Enhanced Endpoint Protection for U-M Computers

Use an antivirus program on your personally owned computer as well as your UM-owned computer. See Antivirus for Personal Computers for recommendations from Information Assurance.

U-M provides enhanced endpoint protection—including antivirus and anti-malware software—for workstations (laptops and desktops) and servers owned by the university using the Crowdstrike Falcon tool.

This tool already protects MiWorkspace machines and MiServer Managed OS servers. It is being rolled out to U-M units for other university-managed computers during fall 2020 and will replace the previous antivirus/anti-malware software provided for university-owned machines: Microsoft Defender for Windows, Sophos for Mac, and ClamAV for Linux.

See CrowdStrike Falcon for more information on the project to deploy Falcon at U-M. 

Protecting You and the U

Endpoint protection tools identify suspicious files and behaviors and alert IT security staff when analysis and/or action are needed. Endpoint protection software on your computer or server:

  • Continuously watches for suspicious system events—processes, events, and activities—that indicate possible compromise, infection, or attack.
  • Blocks known viruses and malware.
  • Identifies and prevents other cyber threats.
  • Sends detection and incident data, in encrypted form, to a cloud-based account for U-M.

U-M ITS Information Assurance staff members use the tool to:

  • Review detections and incidents that are flagged as malicious or as indicative of possible compromise, infection, or attack.
  • Work with unit IT staff to resolve incidents.
  • Customize endpoint protection to meet university needs.
  • Proactively address threats to IT at U-M.

Unit IT security staff can be given unit-level accounts to allow them to review detections and incidents and address threats within their unit.

Endpoint Protection and Privacy

Use of U-M's endpoint protection tool is governed primarily by Privacy and the Need to Monitor and Access Records (SPG 601.11), as well as Information Security (SPG 601.27). U-M IT staff members who administer the Falcon tool to mitigate and respond to potential and actual threats receive training in data protection and privacy. They are required to:

  • Use U-M resources only for their intended purposes.
  • Access only the data they need to do their jobs.
  • Share data only with those who are authorized to access it and who need it for their jobs.

CrowdStrike also limits its employee access to customer data to individuals with a business need and encrypts all data sent between the Falcon endpoint protection software on U-M machines and the U-M cloud-based account.

Get Help for Infected Computers

If you believe that your U-M computer has been infected or compromised by viruses or malware, please contact IT support:

  • For MiWorkspace Computers, Contact the ITS Service Center.
  • For Other University-Owned Computers, Contact your Unit IT department.

If you believe that your personally-owned computer has been infected or compromised by viruses or malware, the Virus Scanning & Removal service offered by ITS Tech Repair at the Tech Shop is available to assist you.