HOME
 | UTORprotect |
DOCUMENTATION
 |
AMS/ROSI
 |
SERVICES
 |
CONTACT
UTORprotect
FAQ
Screenshots

Endpoint Security Policy Operations FAQ

  1. What is ESP?

    2. ESP (Endpoint Security Policy system) is used to ensure that users
    who own their own computers and wish to attach to the University
    of Toronto network follow best practices in security maintenance
    before they connect. Currently, ESP is used in all network residences and the campus wireless network. It works like this: after the user authenticates, they are directed to run a wizard-like utility which performs the checks on their computer. Currently, the system checks for the presence of operating system security updates and the status of antivirus protection. If all conditions are met (a 'pass' condition), the user is connected to the U of T network and provided full service. If not, the user is directed via webpages on how to fix their computer. The user must run the ESP utility until a 'pass' condition is detected.

  2. What equipment is required to run the test?

    3. Computers that have the following operating systems: Windows Vista, XP, Windows 2000 and Windows 2003 Server are required to run the test. MacOS and Linux users are not presented with the test.

  3. Are all users required to run the test?

    It depends. All residence users must run the test. Wireless users who are classified as undergraduates must run the test. Once a user passes the check, they are not subject to another test until the time that network administrators determine that testing should be repeated.

  4. What about Service Packs?

    If your computer is running a Service Pack no longer supported by
    Microsoft (for example, Windows XP Gold), it will fail the test.
    Users are required to maintain a supported Service Pack. The
    Windows Update site will present you with a supported Service
    Pack. Note that Service Packs are generally large downloads and
    may take some time to complete. Windows XP Service Pack 2 is a
    very large download file - it is preferable to install it while
    connected to a wired network. Also, after installing a Service
    Pack, you will need to install the upgrades for that Service Pack.

  5. I have XP Service Pack 1 installed on my computer and it failed the ESP check. When I go to Microsoft Update, it presents me with Service Pack 2. Do I have to install Windows XP Service Pack 2?

    6. Yes, Windows XP Service Pack 1 is no longer supported.

  6. How can I find out precisely why I'm failing the ESP check?

    7. Use the following URL to run a version of the tool that will
    report what it thinks your computer is missing:

    http://cns.utoronto.ca/test/checker2.exe

  7. How do I run the ESP utility when it's presented to me?

    8. If you are using Internet Explorer, then select the 'Run' button
    and follow the directions. If you are using any other browser, you
    will need to save the utility on your computer. Once saved,
    navigate to it and run it. Once you are finished running it,
    delete it.

  8. Does the ESP wizard actually install on my computer?

    9. Only temporarily while it runs - on completion, it removes itself
    completely.

  9. When I try to access Microsoft Update, the site reports that I
    have failed a 'validation test' and won't let me update. What
    should I do?

    10. Microsoft has recently implemented a software validation system
    that blocks users from various services at Microsoft Update on
    failure of their test. *Access to Microsoft Update is required to
    pass the ESP check - you must resolve this issue in order to get
    prompt access to the University network.* Note that Microsoft
    provides all critical updates through the Auto Updates feature,
    regardless of the software validation check result; when updates
    are obtained in this way, computers will pass the ESP check.

  10. When I run the ESP wizard, I get popups from my firewall program.
    How should I respond to these?

    11. You should select popup options that allow the ESP wizard to run.

  11. I can't seem to get through the ESP process. The browser shows
    errors after the ESP wizard completes. What's the problem?

    12. There are three things that could interfere with the operation of
    ESP. Firstly, be sure to upgrade to Microsoft Update if you haven't
    done so. How do you tell whether you're upgraded or not? If you
    see the following image when you're in Windows Update, follow the
    instructions! Another issue to watch out for is a third-party
    firewall setting that blocks a component of the ESP wizard
    (examples of third-party firewalls include Norton Internet Firewall
    and McAfee Firewall). The quick workaround is to temporarily
    disable your firewall, run ESP, then re-enable the firewall.
    The third problem that may cause ESP not to complete is the
    presence of a virus, worm or spyware on your computer. Try scanning
    your hard drive using your anti-virus software and installing
    and running programs such as Microsoft's Anti-Spyware.

    ESP Antivirus status check

    Your computer has failed the ESP Antivirus status check. If you do
    not have an active antivirus program running on your computer,
    please follow the link below to the University's Antivirus
    distribution program. From this site, you can obtain Symantec
    AntiVirus as well as instructions on how to install it. See the
    FAQ below for more information.

    Symantec AntiVirus for U of T Computers
    <http://download.utoronto.ca/antivirus>

  12. Why does my antivirus popup with a message saying I have a
    problem? Does ESP try to install a virus on my computer?

    13. The antivirus test does not try to install a virus. It tries to
    install a harmless pattern that all antivirus programs recognize
    as a test. If you are prompted, choose the 'delete' option.

  13. ESP says my computer fails the antivirus test but I know I have
    antivirus installed and running. What's the problem?

    14. Ensure that your antivirus program is set up to check all your
    activity. Symantec AntiVirus calls this 'File System Auto
    Protect'. This must be turned on. Some antivirus products (not
    Symantec AntiVirus) take time (5 - 20 seconds) to detect the test
    pattern so the user should wait for the antivirus popup before
    proceeding with the test. Note that the ESP antivirus check has
    been tested with all of the major antivirus programs. If you are
    not using one of the well known antivirus programs, and the ESP
    antivirus check fails, it is recommended that you uninstall your
    current antivirus program and install Symantec AntiVirus
    (available at the link above).

 
©2011 - University of Toronto Information + Technology Services, All Rights Reserved.