Enhanced Endpoint Protection for U-M Computers

Use endpoint protection software on your personally owned computer as well as your UM-owned computer. See Endpoint Protection (Antivirus, Anti-Malware) for Personal Computers.

U-M provides enhanced endpoint protection—including antivirus and anti-malware—for workstations (laptops and desktops) and servers owned by the university using the Crowdstrike Falcon tool.

This tool already protects MiWorkspace machines and MiServer Managed OS servers. Rollout to U-M units for other university-managed computers is on track to be completed early in 2021, with Falcon replacing the previous antivirus/anti-malware software provided for university-owned machines: Microsoft Defender for Windows and Sophos for Mac. Falcon should also be installed on university Linux machines, although ClamAV for Linux may still be of use.

See CrowdStrike Falcon Implementation for more information on the project to deploy Falcon at U-M. If you have questions, contact ITS Information Assurance through the ITS Service Center.

Michigan Medicine uses Sentinel One for endpoint protection.

Protecting You and the U

Endpoint protection tools identify suspicious files and behaviors and alert IT security staff when analysis and/or action are needed. Endpoint protection software on your computer or server:

  • Continuously watches for suspicious system events—processes, events, and activities—that indicate possible compromise, infection, or attack.
  • Blocks known viruses and malware.
  • Detects and defends against ransomware activity.
  • Identifies and prevents other cyber threats.
  • Sends detection and incident data, in encrypted form, to a cloud-based account for U-M.

U-M ITS Information Assurance staff members use the tool to:

  • Review detections and incidents that are flagged as malicious or as indicative of possible compromise, infection, or attack.
  • Work with unit IT staff to resolve incidents.
  • Customize endpoint protection to meet university needs.
  • Proactively address threats to IT at U-M.

Unit IT security staff can be given unit-level accounts to allow them to review detections and incidents and address threats within their unit.

Endpoint Protection and Privacy

Use of U-M's endpoint protection tool is governed primarily by Privacy and the Need to Monitor and Access Records (SPG 601.11), as well as Information Security (SPG 601.27). U-M IT staff members who administer the Falcon tool to mitigate and respond to potential and actual threats receive training in data protection and privacy. They are required to:

  • Use U-M resources only for their intended purposes.
  • Access only the data they need to do their jobs.
  • Share data only with those who are authorized to access it and who need it for their jobs.

CrowdStrike also limits its employee access to customer data to individuals with a business need and encrypts all data sent between the Falcon endpoint protection software on U-M machines and the U-M cloud-based account.

For more detail, see Endpoint Protection: Data Collection, Sensitive Data, and Privacy.

Get Help for Infected Computers

If you believe that your U-M computer has been infected or compromised by viruses or malware, please contact IT support:

  • For MiWorkspace Computers, Contact the ITS Service Center.
  • For Other University-Owned Computers, Contact your Unit IT department.

If you believe that your personally-owned computer has been infected or compromised by viruses or malware, the Virus Scanning & Removal service offered by ITS Tech Repair at the Tech Shop is available to assist you.