ZotDefend is OIT's branding for the programs and policies that are being enforced in response to the letter that was sent out by the UCOP president in May of 2024 that set specific requirements.

More information about ZotDefend, including what needs to be installed, can be found in the FAQs below.

If you need to quickly access a site that has been blocked, you can request a temporary exemption at the link below:

• https://activate.uci.edu/sso-zotdefend-exemption

You may do this on personal devices and as often as needed.

Send us an email (sscs@uci.edu) to make an appointment to set up the ZotDefend requirements on your computer. This is only required on university-owned computers, not on tablets, phones, or personal devices. Please provide your computer's property tag, which is on a barcode sticker on your computer and looks like this:

The appointment should take 30 minutes, during which we will install an application called BigFix. This will add the computer to our inventory and we can use that to install the other remaining required applications in the background while you can continue using the computer normally.

We will use an application called BigFix to install the following packages:

• Trellix HX
• Tenable Nessus
• Duo Desktop

If you use a Windows computer and would prefer to do this on your own, you can download the installer for BigFix for your computer on your own:

• For Windows: BigFix-SocSci-Win.zip

The BigFix installer is password protected. We will provide the password to open the .zip after you have sent us the property tag for your computer. See the example image above for what a property tag looks like.

After BigFix is installed, we can use that to automate the installation of Duo Desktop, Trellix HX, and Tenable Nessus.

If you use a Mac computer, then we recommend scheduling an appointment with us by contacting us via email (sscs@uci.edu). When you reach out to us, please provide the property tag for your computer. See the example image above for what a property tag looks like.

You can install BigFix, but we have found that Trellix HX does not usually install correctly. It requests specific system permissions, and if you miss the security pop-up, click the wrong button, or do not give it the requested permission, then the installation ends in a broken state and we must manually uninstall and reinstall it.

• For Mac: BigFix-SocSci-Mac.zip

Please reach out to us via email (sscs@uci.edu) to let us know which computer(s) you are setting this up on and we can send you an installation script. When you reach out to us, please provide the property tag for your computer. See the example image above for what a property tag looks like.

If you need to log in to a site that is blocked because you do not yet have the ZotDefend security packages installed, you can use the link below to request a 24-hour exemption:

• https://activate.uci.edu/sso-zotdefend-exemption

These four components are being installed on Windows and Mac computers:

• BigFix is a software management tool that OIT has selected for the IT groups across campus to use to remotely install software.
• Trellix HX is the software that OIT selected to meet the EDR (endpoint detection and response) requirement of the mandate.
• Tenable Nessus is the software that OIT selected to meet the vulnerability management requirement of the mandate
• Duo Desktop is installed when needed to access websites that OIT has determined require enforcement of a more strict security policy

Linux computers only need the Trellix HX and Tenable Nessus components, but they can have DuoDesktop installed as well.

Duo Desktop is required in order to verify your device's status when accessing the following websites and services:

• KFS
• Docusign
• Atlassian
• OneTrust
• additional sites and services listed here

Please be aware that OIT might change the security requirements in the future as well. We will update this page as more information becomes available.

OIT has a detailed overview page at the following link that reviews each component of the mandate:

• https://www.security.uci.edu/projects/uc-mandate-2025/

Essentially, UC President Michael Drake issued a letter to the chancellors of the UC campuses that requires compliance with a new policy by May 28, 2025. “ZotDefend” is the branding used for OIT's plan to comply with this letter.

The components of the policy that affect our community in Social Sciences are:

1. 100% compliance with cybersecurity awareness training
   • this is done through our annual UCLC trainings
2. identification, tracking and vulnerability management of all computing devices
   • this is a shared responsibility between OIT, SSCS (Social Sciences Computing Services), and you (staff and faculty in our school)
   • SSCS tracks our inventory of computing devices in an internal database
   • OIT runs a vulnerability management program and SSCS works with them to remediate devices identified as having vulnerabilities.
   • the Tenable Nessus agent that is installed as part of the ZotDefend security package complements the capability of the network scanners that OIT operates
   • all users of university-owned computers must keep their devices up to date by applying the latest updates when they become available
3. deploy and manage UC-approved Endpoint Detection and Recovery (EDR) software
   • this is accomplished by the installation of Trellix HX as part of the ZotDefend security package
4. deploy, enable, and configure multi-factor authentication (MFA) on email systems
   • this is done by requiring DUO when logging in to gmail and outlook email systems

No. It is not recommended to install Trellix HX or Tenable Nessus on personal computers (personally owned by you). All official university business should be done on university-owned computers.

If you do not have a university-owned computer (purchased either with school funds or grant funding), reach out to us at sscs@uci.edu and we can help you determine what to do.

Here are the OIT published pages about the ZotDefend project:

• ZotDefend announcement
• ZotDefend Project Overview
• KB article - List of sites where enforcement of ZotDefend requirements can occur
• KB article - ZotDefend FAQ

UCOP has released the following FAQ regarding concerns about the EDR software, Trellix HX:

• https://security.ucop.edu/services/threat-detection-and-identification/edr-overview.html