Data in requests to the KATA Central Node component
When integrated with the Central Node component, Kaspersky Endpoint Agent locally stores the following data on the device where it is installed.
All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is uninstalled.
Data from Kaspersky Endpoint Agent requests to the Central Node component:
In synchronization requests:
Unique Kaspersky Endpoint Agent identifier
Basic part of the server web address
Device name
IP address of the device
Device MAC address
Local time on the device
Self-defense status of Kaspersky Endpoint Agent
Name and version of the operating system that is installed on the device
Kaspersky Endpoint Agent version
Versions of the application settings and task settings
Task statuses in Kaspersky Endpoint Agent: identifiers of running tasks, execution statuses, execution error codes
Statuses of Kaspersky Endpoint Agent settings: type of settings being used, version of settings, status of applying the settings, error codes of applying the settings
In requests for obtaining files from the server:
Unique identifiers of files
Unique Kaspersky Endpoint Agent identifier
Unique identifiers of certificates
Basic part of the web address of the server with the Central Node component installed
Host IP-address
In the reports on task execution results:
Host IP-address
Information about the objects detected during an IOC scan or YARA scan
Flags of the additional actions performed by Kaspersky Endpoint Agent upon completion of tasks (for example, "deleteFileAfterReboot": false)
Task execution errors and return codes
Task completion statuses
Task completion time
Versions of the settings used for execution of the tasks
Information about the objects submitted to the server, quarantined objects, and objects restored from quarantine: paths to objects, MD5 and SHA256 hashes, identifiers of quarantined objects
Information about the processes started or stopped on a device where Kaspersky Endpoint Agent is installed at the server's request: PID and UniquePID, error code, MD5 and SHA256 hashes of the objects
Information about the services started or stopped on the device at the server's request: service name, startup type, error code, MD5 and SHA256 hashes of file images of the services
Information about the objects for which a memory dump was made for a YARA scan (paths, dump file identifier)
Files requested by the server
Telemetry packets
Data on running processes:
Executable file name, including full path and extension
Basic information about the file that is displayed to the users. This string may appear in the list when the user selects files to install. This line is required.