Kaspersky Virus Removal Tool 2015

Local data storage in Kaspersky Virus Removal Tool

Back to article list

After the work of Kaspersky Virus Removal Tool is completed, the folder KVRT_Data remains on your hard drive (by default, it is located in C:\KVRT_Data). The user is personally responsible for ensuring the safety of the data collected, and in particular for monitoring and restricting access to the collected data stored on the computer. The folder KVRT_Data contains the following data:

• Files that have been moved to Quarantine. The files are stored in an encrypted form with the name format kvrt*.klq and can be accessed by all users. Quarantined files are stored in the folder VRT_Data \Quarantine. The quarantined files may contain the following user data: the paths to files scanned by Kaspersky Virus Removal Tool, the Microsoft Windows account name, the names of the objects moved into quarantine.
• Report files containing the results of scan tasks. The files are stored in an encrypted form with the name format report_<date>_*.klr.enc1 and can be accessed by all users. The files are stored in the folder KVRT_Data/Report. Report files may contain the following user data: paths to files scanned by Kaspersky Virus Removal Tool, paths to registry keys modified by Kaspersky Virus Removal Tool, Microsoft Windows username, URLs detected as the part of scanned objects (e.g., web addresses that are specified as values of parameters in the system registry).
• Trace files created during the application’s operation. The files are stored in an encrypted form with the name format KVRT.<application version>_<date>_<time>_*.log.enc1 and can be accessed by all users. The files are stored in the root of the KVRT_Data folder. The trace files may contain the following common data: event time, number of the thread of execution, application component that caused the event, degree of event severity (informational event, warning, critical event, error), a description of the event involving command execution by a component of the application and the result of the execution of this command. In addition to general data, trace files can contain the following user data: personal data, including the last name, first name, and middle name, if such data is included in the path to files on the local computer, the Microsoft Windows account name if it is included in a file name, email address or a web address containing the name of your account and password if they are contained in the name of the detected object, addresses of web pages detected as the part of scanned objects (e.g., web addresses that are specified as values of parameters in the system registry), remote IP addresses to which your computer established connections. If the application uses a proxy server traces files may contain proxy server address, computer name, port, IP address, user name used to sign in to the proxy server.
• Dump files created during the application’s operation. The files are stored in an encrypted form with the name format *.dmp.enc1 and can be accessed by all users. The files are stored in the root of the KVRT_Data folder. The dump files contain information about the working memory of processes at the time of the process crash. A dump file may also contain personal data.

Back to article list