Skip to main content

FAQ

General and Policy Questions

 Why does Feinberg need BigFix and ActiveSync?

Feinberg has many regulatory mandates with which it must comply, including HIPAA/HITECH, FERPA, and PIPA. BigFix and ActiveSync allow Feinberg to ensure sensitive data that should remain private -- such as faculty and staff social security numbers, student information, or research participant data -- is adequately protected. Together, they ensure that devices used for business purposes are configured to provide protection in cases of loss or theft. They provide the University a "safe harbor" with respect to legal requirements to report a breach of information stored on the device. As we, and other universities have learned, a stolen device may be determined after the fact to have regulated data, even when the user believed there was none. 

 Who needs to use BigFix and ActiveSync?

Everyone affiliated with Northwestern University Feinberg School of Medicine – faculty, staff, residents, fellows and students – must use enhanced security measures on devices that access Northwestern University email and store Northwestern University data.

BigFix must be installed on university-owned and personal desktop computers and laptops that conduct Northwestern University Feinberg School of Medicine business. If you are unsure whether you need to download BigFix, follow this simple decision tree.

Additionally, users who download email to a smart phone or tablet must ensure that the device is encrypted and that passcode requirements are met before that device can access Northwestern University email. 

 How do I know if my computer is managed by Feinberg IT?

If your computer has a purple shield FSM Help icon on the desktop, it is managed by Feinberg IT.

 Don’t I already have Northwestern University security through VPN?

Because medical school servers house many types of sensitive data that must remain private, Feinberg requires higher levels of protection than Northwestern University-wide servers. Any unprotected computer or device can potentially be a vulnerability within our firewall. Think about it this way: medical school data is protected by a moat, but an individual unprotected device is a lowered drawbridge. In order to secure the data inside the moat, we need to pull up all our drawbridges and close our firewall. 

This level of security protects Northwestern data, but it protects you too. You would not want your lost or stolen laptop to become the source of a major data breach reported by local news. If a device is lost or stolen, encryption ensures that a third party cannot access protected information, such as PII or PHI, that may be stored on the device. In addition, it provides the University a "safe harbor" with respect to legal requirements to report a breach of information stored on the device. This software allows the University to better protect you from that possibility. 

 I don't have any PHI or PII on my device. Do I still need BigFix?

As described above, any unprotected computer or device can potentially be a vulnerability on Feinberg's network. In addition, based on prior incidents, we and other universities have learned that a stolen device may be determined after the fact to have PII/PHI even when the user believed there was none. There are many types of sensitive data that we have an obligation to keep private, including student data (covered by FERPA), faculty and staff data (covered under PIPA), and intellectual property that shouldn’t be released without authorization.

 Is this unique to Northwestern University?

No. Many other academic medical centers use the same technology, including Stanford University, Yale University, Duke University, and UCSF, among others. Many of our clinical affiliates have similar security measures in place.

 Can I instead autoforward or redirect my Northwestern email to Gmail, Yahoo or something similar?

Autoforwarding and/or redirecting to a non-approved email address is not compliant with current Feinberg policy. Only approved email accounts may be used for Feinberg business. Learn more about Feinberg information security policies here.

 I use webmail on my computer at home, am I affected?

Webmail users who do not download or store University-related information on their personal computers or devices are not affected.

 Should campus visitors install BigFix or ActiveSync?

Neither BigFix nor ActiveSync is necessary for short-term campus visitors.

 Who can I contact with general questions?

You can email fsmhelp@northwestern.edu with general questions related to BigFix or ActiveSync.

Encryption and Antivirus Questions

 I received a pop-up notification about encryption and/or antivirus. Where can I find more information?

Please visit this web page to learn how to encrypt your computer or update your antivirus software.

 What antivirus software is required for my computer?

Feinberg IT recommends any of the following programs: 

Recommended antivirus software for Windows

  • CA AV/Total Defense R12 client
  • eTrust(CA) 8.x AV client information
  • Forefront AV 
  • Forefront/System Center AV 
  • ISS Proventia Desktop 
  • McAfee VirusScan Client 
  • Sophos AV Client v7,8,9,10 
  • Symantec AntiVirus Client 
  • Symantec Endpoint Protection Client 
  • Trend Micro OfficeScan Client 
  • Windows Defender (Windows 10)

Recommended antivirus software for Mac

  • eTrust(CA) 8.x AV client information
  • McAfee VirusScan 8.x/9.x Client 
  • Sophos AV Client v7,8 
  • Symantec AntiVirus/Endpoint Protection Client 
  • Trend Micro OfficeScan Client 
  • BitDefender AV Client

 Does Northwestern offer any compliant antivirus software to faculty, staff, students and trainees?

Yes. NUIT has made Symantec Endpoint Protection available to all Northwestern University users, and is available for download at no charge on the NUIT website. ​ 

BigFix Questions

 What is BigFix?

BigFix is a software package that Northwestern University Feinberg School of Medicine is using to protect computers from security lapses, ensure a standard for IT security, and confirm compliance with University and Feinberg policies.

BigFix is automatically installed on all computers and laptops managed by Feinberg Information Technology, and must also be installed on all personal computers and laptops used to conduct Feinberg business. 

 How does BigFix work?

BigFix software verifies that the computer or laptop from which you are accessing email is: 1) encrypted, 2) running updated virus protection, and 3) current with any operating system patches. BigFix runs in the background, consuming minimal CPU resources, and periodically checks in with a Feinberg server to provide updates of the system status. Once installed, BigFix will replace the functions of Dell Kace (PCs) and Casper (Macs) on computers managed by Feinberg IT. BigFix works by collecting selected information about the security of that device.

 How will my computer get BigFix?

Feinberg IT will begin deploying BigFix on computers managed by Feinberg IT on 9/6/2016.

Many devices will get BigFix automatically or already have secure software in place:

  • Laptops and desktop computers that are managed by Feinberg IT will have BigFix installed automatically.
  • Computers managed by Northwestern Memorial Hospital, Ann & Robert H. Lurie Children’s Hospital of Chicago or the Shirley Ryan AbilityLab are already using similar technologies and should not have BigFix installed.

Individuals who use a personal, non-Feinberg managed computer to conduct Feinberg business must install BigFix software to continue using existing configurations. (For example: a faculty member who has installed Outlook on their personal laptop; a student using a personal computer to check email. 

You can download and install BigFix on the Feinberg IT web site after 9/6/2016. 

 How do I find out if I am currently running BigFix?

Mac

Go to your Launchpad (button in Dock that looks like rocket ship) and scroll through your Apps until you see "Big-IP Edge Client" (a big red circle labeled "F5"). Run it and then enter your NetID and password. Likewise, you can also open the Spotlight and start entering “Big-IP Edge Client”. You can verify that Big-IP is running by looking in the Taskbar on the top right by the time.  Look for the red circle labeled F5.    Once you have signed in, Outlook should work.

Windows

The Big-IP Edge Client will be in your list of Programs.  Click on the Windows Start button and search for “Big-IP Edge Client”.  Open it, log in using your NETID and password and then Outlook should connect.  You can verify that Big-IP is running by looking in the Taskbar on the bottom right by the time.  Look for the red circle labeled F5.    

 When do I need to download the software? Is there a cut-off?

After September 30, computers that do not meet security requirements will not be able to access Northwestern University email using an email application. However, these computers will still be able to access Northwestern University email through Outlook webmail.

 What do I need to do before I install BigFix?

You must ensure that you have the ability to install programs/software on any computer that will run BigFix.  Although it is not necessary, completing a backup of your important files is recommended as a best practice. 

 I need help installing BigFix. How can I get IT support?

You can email fsmhelp@northwestern.edu, call 312-908-6349, or visit the on-campus kiosks during the following 2016 dates:

September 8-9
September 12-14
September 29-30
October 3-5

On-campus kiosks are open from 8 a.m. to 5 p.m.

 Are there any devices that BigFix cannot work with?

BigFix will work on any desktop or laptop that is running Windows 7 and higher, or any Mac running 10.8 and higher. BigFix will not work with any mobile devices such as iPhones, Android or tablet devices not running Windows (smartphones and tablets work with ActiveSync). Please contact fsmhelp@northwestern.edu or call 312-908-6349 if you have any questions or problems.

 I have a device that cannot use BigFix. What do I do?

Please contact Feinberg IT at 312-908-6349 or fsmhelp@northwestern.edu. Feinberg IT will have to assess the current situation and determine if an alternative exists. Until the assessment is completed, you can still access your email at http://collaborate.northwestern.edu

 I tried downloading BigFix and am having problems. Who can help me?

You can email fsmhelp@northwestern.edu, call 312-908-6349, or visit the on-campus kiosks during the following 2016 dates:

September 8-9
September 12-14
September 29-30
October 3-5

On-campus kiosks are open from 8 a.m. to 5 p.m.

 Will I lose my data during the install?

Installation does not risk loss of data, but best practice is to have a back-up solution in place (including personal devices). 

Computers managed by Feinberg IT use a system called CrashPlan which automatically backs up your data.  Additionally, data stored on our central file share called FSMFiles are unaffected

 What happens if I do not download BigFix on my personally-owned machine?

You will no longer be able to access your Northwestern email on your desktop computer or laptop using your email client or download/store information from Northwestern University. You may still use webmail on any device, at any time. 

You can access webmail at http://collaborate.northwestern.edu

 Will BigFix slow down my computer?

No. BigFix runs in the background and consumes minimal CPU resources. 

 Will BigFix prevent me from doing anything on my personally-owned computer or laptop?

No. Feinberg IT is committed to ensuring your privacy, which includes being able to use your personally-owned devices as you wish. BigFix does not prevent you from installing any software, browsing any websites, or anything else for which you would normally use your computer. 

 Will BigFix be used to push updates to my personally-owned computer?

Feinberg IT does not use BigFix to push automatic updates to personally-owned devices. In certain rare cases where urgent security issues arise, we may require that you apply a patch to your system to access your Outlook desktop email client. If you do not apply the patch, you will still be able to get Outlook webmail on your machine. If you have questions related to security patches, you can email fsmhelp@northwestern.edu or call 312-908-6349 for assistance.

 I use a computer provided by NMHC, Shirley Ryan AbilityLab or LCH to check my Northwestern University email. Do I have to do anything?

BigFix should not be installed on computers provided by NMHC, Shirley Ryan AbilityLab or LCH. We strongly encourage you to auto-forward/redirect your northwestern.edu email to the appropriate, approved (nm.org, sralab.org, luriechildrens.org) email account. 

Email systems approved for auto-forwarding are listed here

Alternatively, you can use https://collaborate.northwestern.edu/ to check your Northwestern University email without auto-forwarding/redirection.

Please call 1-HELP if you require assistance in setting up an auto-forward to your clinical email account.

 I have a joint appointment; do I need to install BigFix?

Generally, yes. If you have questions regarding if this applies to you, please contact your school IT director.

 Can departing faculty, staff, residents, fellows and students keep BigFix?

Departing faculty, staff, residents, fellows and students should remove BigFix from their personal devices upon leaving Northwestern. To remove BigFix from your personal device, run the uninstaller like you would any other program. For devices managed by Feinberg IT, contact fsmhelp@northwestern.edu to remove BigFix. 

ActiveSync Questions

 What is ActiveSync?

ActiveSync is the system that email clients on smartphones and tablets use to check email at Northwestern and elsewhere. It can implement policies such as ensuring a PIN is enabled on a phone or that a tablet is encrypted before email can be downloaded.

 How does ActiveSync work?

ActiveSync is used every time a phone or tablet checks email using an email application. When a phone or tablet connect to Microsoft Exchange to check email, Feinberg (via ActiveSync) can ask that the device confirm it meets certain requirements such as encryption and a PIN.  If the device reports that the requirements are not met, ActiveSync will not allow email to be downloaded to the device.

 What devices need ActiveSync, and how do I get it?

Mobile phones and tablets will not need additional programs or software, but will be asked to use a six-digit passcode if one is not currently in place. Android users will be asked to encrypt if your device is not already encrypted.  

 Are there any devices that do not work with ActiveSync?

ActiveSync will work with most smartphones and tablets that can be encrypted. ActiveSync does not work with laptops or desktop computers; BigFix must be installed on all Feinberg-managed and personal desktop computers and laptops.

 My phone does not support encryption. What do I do?

Please contact Feinberg IT at 312-908-6349 or fsmhelp@northwestern.edu. Feinberg IT will assess the current situation and determine if an alternative exists. Until the assessment is completed, you can still access your email at http://collaborate.northwestern.edu.

 But can I still get email on my smartphone or tablet, even if I do nothing?

Beginning in September, all phones and tablets must be encrypted and utilize a 6-digit passcode. If your device does not meet this criteria, you will receive a prompt instructing you on how to meet requirements. Users are always able to use webmail on phones and tablets. 

You can access webmail at http://collaborate.northwestern.edu

Privacy and Ownership

 Is the University tracking or monitoring my personal computing habits? Is this an invasion of privacy?

No. Feinberg IT is committed to ensuring the privacy of the Feinberg community.

The main purpose of BigFix is to ensure the security of our network and data, and for Feinberg IT-managed computers to provide the automatic delivery of updates, patches and security upgrades. BigFix does not collect data such as web browsing history or data content such as documents. Please see the list of information collected by Big Fix. Collecting this information is necessary to verify encryption and associate the computer to the owner.

ActiveSync is a protocol that already exists on most devices.  No new software is being installed; ActiveSync is ensuring that minimum security requirements are being met by the device.

 Is the University collecting any data through BigFix?

As part of Feinberg IT’s ongoing commitment to ensuring the privacy of the Feinberg community, only the minimal data necessary will be collected.  BigFix collects user name and system configuration data such as operating system, CPU, RAM, and hard drive space. No personal data or information, such as browser history or files in the hard drive, is collected. All system information retrieved by BigFix is treated as confidential by FSM IT staff. Collecting this information is necessary to verify encryption and associate the computer to the owner.

 You can view a list of data collected here.

 Since I own and administer my computer, which is used only occasionally for medical school business, I can’t cede total control of my computer to a Feinberg IT administrator.

BigFix will not take away any rights/privileges from yours or any other local accounts on your personal computer. You can still install whatever you need onto your personal computer without asking permission. It will just grant Northwestern University Feinberg IT administrators the ability to check for encryption, antivirus software, and up-to-date operating system patching.