VPN/Antivirus
(V1)How many devices can you use the DUO Mobile application on?
A single device
(A3)Can Cylance be installed on a device that is not owned by URI?
In most cases, no. However, in the event that a student’s or a faculty’s personal computer has been flagged by security and blacklisted, Security may direct us to install Cylance on their device so they can verify that the device is clean. This is typically done only for devices with serious malware infections that pose a threat to the URI network.
(A8)If McAfee is not fully removed when uninstalling, what would you do to fully remove it? Explain what programs you can use and where you can check to completely remove it.
Use McAfee’s Product Removal Tool or Revo Uninstaller (which can be found on HD Tools USB). Check under the McAfee folder in Program Files/Program Files (x86) to make sure all files have been removed. Check Task Manager to make sure all McAfee processes have been stopped. If everything fails, burn (reformat) the computer. DO NOT TRY TO REMOVE MCAFEE MANUALLY.
(S1)What is URI’s Secure Mail used for?
Secure email provides a way to send encrypted messages containing sensitive and/or private data to people outside of URI
(V2)How do you transfer your DUO account onto a new device?
Android
DUO Mobile app → 3 dots in top right corner → Settings → Connect a New Phone → View QR Code (on device that it is currently on)
DUO Mobile app → + → Scan QR code
iOS
Log into the VPN → On the screen to send a Push/Text/Call → To the right Add A New Device
DUO Mobile app → + → Scan QR code
(A4)How do you uninstall Cylance from a computer?
Create a ticket for IT Security to have them remove the user’s device from their console (Contact Ryan Conley, Tanya Roberts or Mike Khalfayan). If this is not done, you will not be able to uninstall Cylance.
Connect a USB with the Cylance installation package to the device. To uninstall, Cylance needs to have access to its installation files.
Go to add/remove programs → Find Cylance PROTECT → uninstall
(T1)What does TAP do?
Targeted Attack Protection (TAP) (uri.edu)
TAP scans incoming email for known malicious hyperlinks and for attachments containing malware. TAP works behind-the-scenes, which means you do not need to do anything to activate or take advantage of the system.
(S2)When should Secure Mail be used?
When sending sensitive information through email.
(A1)Who at URI controls and monitors Cylance?
Cylance is controlled and monitored entirely by IT Security. They have a registry/console that contains a list of all the devices that have Cylance installed.
(A5)What is McAfee? Is it supported by the university?
McAfee is an antivirus program that was, until recently, the university sponsored antivirus program. It is no longer provided by the university and McAfee does not support the version the university had but we still help users with issues they have with it.
(T1)How does TAP affect URLs included in emails?
TAP scans any/all URLs in an email and rewrites them as Proofpoint URLs. Proofpoint URLs will begin with https://urldefense.proofpoint.com. These rewritten URLs allow Proofpoint to check the destination against its continuously updated database of malicious sites. If the destination site is considered safe, the link will function normally. If the destination site is compromised, the site will be blocked. If you click a link to a blocked site, you will be redirected to a page on the Proofpoint website, which will explain why the site has been blocked.
(S3)How do you set up Secure Mail?
Send an email to security@uri.edu requesting access for Secure Mail.
(A2)How does Cylance work?
Cylance continuously runs in the background, constantly monitoring a device’s files, programs and network traffic. Users have very little control over how Cylance operates, due to it being managed by IT Security. Any threats that Cylance detects are immediately quarantined. The record of Cylance’s detections can be viewed in its user interface.
(A6)Explain what Cylance is/how it works and how it differs from McAfee.
Compared to McAfee, Cylance is far less aggressive and provides a mostly hands-off experience for users. It is a real-time scanner and shield that works mostly in the background, continuously scanning the computer’s files and monitoring the device’s network traffic. When it discovers a threat, it will quarantine the file and provide the user with the exact location of the threat so it can be removed. Cylance also sends this information to the IT Security Office.
(T1)Does TAP scan attachments? Does TAP scan outgoing emails?
a.Yes, TAP scans all of an email’s attachments for known malicious files and URLs, however, TAP does not rewrite URLs in email attachments. If it detects a malicious URL in an attachment or the attachment is a malicious file, it will block the attachment.
b. No, TAP only scans emails received by URI accounts.
(S4)Where to find other information about Secure Mail?
Email Encryption (uri.edu)(https://security.uri.edu/email-encryption/)
(A2)How does Cylance quarantine files?
The file is moved from its original location to the quarantine folder. The file is renamed by adding ".quarantine" to the end of the filename, which changes its extension (e.g. malware.exe to malware.quarantine). The file is modified to prevent it from being used, so it cannot be launched or run.
(A7)How do you uninstall McAfee from a Windows machine? What if McAfee is in managed mode?
To uninstall McAfee go to Add/remove programs → find McAfee programs → uninstall each program. You will need to uninstall every other program before you uninstall the McAfee Agent.
If McAfee is in managed mode you will need to locate the FrmInst.exe file on the computer, navigate to it in command prompt and run a command with it.
cd C:\Program Files (x86)\McAfee\Common Framework
Frminst.exe /remove=agent
→ → https://service.uoregon.edu/TDClient/KB/ArticleDet?ID=32952 ← ←
(T2)If the user gets an email about one of their emails being in quarantine from proofpoint-pps@ppops.net, what does this mean?
This means that TAP detected something suspicious and quarantined the email as a security precaution. The user can click on the link in the email and the user can review the email(s) and either allow or deny them.
What countries made up the original Axis powers in World War II?
Germany, Italy, and Japan