of that installer:
93f29e6d09aecc41772f000c839d132d2e5f5d53

For Mac servers the latest version is 36.30.17:
HX_AGENT_OSX_DOCS_36.30.17.zip
https://drive.google.com/file/d/118-g61NA1gGcdYH4dMGDoN10PNPeif9O/view?usp=drive_link
MD5 Hash Checksum of that installer: a0dd06153186fee4622ede074c4d455b
SHA-1 Hash Checksum of that installer:
f3756827d52e66dbaa43368dc4f527febe5cf71f

For Linux servers the latest version is 36.30.17:
HX_AGENT_LINUX_DOCS_36.30.17.zip
https://drive.google.com/file/d/1RZbOC7ZF6aNCjgiAmuqSGkHOvcuKHrOB/view?usp=drive_link
MD5 Hash Checksum of that installer: d5fca9763f3c3a66820f187cd36a36d2
SHA-1 Hash Checksum of that installer:
8eb25ceb3eb290fec7b83710bcdf9ceeca28a27d
Hash validation can be done on Linux using the md5sum and sha1sum commands.

Inside each compressed file is the agent installation software, an agent configuration file, and a PDF document with installation instructions. If you receive a message that the file is too large to be virus scanned, that is a limitation of Google Drive. If you would like to check that the installer is legitimate, please use the checksums in this message to validate the download.

Service Details

Eligibility	This service is available to Faculty, Staff, Students, Researchers, and Affiliates who are using University-owned endpoint devices, including servers, workstations, and laptops.
Contact	Technical Support: For troubleshooting or reporting a service interruption, please submit a support ticket online, or email itcshelp@berkeley.edu, or contact the Service Desk at 510-664-9000.
Availability	Available 24/7. Support is provided Monday–Friday, 8:00 AM – 5:00 PM PT, excluding University holidays and curtailment periods.
Cost	There are no direct costs associated with this service.
Data Classification	This service is rated for P4, A3, and R3 data. Compliance: Users are responsible for ensuring data handled within this service complies with the Data and IT Resource Classification Standards.