Endpoint Detection and Response Trellix Agent Log and Data Collection on Mac Berkeley Desktop

Requirements

• Mac Berkeley Desktop with the Self Service Portal
• Connected to a UC Berkeley campus network, such as the Campus VPN, the eduroam wireless network, or a campus wired network
• Trellix Agent is installed (Endpoint Detection and Response)
• 15+ MB of free space on the system drive

Steps to use the Self Service Offer for Trellix Log and Data Collection

1. Please be connected to a UC Berkeley campus network, such as the Campus VPN, the eduroam wireless network, or a campus wired network.
   
   
2. Open the Self Service Portal (/Applications/Self Service.app), navigate to the "Support" category on the left side, and find the Self Service Offer "Trellix Log and Data Collection". Click the "Collect" button to accept the Offer and start the Trellix log and data collection.
   
                                          
   
   
3. A notification window will appear to let you know the Trellix log and data collection process will run for approximately 10 minutes. If you were doing something specific when the problem first occurred, such as using Zoom, then please perform that operation again to try to recreate the problem. Otherwise, you may use your computer as you normally would during this time.
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
4. You will see a first, new Terminal window open in the background. Then you will see a second Terminal window open in the background about 10 minutes later. These are both normal for the collection process.
   
   .  
   
   
5. After 10 minutes, the process will compress the collected Trellix logs and data into a Zip file. It will be placed on your Desktop and be named "logs-[COMPUTER NAME]-[DATE]-[TIME].zip". You may provide this Zip file to your support staff. 
   
   
   
   
6. The notification will exit to let you know the Trellix log and data collection process has completed. Please close the two open Terminal windows.