Data in requests to Kaspersky Industrial CyberSecurity for Networks server

During integration with Kaspersky Industrial CyberSecurity for Networks, the following data can be stored locally on the device with Kaspersky Endpoint Agent in the %ProgramData%\Kaspersky Lab\Endpoint Agent\4.1\Data\Cache\Queue\Kics folder.

All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is uninstalled.

Data sent by Kaspersky Endpoint Agent to Kaspersky Industrial CyberSecurity for Networks server:

• Network interface data:
  • Network interface description
  • Domain
  • MAC address
  • Metric number
  • List of IP addresses that consists of a set of entries in the following format: IP address / subnet mask / gateway address
• Patch lists
  • Patch number
  • Patch installation date
• Lists of installed EPP applications:
  • EPP application name
  • Application version
  • Application database version
  • Date of the last application update
  • List of license keys (number, type, expiration date, key status)
• Data on established network connections:
  • Local IP address
  • Local MAC address
  • Remote IP address
  • Remote MAC address
  • Gateway IP-address
  • Protocol type (according to IANA)
• Depending on the component, Kaspersky Endpoint Agent sends the following data to Kaspersky Industrial CyberSecurity for Networks server:
  • Object type.
  • Object name.
  • Command line to run the object.
  • Hash of the object image on disk.
  • Identifier of the object process.
• Application and user data:
  • Process start and process termination events.
  • Event that outbound network connection is established.
  • Login events with different user accounts.
  • Open ports event.

Page top