Statistics and reports are created based on events, which are generated by all components—Kaspersky Endpoint Security, Network Agents, and Administration Server. By default, all events are sent to the Administration Server and stored there for one month.
The administrator can view the events registered by a particular component remotely via the Administration Console—within its properties. For example, to view Kaspersky Endpoint Security events, find the necessary computer in the Managed Computers node, open its properties, in the Applications section select Kaspersky Endpoint Security and click Events.
Aggregate data on all events is available in the Event and computer selections / Events container. Here they can be grouped, filtered (for example, by registration time), exported into a file, or deleted.
Client computers transfer their events to the Administration Server during synchronizations. The time-lag between event registration and its availability on the Administration Server depends on the synchronization interval, which is 15 minutes by default.
An automated reaction to an event can be configured in the corresponding policy, in the Events section. Here you can also increase the lifetime of important events, enable e-mail notification, or disable registration of information events—for example, if the database size is critical.
Statistics and reports are generated based on the events gathered on the Administration Server.