Secure and Unblock a Compromised Device


Overview


On the UC San Diego networks, devices are automatically blocked when they appear to be compromised.  Devices are considered compromised when they are communicating with one or more malicious (software) servers.  This may be a result of unintentionally installing a piece of malicious software, clicking on a malicious link, or automatically downloading email attachments.

When your device is blocked, you should receive an email with information about the block and the steps to take in order to secure your device and get unblocked.  Additional information about the malicious network traffic detected is included at the end of this email.

If your compromised device is a personal device, follow the steps under Personal Device to unblock you device.

If your compromised device is owned by the university or department, follow the steps under Department Owned Device to unblock your device.

Critical Concepts


Steps to Take


Personal Device

  1st Block

  If it is the first time this device has been blocked on the UCSD networks:

  1. Run a scan with a supported antivirus software. Here are a few recommended antivirus programs:
  2. Once the scan has been completed, review the results
  3. Contact the ITS Service Desk to request an unblock of your device (contact information on the bottom of this page).  Please try to include:
    • Name of the antivirus software used
    • Results of the antivirus scan
    • MAC address of your device (included in the initial email) 

  2nd+ Block

  If this device has been blocked for the same malware signature within a 10 day period, you will be required to check-in your device for a technician to clean:

  1. Bring the compromised device and its power adapter to the ITS Service Desk located in the Applied Mathematics & Physics Building (AP&M) Room 1313 in Muir College area.  Our front desk is open from 8:00am - 4:30pm each weekday (except holidays).
  2. After checking in your device, a Service Desk technician will work to remove the remaining malicious software from the device.
  3. If your device requires multiple days to clean, you will receive updates at the end of each business day stating the progress of the malware removal. 

Department Owned Device 

If your device was given to you by the university or your department, contact your local IT support group who owns or services this device.

If your device was given to you by ITS or if you are unsure who your local IT support group is, contact the ITS Service Desk directly (contact information below).

If you still have questions or need additional assistance, please submit a ticket or call the ITS Service Desk at (858) 246-4357