Endpoint Detection and Response (EDR)

A service overview and catalog of Endpoint Detection and Response (EDR) provided by the UC Berkeley IT Service Hub.

Overview
The Information Security Office (ISO) provides endpoint detection and response (EDR) for computers and servers owned by the university. This software uses advanced tools to find and identify threats, helping to protect against complex and ongoing attacks. It offers more features than standard malware protection, ensuring better safety for university devices. EDR is a component of the Berkeley Security Software, which includes BigFix to identify assets and manage vulnerabilities alongside Trellix EDR.

Privacy Statement
Berkeley prioritizes privacy and data protection for individuals with EDR software installed on university-owned computers and servers. Campus EDR is not intended for installation on personally owned devices.
The Campus Privacy Office and the Information Risk Governance Committee (IRGC) provide the campus framework for institutional governance of information risk under campus and systemwide privacy policies, including the Electronic Communications Policy.
See our detailed EDR Privacy and Process Documentation

Features of EDR
Available for University endpoint devices, including servers, workstations, and laptops.
Supported on Windows, MacOS, and Linux devices.
Compliance with regulations such as PCI-DSS and HIPAA.
Enables departments to comply with the UC Information Security Investment Program

How to Get Started:
Workstations (university-owned computers, laptops)

If you have a campus-managed computer (aka Berkeley Desktop):
You do not need to take action.

If you do not have the Berkeley Desktop:
Install the Berkeley Security Software on your university-owned system(s)
Instructions for Windows Operating Systems
Instructions for Mac Operating Systems
For Linux machines, see instructions listed below under for Servers.

Servers (university-owned, including grant-funded and virtual machines)
If you don’t see your operating system listed below, email endpoint-security@security.berkeley.edu.

For Windows servers the latest version is 36.30.17:
HX_AGENT_WIN_DOCS_36.30.17.zip
https://drive.google.com/file/d/1kmHZdYwDCoRUdUPiWZiaC7ksoyCAkJf4/view?usp=drive_link
MD5 Hash Checksum of that installer: ea2b1185ae8d9b335d125bd67e762423
SHA-1 Hash Checksum of that installer:
93f29e6d09aecc41772f000c839d132d2e5f5d53

For Mac servers the latest version is 36.30.17:
HX_AGENT_OSX_DOCS_36.30.17.zip
https://drive.google.com/file/d/118-g61NA1gGcdYH4dMGDoN10PNPeif9O/view?usp=drive_link
MD5 Hash Checksum of that installer: a0dd06153186fee4622ede074c4d455b
SHA-1 Hash Checksum of that installer:
f3756827d52e66dbaa43368dc4f527febe5cf71f

For Linux servers the latest version is 36.30.17:
HX_AGENT_LINUX_DOCS_36.30.17.zip
https://drive.google.com/file/d/1RZbOC7ZF6aNCjgiAmuqSGkHOvcuKHrOB/view?usp=drive_link
MD5 Hash Checksum of that installer: d5fca9763f3c3a66820f187cd36a36d2
SHA-1 Hash Checksum of that installer:
8eb25ceb3eb290fec7b83710bcdf9ceeca28a27d
Hash validation can be done on Linux using the md5sum and sha1sum commands.

Inside each compressed file is the agent installation software, an agent configuration file, and a PDF document with installation instructions. If you receive a message that the file is too large to be virus scanned, that is a limitation of Google Drive. If you would like to check that the installer is legitimate, please use the checksums in this message to validate the download.