| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| zotdefend_v2 [2025/06/05 19:17] – [What are the software components being installed?] jnilsson | zotdefend_v2 [2025/06/05 21:09] (current) – [Method Two: Install the ZotDefend components on your own] jnilsson |
|---|
| ====== ZotDefend security package information ====== | ====== ZotDefend security package information ====== |
| |
| {{::zotdefend_newsannouncement_securitypackage.jpg?600|}} | [[https://www.oit.uci.edu/2025/03/26/secure-your-devices-with-new-zotdefend-security-package/|{{::zotdefend_newsannouncement_securitypackage.jpg?600|}}]] |
| |
| ===== What is ZotDefend? ===== | ===== What is ZotDefend? ===== |
| {{:proptag.png?200|}} | {{:proptag.png?200|}} |
| |
| The appointment should take 30 minutes, during which we will install an application called BigFix. This will add the computer to our inventory and we can use that to install the other remaining required applications in the background while you can continue using the computer normally. | The appointment should take q5-30 minutes, during which we will install an application called BigFix. This will add the computer to our inventory and we can use that to install the other remaining required applications in the background while you can continue using the computer normally. |
| |
| We will use an application called BigFix to install the following packages: | We will use an application called BigFix to install the following packages: |
| |
| === Instructions for Windows computers === | === Instructions for Windows computers === |
| If you use a Windows computer and would prefer to do this on your own, you can download the installer for BigFix for your computer on your own: | If you use a Windows computer and would prefer to do this on your own, you can download the installer for BigFix here: |
| |
| * For Windows: [[https://sites.socsci.uci.edu/~cndavis/share/BigFix-SocSci-Win.zip|BigFix-SocSci-Win.zip]] | * For Windows: [[https://sites.socsci.uci.edu/~cndavis/share/BigFix-SocSci-Win.zip|BigFix-SocSci-Win.zip]] |
| === Instructions for Mac computers === | === Instructions for Mac computers === |
| |
| If you use a Mac computer, then we recommend scheduling an appointment with us by contacting us via email ([[sscs@uci.edu]]). When you reach out to us, please provide the property tag for your computer. See the example image above for what a [[ #property_tag|property tag]] looks like. | If you use a Mac computer, then we recommend scheduling an appointment with us by contacting us via email ([[sscs@uci.edu]]). You can install BigFix, but we have observed that BigFix will usually not install Trellix HX correctly. If the installation ends in a broken state, then we must manually uninstall and reinstall it. |
| |
| You can install BigFix, but we have found that Trellix HX does not usually install correctly. It requests specific system permissions, and if you miss the security pop-up, click the wrong button, or do not give it the requested permission, then the installation ends in a broken state and we must manually uninstall and reinstall it. | If you want to install BigFix on your own, you can use this link: |
| |
| * For Mac: [[https://sites.socsci.uci.edu/~cndavis/share/BigFix-SocSci-Mac.zip|BigFix-SocSci-Mac.zip]] | * For Mac: [[https://sites.socsci.uci.edu/~cndavis/share/BigFix-SocSci-Mac.zip|BigFix-SocSci-Mac.zip]] |
| | |
| | The BigFix installer is **password protected**. We will provide the password to open the .zip after you have sent us the property tag for your computer. See the example image above for what a [[ #property_tag|property tag]] looks like. |
| |
| === Instructions for Linux computers === | === Instructions for Linux computers === |
| * [[https://activate.uci.edu/sso-zotdefend-exemption]] | * [[https://activate.uci.edu/sso-zotdefend-exemption]] |
| |
| | You may do this on personal devices and as often as needed. |
| ==== What are the software components being installed? ==== | ==== What are the software components being installed? ==== |
| |
| These four components are being installed on Windows and Mac computers: | * BigFix is a software management tool that OIT has selected for the IT groups across campus to use to remotely install software. This is only for Windows and Mac computers, not Linux. |
| * BigFix is a software management tool that OIT has selected for the IT groups across campus to use to remotely install software. | |
| * [[https://www.oit.uci.edu/services/security/edr/|Trellix HX]] is the software that OIT selected to meet the EDR (endpoint detection and response) requirement of the mandate. | * [[https://www.oit.uci.edu/services/security/edr/|Trellix HX]] is the software that OIT selected to meet the EDR (endpoint detection and response) requirement of the mandate. |
| * [[https://www.security.uci.edu/services/vmp/#endpoint|Tenable Nessus]] is the software that OIT selected to meet the vulnerability management requirement of the mandate | * [[https://www.security.uci.edu/services/vmp/#endpoint|Tenable Nessus]] is the software that OIT selected to meet the vulnerability management requirement of the mandate |
| * [[https://duo.com/docs/duo-desktop-faq#install,-upgrade,-and-uninstall|Duo Desktop]] is installed when needed to access websites that OIT has determined require enforcement of a more strict security policy | * [[https://duo.com/docs/duo-desktop-faq#install,-upgrade,-and-uninstall|Duo Desktop]] is installed when needed to access websites and services that OIT has determined require enforcement of a more strict security policy. See the next FAQ for details. |
| |
| Linux computers only need the Trellix HX and Tenable Nessus components. If you use a Linux desktop to access KFS or any of the sites/services that OIT has listed [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013436|here]], then you will need to install Duo Desktop as well. | |
| ==== Which websites require Duo Desktop, in addition to Trellix HX and Tenable Nessus? ==== | ==== Which websites require Duo Desktop, in addition to Trellix HX and Tenable Nessus? ==== |
| |
| * [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013436|additional sites and services listed here]] | * [[https://uci.service-now.com/sp?id=kb_article_view&sysparm_article=KB0013436|additional sites and services listed here]] |
| |
| Please be aware that OIT might change the security requirements in the future as well. We will update this page as more information becomes available. | Please be aware that OIT might change the security requirements and/or the list of sites and services that require enforcement. We will update this page as more information becomes available. |
| |
| ==== What is the UC Cybersecurity Mandate? ==== | ==== What is the UC Cybersecurity Mandate? ==== |
| ==== What do I do if I installed ZotDefend following OIT's self-enrollment instructions? ==== | ==== What do I do if I installed ZotDefend following OIT's self-enrollment instructions? ==== |
| |
| Please reach out to us ([[sscs@uci.edu]]) and let us know the [[ #property_tag|property tag]] of your computer. OIT's version of BigFix is different than what we use, so we may need to help you uninstall BigFix and any other extra components that OIT's self-enrollment instructions caused to be installed (e.g. MS Defender). Once that is sorted out, then we can help you re-install just the required packages. | Please reach out to us ([[sscs@uci.edu]]) and let us know the [[ #property_tag|property tag]] of your computer. If you are unable to access KFS, DocuSign, or other services that require ZotDefend, then we need to schedule an appointment with you to help sort things out. Even if ZotDefend is working for you, please still send us the property tag of any computer that you self-enrolled since this helps us accurately track and report our inventory. |
| |
| ==== What is UCOP's response to my concerns about Trellix? ==== | ==== What is UCOP's response to my concerns about Trellix? ==== |
| |
| UCOP has released the following FAQ regarding concerns about the EDR software, Trellix HX: | UCOP has released the following statement regarding concerns about the EDR software, Trellix HX: |
| |
| * [[https://security.ucop.edu/services/threat-detection-and-identification/edr-overview.html]] | * [[https://security.ucop.edu/services/threat-detection-and-identification/edr-overview.html]] |
| | |
| | There is also an FAQ which covers questions about compatible devices, privacy/security, and concerns about teaching/research: |
| | |
| | * [[https://security.ucop.edu/services/threat-detection-and-identification/edr-faqs.html]] |
| |
| [[https://socsci.uci.edu/zdinstallers|{{::uci18_simpleseal_blue_nofill_90.png?25|}}]] | [[https://socsci.uci.edu/zdinstallers|{{::uci18_simpleseal_blue_nofill_90.png?25|}}]] |
