Overview

---

On the UC San Diego networks, devices are automatically blocked when they appear to be compromised.  Devices are considered compromised when they are communicating with one or more malicious (software) servers.  This may be a result of unintentionally installing a piece of malicious software, clicking on a malicious link, or automatically downloading email attachments.

When your device is blocked, you should receive an email with information about the block and the steps to take in order to secure your device and get unblocked.  Additional information about the malicious network traffic detected is included at the end of this email.

If your compromised device is a personal device, follow the steps under Personal Device to unblock you device.

If your compromised device is owned by the university or department, follow the steps under Department Owned Device to unblock your device.

Critical Concepts

---

• If the compromised device has any sensitive data and UCSD is the custodian of the data, please follow the steps to report a computer security incident.  This includes:
  
  • Personally identifiable information of other UC San Diego affiliates (names and addresses, Social Security Numbers, credit card numbers)
  • Device used to work with personnel, financial, medical, or human subject data (even if not stored on device)
  • Device used to submit student grades
  • Device connects to a campus database
  • Machine used as a web or file server
  • Multi-user desktop machines
• Take note of what programs were running and what you were doing at the time you were blocked.  This can help your technician identify what software may be communicating with malicious servers.
  
  

Steps to Take

---

Personal Device

If this is the first time this device has been blocked on the UCSD networks:

1. Run a scan with a supported antivirus software. Here are a few recommended antivirus programs:
   • Malwarebytes
   • Avast
   • Avira
2. Once the scan has been completed, review and screenshot the results
3. Contact the ITS Service Desk to request an unblock of your device (contact information on the bottom of this page).  Please try to include:
   • Name of the antivirus software used
   • Screenshot of the antivirus scan
   • MAC address of your device (included in the initial email) 

If this device has been blocked for the same malware signature within a 10 day period, you will be required to check-in your device for a technician to clean:

1. Bring the compromised device and its power adapter to the ITS Service Desk located in the Applied Mathematics & Physics Building (AP&M) Room 1313 in Muir College area.  Our front desk is open from 8:00am - 4:30pm each weekday (except holidays).
2. After checking in your device, a Service Desk technician will work to remove the remaining malicious software from the device.
3. If your device requires multiple days to clean, you will receive updates at the end of each business day stating the progress of the malware removal. 
   
   

Department Owned Device 

If your device was given to you by the university or your department, contact your local IT support group who owns or services this device.

If your device was given to you by ITS or if you are unsure who your local IT support group is, contact the ITS Service Desk directly (contact information below).