Data contained in Kaspersky Endpoint Agent for Windows trace files and dumps
Kaspersky Endpoint Agent for Windows can record debug information in trace files in accordance with settings to support the operation of Kaspersky Endpoint Agent for Windows.
Kaspersky Endpoint Agent for Windows dump files are created by the operating system when the program fails and are rewritten after each failure.
Trace files and dump files can include any personal data of the user or confidential data of your organization.
Do not use Kaspersky Endpoint Agent for Windows on hosts from which data transfer is forbidden by your corporate policy.
By default, Kaspersky Endpoint Agent does not record any debug information.
Trace files and dump files are never automatically sent beyond the host on which the files were generated. The contents of trace files can be viewed using the standard tools for viewing text files. Trace files and dump files are stored indefinitely and are not deleted when Kaspersky Endpoint Agent for Windows is uninstalled.
Debug information can be necessary for contacting the Technical Support.
There are no special mechanisms to limit access to trace and dump files. The administrator can take steps to configure writing this information into a secured folder.
The path for trace files and dump files is not configured by default. The administrator must manually specify a folder for writing trace files and dump files.
Data in trace files and dump files can contain the following information:
Actions performed by Kaspersky Endpoint Agent for Windows on the host.
Information about objects processed by Kaspersky Endpoint Agent for Windows.
Errors occurring during the operation of Kaspersky Endpoint Agent for Windows.
Event time.
Number of thread of execution.
Program component that caused an alert.
Event importance.
Data on executable modules.
Data on open ports.
Data on network connections.
About the operating system that is installed on the computer with Kaspersky Endpoint Agent for Windows.
Data on operating system user accounts.
Data on user sessions in the operating system.
Data on Windows event log.
About alerts of Kaspersky Endpoint Security for Windows.
About organizational units (OU) of Active Directory.
Unique ID of the computer with Kaspersky Endpoint Agent for Windows.
Fully qualified domain name of the computer.
Serial number of the logical drive.
HTTP protocol headers.
Full paths to files on computers with Kaspersky Endpoint Agent for Windows.
Names of files on computers with Endpoint Agent for Windows.
Full names of folders on computers with Kaspersky Endpoint Agent for Windows.
Home folder of the local user.
Name of the user account that started the process.
Path to the script that is run when the user logs in to the system.
Name of the user account under which the event occurred.
URLs and IP addresses of visited websites, and links from these websites.
When using a proxy server: Proxy server IP address, computer name, port, proxy server user name.
External IP addresses, with which a connection was established from a local computer.
Process start commands.
Command-line parameters.
Kaspersky Security Center Network Agent ID.
Path to keys in the Windows registry.
Names of Windows registry variables.
Values of Windows registry variables.
Windows registry hives.
Names of detected objects.
Name of the local DNS cache entry.
IP address from the local DNS cache entry in IPv4 format.
IP address or name of the requested host from the local DNS cache.
Host of the local DNS cache element.
Domain name of the local DNS cache element.
IP address of the ARP cache element in IPv4 format.
Physical address of the ARP cache element.
Name of the user account that started the operating system service.
Settings with which the operating system service was started.
Original name of the file (OriginalFileName) for the RT_VERSION resource.