Windows Event Log data is stored in the %SystemRoot%\System32\Winevt\Logs\Kaspersky-Security-Soyuz%4Product.evtx file in plain unencrypted form. The data is stored until Kaspersky Endpoint Agent is uninstalled.
The data can be sent to Kaspersky Security Center automatically, but is not sent to Kaspersky Sandbox.
By default, only users with System and Administrator permissions have read-access to the files. Kaspersky Endpoint Agent does not manage access permissions to this folder and the files in this folder. It is the system administrator who determines access permissions.
Event data can contain information related to the following:
All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is uninstalled.