Data in requests to Kaspersky Industrial CyberSecurity for Networks server
During integration with Kaspersky Industrial CyberSecurity for Networks, the following data can be stored locally on the device with Kaspersky Endpoint Agent in the %ProgramData%\Kaspersky Lab\Endpoint Agent\4.1\Data\Cache\Queue\Kics folder.
All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is uninstalled.
Data sent by Kaspersky Endpoint Agent to Kaspersky Industrial CyberSecurity for Networks server:
Network interface data:
Network interface description
Domain
MAC address
Metric number
List of IP addresses that consists of a set of entries in the following format: IP address / subnet mask / gateway address
Patch lists
Patch number
Patch installation date
Lists of installed EPP applications:
EPP application name
Application version
Application database version
Date of the last application update
List of license keys (number, type, expiration date, key status)
Data on established network connections:
Local IP address
Local MAC address
Remote IP address
Remote MAC address
Gateway IP-address
Protocol type (according to IANA)
Depending on the component, Kaspersky Endpoint Agent sends the following data to Kaspersky Industrial CyberSecurity for Networks server:
Object type.
Object name.
Command line to run the object.
Hash of the object image on disk.
Identifier of the object process.
Application and user data:
Process start and process termination events.
Event that outbound network connection is established.