U-M provides enhanced endpoint protection—including antivirus and anti-malware—for workstations (laptops and desktops) and servers owned by the university using the Crowdstrike Falcon tool.
This tool already protects MiWorkspace machines and MiServer Managed OS servers. Rollout to U-M units for other university-managed computers is on track to be completed early in 2021, with Falcon replacing the previous antivirus/anti-malware software provided for university-owned machines: Microsoft Defender for Windows and Sophos for Mac. Falcon should also be installed on university Linux machines, although ClamAV for Linux may still be of use.
Michigan Medicine uses Sentinel One for endpoint protection.
Protecting You and the U
Endpoint protection tools identify suspicious files and behaviors and alert IT security staff when analysis and/or action are needed. Endpoint protection software on your computer or server:
- Continuously watches for suspicious system events—processes, events, and activities—that indicate possible compromise, infection, or attack.
- Blocks known viruses and malware.
- Detects and defends against ransomware activity.
- Identifies and prevents other cyber threats.
- Sends detection and incident data, in encrypted form, to a cloud-based account for U-M.
U-M ITS Information Assurance staff members use the tool to:
- Review detections and incidents that are flagged as malicious or as indicative of possible compromise, infection, or attack.
- Work with unit IT staff to resolve incidents.
- Customize endpoint protection to meet university needs.
- Proactively address threats to IT at U-M.
Unit IT security staff can be given unit-level accounts to allow them to review detections and incidents and address threats within their unit.
Endpoint Protection and Privacy
Use of U-M's endpoint protection tool is governed primarily by Privacy and the Need to Monitor and Access Records (SPG 601.11), as well as Information Security (SPG 601.27). U-M IT staff members who administer the Falcon tool to mitigate and respond to potential and actual threats receive training in data protection and privacy. They are required to:
- Use U-M resources only for their intended purposes.
- Access only the data they need to do their jobs.
- Share data only with those who are authorized to access it and who need it for their jobs.
CrowdStrike also limits its employee access to customer data to individuals with a business need and encrypts all data sent between the Falcon endpoint protection software on U-M machines and the U-M cloud-based account.
For more detail, see Endpoint Protection: Data Collection, Sensitive Data, and Privacy.
Get Help for Infected Computers
If you believe that your U-M computer has been infected or compromised by viruses or malware, please contact IT support:
- For MiWorkspace Computers, Contact the ITS Service Center.
- For Other University-Owned Computers, Contact your Unit IT department.
If you believe that your personally-owned computer has been infected or compromised by viruses or malware, the Virus Scanning & Removal service offered by ITS Tech Repair at the Tech Shop is available to assist you.