- Kaspersky Endpoint Agent Help
- Kaspersky Endpoint Agent
- Installing and uninstalling Kaspersky Endpoint Agent
- Preparing for Kaspersky Endpoint Agent installation
- Installing Kaspersky Endpoint Agent
- Installing and uninstalling Kaspersky Endpoint Agent locally
- Installing Kaspersky Endpoint Agent using Kaspersky Security Center
- Installing Kaspersky Endpoint Agent administration tools
- Updating Kaspersky Endpoint Agent from the previous version
- Repairing Kaspersky Endpoint Agent
- Changes in the system after Kaspersky Endpoint Agent installation
- Application licensing
- Kaspersky Endpoint Agent application data
- Service data
- Data on events in Windows Event Log
- Data in requests to Kaspersky Sandbox
- Data provided when using the activation code
- Data received as a result of IOC Scan task execution
- Data in YARA Scan results
- Data in requests to the KATA Central Node component
- Data in requests to Kaspersky Industrial CyberSecurity for Networks server
- Data for creating a threat development chain
- Providing extended Kaspersky Endpoint Agent diagnostic information to Technical Support specialists
- Data in trace and dump files
- Data on acceptance of the terms of KSN Statement
- Network isolation
- Execution prevention
- IOC Scan
- YARA scan
- Security audit
- Working with incident card
- About the EDR notifications widget
- About Kaspersky Endpoint Detection and Response Optimum
- About integration with Kaspersky Anti Targeted Attack Platform
- About integration with Kaspersky Managed Detection and Response
- About integration with Kaspersky Sandbox
- About integration with Kaspersky Industrial CyberSecurity for Networks
- Managing Kaspersky Endpoint Agent using Kaspersky Security Center Administration Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configure network isolation settings
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Enabling and disabling integration with Kaspersky Sandbox
- Configuring trusted connection between Kaspersky Sandbox and Kaspersky Endpoint Agent
- Configuring the response timeout of Kaspersky Sandbox and request queue settings
- Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling and disabling Threat Response actions
- Adding Threat Response actions to the action list of the current policy
- Configuring authentication on the Administration Server for Autonomous IOC Scan tasks
- Device protection from legitimate applications that can be used by cybercriminals
- Configuring start of Autonomous IOC Scan tasks
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Enabling integration with Kaspersky Industrial CyberSecurity for Networks
- Configuring trusted connection with Kaspersky Industrial CyberSecurity for Networks
- Configuring synchronization settings between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Configuring data submission settings
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring EDR telemetry settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating a local task
- Creating a group task
- Viewing the table of tasks
- Deleting a task from the list
- Starting tasks manually
- Starting tasks by schedule
- Viewing task execution results
- Configuring the storage time for the task execution results on the Administration Server
- Creating Kaspersky Endpoint Agent activation task
- Managing Kaspersky Endpoint Agent database and module update tasks
- Managing IOC Scan tasks in Kaspersky Endpoint Agent
- Managing the application using Kaspersky Security Center Web Console and Kaspersky Security Center Cloud Console
- Managing Kaspersky Endpoint Agent policies
- Configuring Kaspersky Endpoint Agent settings
- Opening Kaspersky Endpoint Agent settings window
- Configuring Kaspersky Endpoint Agent security settings
- Configuring Kaspersky Endpoint Agent connection settings to a proxy server
- Configuring Kaspersky Security Center as a proxy server for Kaspersky Endpoint Agent activation
- Configure network isolation settings
- Configuring Kaspersky Endpoint Agent policy type
- Configuring KSN usage in Kaspersky Endpoint Agent
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Enabling and disabling integration with Kaspersky Sandbox
- Configuring trusted connection on Kaspersky Endpoint Agent side
- Adding Kaspersky Sandbox servers to Kaspersky Endpoint Agent list
- Configuring the response timeout of Kaspersky Sandbox and request queue settings
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling detection of legitimate applications that can be used by cybercriminals
- Configuring IOC Scan tasks start
- Configuring integration between Kaspersky Endpoint Agent and KATA Central Node
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Enabling integration with Kaspersky Industrial CyberSecurity for Networks
- Configuring trusted connection with Kaspersky Industrial CyberSecurity for Networks
- Configuring synchronization settings between Kaspersky Endpoint Agent and Kaspersky Industrial CyberSecurity for Networks
- Configuring data submission settings
- Configuring integration between Kaspersky Endpoint Agent and Kaspersky Managed Detection and Response
- Configuring EDR telemetry settings
- Configuring Execution prevention settings
- Configuring storage settings in Kaspersky Endpoint Agent
- Configuring failure diagnosis
- Managing Kaspersky Endpoint Agent tasks
- Creating tasks
- Viewing the table of tasks
- Deleting a task from the list
- Configuring task schedule settings
- Starting tasks manually
- Viewing task execution results
- Configuring the storage time for the task execution results on the Administration Server
- Creating Kaspersky Endpoint Agent activation tasks
- Configuring Database and application module update task
- Managing Standard IOC Scan tasks
- Managing Security Audit tasks
- Creating the Security Audit task with the default settings
- Configuring Security Audit task settings using the Kaspersky ICS CERT vulnerabilities database for SCADA
- Configuring Security Audit task settings using a security and standards compliance configuration
- Configuring Security Audit task settings using a custom rule database from the Kaspersky Security Center repository
- Configuring the Security Audit task settings using a custom database from file
- Viewing the Security Audit task execution results
- Exporting the Security Audit task execution results to a separate file
- Configuring the Quarantine file task
- Configuring the Delete file task
- Configuring the Run process task
- Configuring the Terminate process task
- Managing Kaspersky Endpoint Agent using the command line interface
- Managing Kaspersky Endpoint Agent activation
- Managing Kaspersky Endpoint Agent authentication
- Configuring tracing
- Configuring creating a dump of Kaspersky Endpoint Agent processes
- Viewing information about quarantine settings and quarantined objects
- Actions on quarantined objects
- Managing Kaspersky Sandbox integration settings
- Managing integration settings with KATA Central Node component
- Managing integration settings with Kaspersky Industrial CyberSecurity for Networks
- Running Kaspersky Endpoint Agent database and module update
- Starting, stopping and viewing the current application status
- Protecting the application with password
- Protecting application services with PPL technology
- Managing self-defense settings
- Managing event filtering
- Managing network isolation
- Managing Standard IOC Scan tasks
- Configuring and launching the Security Audit task
- Creating a thumbprint for the certificate for signing files with OVAL or XCCDF rules
- Creating a Kaspersky Security Center installation package with custom OVAL or XCCDF rules
- Managing scanning of files and processes according to YARA rules
- Managing scanning of autorun point objects according to YARA rules
- Managing Execution prevention
- Creating a memory dump
- Creating a disk dump
- Contact Technical Support
- Glossary
- Information about third-party code
- Trademark notices
Kaspersky Endpoint Agent application data > Data on events in Windows Event Log
Data on events in Windows Event Log
Data on events in Windows Event Log
Data on the events in Windows Event Log is stored in the %SystemRoot%\System32\Winevt\Logs\Kaspersky-Security-Soyuz%4Product.evtx file in a plain and non-encrypted form. The data is stored until Kaspersky Endpoint Agent is uninstalled.
The data can be automatically sent to Kaspersky Security Center.
By default, only users with System and Administrator permissions have read access to the files. Kaspersky Endpoint Agent does not manage access permissions to this folder and the files in this folder. Access is managed by the system administrator.
Event data can contain information about:
- User sessions in the operating system.
- User accounts in the operating system (userID).
- Errors that occurred during the execution of object scan tasks.
- Object scan tasks.
- Kaspersky Sandbox detections.
- Kaspersky Sandbox events.
- Kaspersky Endpoint Agent IOC files generated during automatic response.
- Object scan results.
- Kaspersky Sandbox server certificates.
- The object scan queue.
- Changes to Kaspersky Endpoint Agent.
- Changes to Kaspersky Security Center policies.
- Changes to object scan task status.
- Kaspersky Security Center policies.
- Quarantined objects.
- Automatic Threat Response actions.
- Errors while interacting with application servers.
- Objects blocked by Execution prevention rules.
- Results of Delete file tasks.
- Results of Terminate process tasks.
- Results of Run application tasks.
- Results of Get file tasks.
- Current Kaspersky Endpoint Detection and Response Optimum license.
- Application activation status.
All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is uninstalled.
Article ID: 192460, Last review: Dec 13, 2022