Introduction This article covers the standard installation procedure for Cisco Secure Endpoint (formerly AMP for Endpoints) on Windows and Mac devices.   Applicability This article is intended for use by end-users looking to install Cisco Secure Endpoint on their laptops or desktop computers.   Procedure Contents Installation Instructions (Windows) Installation Instructions (Mac) Mac Post Install Instructions / Grant Full Disk Access   Installation Instructions (Windows) Download and open the Windows installer file (CCID required). If asked to allow Cisco Secure Endpoint to make changes on your computer, click Yes. Click Install. Click Next. Click Close. If the installation was successful, you should see the following window pop up. Click the gear icon in the bottom left-hand corner: 7. Verify that the Policy Name is Protect on the Cisco Secure Client window that pops up: Installation Instructions (Mac) NOTE: Due to the privacy and security design of macOS, you may be required to re-authorize System Extensions or network content filtering occasionally when new updates for AMP for Endpoints are released. Download and open the Mac installer file (CCID required). Launch the installer file and double click the installer icon (ciscoampmac_connector.pkg) Click Continue. Click Continue. Click Continue. View the End User License Agreement, click Agree, then click Continue. Click Install. Enter the user name and password you use to log on to your computer, click Install Software, then click Install. At this point in the install you will see two things happen. Firstly, you will be asked whether you want "AMP for Endpoints Connector" to notify you. You may click Don't Allow, or Allow as shown below: Secondly, you will be informed that a System Extension was blocked. Allow the System Extension as shown below. Click Open Security Preferences Unlock your computer by clicking the yellow lock and entering the user name and password you log into your computer with. Click Allow, then lock the computer again by clicking the yellow lock and close or minimize the Security & Privacy window. Due to a known bug in macOS, the developer for the system extension may be named Placeholder Developer. Enable both, then click OK. You will be prompted to filter network content. Click Allow. The installation will complete. Click Close. You will be prompted to Keep the installer or Move to Trash, the choice is yours. If you move it to the trash you will need to allow "Installer" access to files in your Downloads folder.  Mac Post Install Instructions / Grant Full Disk Access After install you will notice that the Cisco AMP icon in the menus has an exclamation point on it. You are being asked to grant full disk access AMP. Please complete the following steps: In System Preferences, under Security and Privacy, go to the Privacy tab. Click on the lock to make changes. Select Full Disk Access from the left pane, and then enable both AMP for Endpoint Services and AMP Security Extension. Keywords: Cisco AMP, endpoints, security, amp, malware, antivirus, amp4e, secure, endpoint

Introduction This article covers the standard installation procedure for Cisco Secure Endpoint (formerly AMP for Endpoints) on Windows and Mac devices for personal devices only.  Do not use this policy for University of Alberta computers.   Applicability This article is intended for use by end-users looking to install Cisco Secure Endpoint on their personal laptops or desktop computers.   Procedure Contents Installation Instructions (Windows) Installation Instructions (Mac) Mac Post Install Instructions / Grant Full Disk Access   Installation Instructions (Windows) Download and open the Windows installer file (CCID required). If asked to allow Cisco Secure Endpoint to make changes on your computer, click Yes. Click Install. Click Next. Click Close. If the installation was successful, you should see the following window pop up. Click the gear icon in the bottom left-hand corner: 7. Verify that the Policy Name is Protect on the Cisco Secure Client window that pops up: Installation Instructions (Mac) NOTE: Due to the privacy and security design of macOS, you may be required to re-authorize System Extensions or network content filtering occasionally when new updates for AMP for Endpoints are released. Download and open the Mac installer file (CCID required). Launch the installer file and double click the installer icon (ciscoampmac_connector.pkg) Click Continue. Click Continue. Click Continue. View the End User License Agreement, click Agree, then click Continue. Click Install. Enter the user name and password you use to log on to your computer, click Install Software, then click Install. At this point in the install you will see two things happen. Firstly, you will be asked whether you want "AMP for Endpoints Connector" to notify you. You may click Don't Allow, or Allow as shown below: Secondly, you will be informed that a System Extension was blocked. Allow the System Extension as shown below. Click Open Security Preferences Unlock your computer by clicking the yellow lock and entering the user name and password you log into your computer with. Click Allow, then lock the computer again by clicking the yellow lock and close or minimize the Security & Privacy window. Due to a known bug in macOS, the developer for the system extension may be named Placeholder Developer. Enable both, then click OK. You will be prompted to filter network content. Click Allow. The installation will complete. Click Close. You will be prompted to Keep the installer or Move to Trash, the choice is yours. If you move it to the trash you will need to allow "Installer" access to files in your Downloads folder.  Mac Post Install Instructions / Grant Full Disk Access After install you will notice that the Cisco AMP icon in the menus has an exclamation point on it. You are being asked to grant full disk access AMP. Please complete the following steps: In System Preferences, under Security and Privacy, go to the Privacy tab. Click on the lock to make changes. Select Full Disk Access from the left pane, and then enable both AMP for Endpoint Services and AMP Security Extension. Keywords: Cisco AMP, endpoints, security, amp, malware, antivirus, amp4e, secure, endpoint

Introduction This article is written for University of Alberta staff, faculty, or students who are utilizing personal devices to store university data.  If you are a staff member who has enrolled a personal device into the University of Alberta's Work From Home Program, then you are required to encrypt your personal device and take additional security measures to secure your PC, as detailed here.   The University of Alberta requires that any portable device (laptop, Macbook, cell phone or tablet) that stores university related data needs to be encrypted.  Encryption technologies scramble the data on the storage drive.  This prevents a threat actor who may gain access to your device in an unauthorized manner from accessing sensitive data stored on the drive.   Please be advised, Information Services & Technology (IST) provides these guidelines to assist clients with safeguarding their personal computing devices, however we do not provide any technical support or assistance for personal computers, even those registered in the Work From Home Program.  Managing the encryption and access of a personal computer is the sole responsibility of the individual that owns the device in question.     If you have a computer provided by the University of Alberta or your department and you would like assistance with encryption, please contact IST at 780-492-8000 or log a ticket with us via our website.  More information about encryption and why it is important can be found on our website here.     Procedure The following links direct to both Microsoft (Windows) and Apple (macOS) support sites with instructions to setup the encryption tools they provide for their respective platforms.  These instructions are for personally owned devices only.  It is strongly recommended you review the information provided in this article before following the instructions in the provided links.  IST cannot assist in encrypting your personally owned computer beyond providing these guidelines.   Instructions: Encrypting a Windows Computer      Microsoft offers two solutions for encryping your Windows 10 or 11 computer, Device Encryption and Bitlocker Drive Encryption.   Device Encryption is the preferred method for encrypting personal computers.  Device Encryption requires the use of a Microsoft Account.  The encryption key is tied to the account, and data is only accessible when an authorized account logs into the device.  Please be aware, if you lose access to your Microsoft Account used in the encryption process, you will lose access to all of your data stored on the device.  IST will not be able to assist with any technical issues that may arise in this scenario.   Bitlocker Drive Encryption is an alternative method of encrypting a Windows computer.  Not all Windows computers allow for Bitlocker Drive Encryption.  With Bitlocker, a 25 character encryption key is created in a separate text file.  This file cannot be stored on the drive that was encrypted, and it is recommended to be stored in a secure personal (i.e non-University of Alberta) cloud location such as Google Drive, or in a personal password manager solution.  If a computer is lost or stolen the data on the drive is inaccessible without an authorized account or the 25 character key stored in the text file.  Please be aware, if you lose access to the encryption key file and your computer makes a request for the encryption key, you will lose access to all of your data stored on the device.  IST will not be able to assist with any technical issues that may arise in this scenario.   Instructions: Encrypting a macOS Computer Apple offers one solution, called Filevault, to encrypt macOS devices.   Filevault allows you to either tie the encryption key to your Apple ID, or create a separate 25 character recovery key to store in a text file.  When following the instructions for setting up Filevault, you will be asked which method you prefer.  It is strongly recommended to utilize your Apple ID to store your encryption key, however if you lose access to your Apple ID account you will lose access to all of your data stored on the device.  IST will not be able to assist with any technical issues that may arise in this scenario. If you select the option to create a 25 character recovery key, the key must be manually typed out into a separate text file, and it is recommended that you store it in a secure personal (i.e non-University of Alberta) cloud location such as Google Drive, or in a personal password manager solution.  If a computer is lost or stolen the data on the drive is inaccessible without an authorized account or the 25 character key stored in the text file.  Please be aware, if you lose access to the encryption key file and your computer makes a request for the encryption key, you will lose access to all of your data stored on the device.  IST will not be able to assist with any technical issues that may arise in this scenario.   Keywords: windows 10, windows 11, macOS, apple, microsoft, encrypt, encryption, bitlocker, security, SPED, data privacy, VPIT, VP-IST, laptop, tablet, cell, phone, self-service

Introduction   This article is written for University of Alberta staff, faculty, or students who are utilizing personal cell phone or tablet devices to store university data. The University of Alberta requires that any portable device (laptop, Macbook, cell phone or tablet) that stores university related data needs to be encrypted.  Encryption technologies scramble the data on the storage drive.  This prevents a threat actor who may gain access to your device in an unauthorized manner from accessing sensitive data stored on the drive.   Please be advised, Information Services & Technology (IST) provides these guidelines to assist clients with safeguarding their personal computing devices, however we do not provide any technical support or assistance for personal cell phones or tablets, even those registered in the Work From Home Program.  Managing the encryption and access of a personal cell phone or tablet is the sole responsibility of the individual that owns the device in question.     If you have a cell phone or tablet provided by the University of Alberta or your department and you would like assistance with encryption, please contact IST at 780-492-8000 or log a ticket with us via our website.  More information about encryption and why it is important can be found on our website here.       Procedure   Modern mobile cell phones and tablets are very straightforward to encrypt, with no account or separate encryption key file required.  Apple (iOS) devices use a File Based Encryption method, while Google (Android) devices use a Disk Based Encryption method.  Both methods scramble the personal data of the individual using the device, and encryption ensures only an authorized user can get into the phone or tablet.   These instructions are for personally owned devices only.  It is strongly recommended you review the information provided in this article for your relevant phone or tablet operating system; you may have to consult the manual or support website from your device manufacturer to complete some steps.  IST cannot assist in encrypting your personally owned cell phone or tablet beyond providing these basic guidelines.   Encrpyting an Apple (iOS) Device When you setup an iPhone or iPad encryption is enabled automatically when you setup a passcode or Touch/Face ID to unlock the device.  It is strongly recommended you utilize Touch/Face ID, as biometric unlocking is unique to the individual user, while a passcode can be forgetten, guessed, or stolen.   To confirm your device is encrypted, open the Settings app and navigate to Face ID & Passcode.  Scroll to the bottom of the page, if you see a message that reads Data protection is enabled, your device is encrypted.  If you do not see this message, enable Touch/Face ID or a passcode to encrypt your device and follow the on-screen prompts to setup.   Please be advised IST cannot assist with the setup or technical support of encryption on personal devices.   Encrypting a Google (Android) Device When you setup an Android device encryption is enabled automatically if you choose to setup a biometric (fingerprint or face scan) login to the device, or a PIN, passcode, or password.  If you do not have one of these options turned on, enabling them in your phone will encrypt your device.  It is strongly recommended to use a biometric option, as a PIN, passcode, or password may be guessed or stolen.   The challenge with Android devices is that several manufacturers make Android hardware, and create customized versions of the Android operating system to run on their phone. This makes it difficult to provide specific walkthroughs to help enable these options. In general, you can find these options under Settings > Security and privacy.  If you're unable to locate these options, consult the support manual from your device manufacturers website.  Popular Android phones include the Samsung Galaxy lineup, and the Google Pixel phone line.   Please be advised IST cannot assist with the setup or technical support of encryption on personal devices.   Device Compatibility All current in-market Apple iPhone and iPad models have encryption capabilities, and all previous models dating back to the original support encryption functionality.  However, if your personal iPhone or iPad cannot receive major software or security updates from Apple due to it's age, it's recommended to upgrade the device to keep your data as secure as possible.   All current in-market Android devices have encryption capabilities, and models dating back to Android version 4.4 have this functionality.  However, if your personal Android device cannot receive major software or security updates from Google or your device manufacturer due to it's age, it's recommended to upgrade the device to keep your data as secure as possible.     Appendix Apple – About encrypted backups on your iPhone, iPad, or iPod touch Apple – About Face ID advanced technology Apple – Use a passcode with your iPhone, iPad, or iPod touch Apple – Use Touch ID on iPhone and iPad Google – Back up or restore data on your Android device IST – Service Catalog ualberta – Encryption ualberta – Tips for a secure password           Back to Top   Keywords: encrypt, encryption, mobile, iOS, Android, iPhone, iOS 7, iOS 8, iOS 9, iOS 10, iPad, blackberry, mobile device, password, encryption, procedure, process, standard, VPIT, VP-IST, vice-provost, security, password, setup, policy

Introduction This article provides a high level overview of help available to all members of the University of Alberta community who require assistance related to cyber-security, information security and all other security aspects of UofA technology or information assets. Applicability  This article is written for all members of the University of Alberta regardless of role or function.  This includes anyone with a University of Alberta issued CCID such as students, academic staff, support staff and guests.  This also includes anyone with University of Alberta owned networking or computing resources such as laptops, desktop, tablets, servers, etc. General Information A substantial amount of information around existing initiatives, best practices and roles and responsibilities can be found on the website of the Chief Information Security Officer: https://uab.ca/ciso Getting Help If the information you are looking for cannot be found on the CISO website listed above then direct any questions, comments or concerns to one of the following email addresses based on the most relevant description: Anything related to policy, governance, decision making, breaches (confirmed or suspected), or theft of devices etc, please email ciso@ualberta.ca For all other inquiries including phishing, spam, odd account behavior, day to day security operations, hacking attempts, malware infections, suspected vulnerabilities and exploits, etc please email abuse@ualberta.ca Anything related to harassment, unwanted attention or personal safety contact University of Alberta Protective Services (UAPS) at 780-492-5050. If the situation is LIFE OR DEATH contact 911. Keywords: virus, viruses, hack, hacked, hackers, malware, trojan,adware, norton, symantec, fsecure, f-secure, ciso, security, amp4e. amp

Introduction This article provides instructions on how to clear your browser's cache & cookies.  Applicability This applies to all users at the University of Alberta and can be used to resolve a variety of internet browser issues. Symptoms Clearing your cache & cookies may be beneficial when running into strange log in issues, pages not loading, or receiving Security Certificate error messages.   Cause Cookies, which are files created by websites you've visited, and your browser's cache, which helps pages load faster, make it easier for you to browse the web. However, sometimes these saved files have issues when changes are made to websites, and cause problems for your internet browser.    Resolution Each browser has their own way to clear the cache & cookies.   Computers:   Google Chrome: https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=en Mozilla Firefox: https://support.mozilla.org/en-US/kb/how-clear-firefox-cache Microsoft Edge: https://support.microsoft.com/en-us/help/10607/microsoft-edge-view-delete-browser-history Safari: https://support.apple.com/en-ca/guide/safari/sfri47acf5d6/mac Opera: https://blogs.opera.com/mobile/2016/04/clear-browsing-history/   Mobile Devices:   Google Chrome (Android & iOS): https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DAndroid&hl=en Mozilla Firefox (iOS): https://support.mozilla.org/en-US/kb/clear-browsing-history-firefox-ios Mozilla Firefox (Android): https://support.mozilla.org/en-US/kb/clear-your-browsing-history-and-other-personal-data Safari (iOS): https://support.apple.com/en-ca/HT201265 Other ‘built-in’ Android browsers: https://www.wikihow.tech/Clear-Your-Browser%27s-Cache-on-an-Android  

Introduction This article explains what to do in the event of a lost or stolen University owned or Personal Expense Reimbursement (PER) mobile device.   Applicability The article is intended for the campus community.    Procedure Where possible, please first check to see if you are able to locate your device using any available built-in location tracking services. For example "Find My" or equivalent. Please try to remotely wipe the device, if this feature is available. For stolen items, please make sure you file a report with University of Alberta Protective Services (UAPS) at 780-492-5050. Please create a ticket with the Service Desk with the following information: Device make and model, and date lost/stolen If the device was stolen, please include the UAPS case number that you were given when you contacted UAPS. Completed Breach Reporting Form  Please fill this out to the best of your ability and email it to both ciso@ualberta.ca and privacy@ualberta.ca. We may contact you later if we have any questions. The form can be found here: https://www.ualberta.ca/information-and-privacy-office/media-library/information-and-privacy-office/library/forms/breach-reporting-form.doc SMS also requires that an asset disposal form be completed and returned to smssurplus@ualberta.ca.  Please note that this must be completed by you/your department. IST is not able to submit these on your behalf.  The form can be found here: https://www.ualberta.ca/finance-procurement-planning/media-library/finance/documents/fs-office-site/forms-cabinet/assetdisposalformassetretirement.docx If you will be requesting a new device to replace the old one, please follow your department's standard method for ordering new equipment.     Keywords: remote wipe, phone wipe, erase, iphone, android, blackberry, stolen, missing, cellular, suspend, telecom, telephone cellphone, mdm, mobile device management

Introduction   To remain compliant with the University of Alberta’s (UofA) Encryption Procedure, sensitive information stored on devices where there is risk for unauthorized access and disclosure (in this case, external hard drives) should be protected via encryption.   KBA Objective: This article provides a method for users to encrypt their external backup drives, typically for backups of University devices   Applicability Target Audience: Anyone who needs to encrypt their external drive   Non-applicable: Refer to KBA – Encrypt a MacOS device for MacOS encryption Refer to KBA – Encrypt a Windows device for Windows encryption Refer to KBA – FAQs about Backup data and servers for backing up data before encryption   Procedure   Basic Information Standard Process 1.0 Windows: Encrypt Drive 2.0 MacOS: Encrypt New Drives 2.1 MacOS: Encrypt Used Drives Related Knowledge       Basic Information   Encryption helps protect your files/folders by converting the data into code and protecting the data from unauthorized access. External drives are protected by passwords that are made by the user. A suggestion for these passwords can be: - For example: if the UofA Tag on the system is 123456, the CCID is djy, and this is the first backup drive then the password could be 123456djy-1. If there is a second backup drive then the password could be 123456djy-2 and so on.     Standard Process   1.0 Windows: Encrypt Drive These instructions explain how to encrypt external drives on Windows computers: Plug the external disk drive into your computer (typically through USB). Open File Explorer and go to the This PCon the left navigation pane. In Windows 10, Right-click the specific drive and click Turn on BitLocker. In Windows 11, you will need to click Show more options before clicking Turn on BitLocker. The following window will show up Check the Use a password to unlock this drive box, then enter a password for the drive using the method listed above and click Next. Make sure to keep this password safe and write it down or save it somewhere on your computer that you will never lose. Select the encryption option that you prefer, then click Next. Select Compatible mode for external drives, then click Next. Click Start encrypting and wait until the encryption is done at 100%.   2.0 MacOS: Encrypt New Drives These instructions explain how to encrypt an empty new external drive on MacOS computers: Plug the external disk drive into your computer (typically through USB). Open Disk Utility. Click the View menu at the top, then Show All Devices. Click the specific external drive. Click the Erase button in the toolbar. Enter a name for the disk (probably easiest to just give it the same name as before). In the Scheme pop-up menu pick GUID Partition Map. In the Format pop-up menu pick APFS (Encrypted). Enter the password as defined above, then click Choose. Click Erase, then Done.   2.1 MacOS: Encrypt Used Drives These instructions explain how to encrypt an existing external drive on MacOS computers (if the drive is already formatted as APFS): Plug the external disk drive into your computer (typically through USB). Go to your Desktop and right-click the drive and click Encrypt ""... Note: Viewing external disks needs to be enabled in Finder preferences. Enter a password based on the method above and add a hint if required. Make sure you write/save the password somewhere safe and accessible for future use. Click Encrypt Disk. Note: If this disk is used for Time Machine backups you can view the encryption progress in the Time Machine panel of System Preferences. If not, then you can see the status of the conversion process by opening Terminal and typing: diskutil cs list | grep -e "Conversion" -e "" It will encrypt the entire drive regardless of what data is on there, so for larger/slower drives this will take a very long time.       Related Knowledge Encrypt a MacOS device Encrypt a Windows device Frequently Asked Questions about Backup data and servers       Back to Top

Introduction This guide is designed to assist users with an active CCID who've been targeted by phishing emails, leading to an account suspension. Applicability This guide is applicable for users who have been affected by a phishing email. The steps outlined here will guide you in ensuring your account will remain secure and give you best practices for the future. Procedure Before You Begin IMPORTANT! If you do not follow the steps completely, your account may become compromised again. This can happen as bad actors may change your account settings that need to be reverted to their original state. Process Steps: If you currently have no access to your CCID account. If you suspect you have been the target of a phishing email, you will need to contact the IT Service Desk at 780-492-8000 ext 1, Monday to Friday, 7:30 AM to 6:00 PM. We are not able to assist you over email when it comes to account compromises. You will need to have your 7-digit Student or Employee ID number when you call us. If you do not know your 7-digit Student or Employee ID number, please check out the article listed here: Find Your Student or Employee ID Number Once you give us a call, the analyst on the phone will complete a verification with you using that ID number and continue with the procedure to get you back into your CCID account. You will need to have access to a computer at this time. The analyst will need to go over your account settings with you, and those settings can only be checked on a computer. If you have already spoken to IST and regained access to your CCID account, but are waiting to regain Google Services access. Once you have received confirmation that you have regained Google Services access after your account compromise, you will need to check the settings below to ensure you do not lose access to your account again. Failure to follow all these steps could result in your account becoming compromised again. Navigate to your Self-Service Password Reset settings. Ensure what is entered for both the phone and email options are yours and not someone else's. On your computer, navigate to Gmail. You will not be able to use a mobile device as some settings are not accessible without a computer. Head to settings by finding the Gear icon at the top right then click "See all settings". You will then want to navigate to "Accounts and Import" and ensure that the information under the section labeled "Send mail as" is set to your name and your email and not something else, if it is something you do not recognize you will want to click on edit info and change the settings back to default. Reference below. Next, you will want to navigate to Filters and Blocked Addresses and ensure you do not have any unknown filters set up or blocked addresses, if you see something you do not recognize, you will want to delete it as it could be redirecting or deleting your emails. Reference below. Lastly, you will want to check "Forwarding and POP/IMAP", we want to ensure that there are no forwarding email addresses set up to ensure emails you receive are not going to a third-party address. Unless you do have a legitimate email for forwarding, it should just say "Add a forwarding address". Reference Below. Now that your Gmail settings have been checked, your account should be secured once again. It is important to note, if you had used your compromised password on any other site other than your CCID, you will want to update that to ensure those accounts are secured as well. IMPORTANT! IST will never ask you to provide your CCID password or a Duo passcode, nor will we ask you to verify your CCID. If you have been asked to verify your CCID or worried about your CCID being deleted because of an email, please forward the email to abuse@ualberta.ca to confirm its legitimacy. You can also always call the IT Service Desk at 780-492-8000 ext 1, Monday to Friday 7:30 AM to 6:00 PM to ask about the legitimacy of an email. Additional Considerations Your account may have been used to send out other phishing emails to other accounts, which may result in emails regarding bounced back messages or replies asking if it is legit, please do not reply to these emails and just delete them as they come in, they will eventually stop. If you fell victim to a financial scam, where you have lost money, you will need to report the scam to your bank immediately, and it is also recommended to report the incident at https://www.antifraudcentre-centreantifraude.ca/scams-fraudes/victim-victime-eng.htm For more information about being secure online please visit our Information Security website here: https://www.ualberta.ca/en/information-services-and-technology/security/index.html