Cisco Secure Endpoint

Why do I have to install Cisco Secure Endpoint?

The University has the legislated and regulated responsibility to safeguard the personal privacy of its affiliates, and to protect its information, records, and IT assets. Regardless of whether University computing equipment is used, or other forms of computer ownership, if University records and information are involved then the computer must meet minimum acceptable security requirements. A key requirement is therefore the University of Alberta managed Cisco Secure Endpoint that protects and secures the computer from advanced malware and zero-day attacks.

I have already purchased antivirus software for my personal computer, do I still need to install Cisco Secure Endpoint?

Yes. We strongly recommend that you uninstall any third party antivirus software before installing Cisco Secure Endpoint. Windows Defender can be safely run along-side Cisco Secure Endpoint but running Cisco Secure Endpoint alongside other antivirus software will likely cause stability issues.

How does Cisco Secure Endpoint differ from traditional antivirus?

Traditional antivirus software uses signature based detection, which means it’s only looking for files already known to be malicious. Next-generation antivirus uses process behavioural detection and detects symptoms of malicious software to detect and block threats.

What are the privacy implications for an individual using Cisco Secure Endpoint on a personal device?

The Cisco Secure Endpoint will not monitor or eavesdrop on your computer or internet activities. There is also no ability to remotely control your computer through the Cisco Secure Endpoint.

What information does Cisco Secure Endpoint collect and where is it stored? Who can access it?

The Cisco Secure Endpoint processes collect and store system and network information for the University Cisco Secure Endpoint management system that is controlled and managed by the University. System and network information includes the unique computer identifier (known as the media access control address (MAC address)), and IP address associated with the computer. This information also feeds into the Cisco Secure Endpoint advanced malware analysis and management service. Similarly, operational data is collected, stored, and used by the University’s management system and Cisco’s malware analysis and management service. Examples of such operational data include: any data related to an admin username (device administrator account), endpoint username, all physical characteristics of the hardware on which the application is running, etc. There is information collected by Cisco about the University for organisational customer registration and domain identification purposes. Finally, there is limited personal data collected, stored, and used, such as username and device name. Below is the link to the Cisco Secure Endpoint privacy data sheet, including Cisco data center locations.

Cisco Secure Endpoint Privacy Data Sheet:

https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-amp-endpoints-privacy-data-sheet.pdf

Will Cisco Secure Endpoint slow down my computer?

When Cisco Secure Endpoint is first installed, it will do an initial scan of common areas that malware may reside on your computer. This scan should take no more than 5 minutes but may temporarily degrade performance. After the scan is complete, there are no performance impacts to your system.

Where can I go to install Cisco Secure Endpoint on my computer?

If you are asked to self install, please contact the Staff Service Centre . A CCID is required to download the installation files.

Can I install Cisco Secure Endpoint myself?

If your computer is university owned and managed by IST, we will be able to install it remotely in most cases. In some cases, however, we may ask you to install this software yourself. The Staff Service Centre is available for support should you experience any problems during the installation.

How often does Cisco Secure Endpoint run scans on my computer?

Cisco Secure Endpoint only scans once upon installation. After that, it evaluates and detects threats in real time as files are downloaded, created, or modified. Scanning functionality is present and can be run manually but this is not required.

What should I do if Cisco Secure Endpoint detects something malicious?

Cisco Secure Endpoint is configured to be silent and will not alert you if it detects a threat. IST’s Security Operations team receives alerts and reviews each detection and will follow up if any action is required. Despite alerts being silenced, Cisco Secure Endpoint still records events locally which can be viewed by clicking the History button.

I am either remotely connecting to my work computer or using Terminal Server or Virtual Computer Services (VCS) to access my work related data, do I still need to install Cisco Secure Endpoint on my personal computer?

Yes, even if the amount of University records and information cached or stored on the local computer is minimised through secure remote access to a University network/computer, the connecting computer still poses risks to the University if it is compromised or taken over by attackers.

Do I need to install Cisco Secure Endpoint on my tablet as well?

Cisco Secure Endpoint should be installed on tablets such as Microsoft Surface that are running Windows 10 or later. iPads and tablets running Android are not currently in scope.

Will IST be able to see what websites I’m browsing?

No. The Cisco Secure Client is not able to record browsing history. However, if a compromised website attempts to deliver malware to your computer, IST Security Analysts will be able to see information about the malware event which may include the URL of the website that was compromised.

Can I manually disable Cisco Secure Endpoint?

No, Cisco Secure Endpoint runs transparently in the background and cannot be disabled. If you experience any problems with this software, please contact the Staff Service Centre.

Research Computing

Enterprise Apps

Initiatives

Cisco Secure Endpoint