Data for creating a threat development chain

The data for building the threat development chain is stored in the %ProgramData%\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects folder in open unencrypted form. By default, this data is stored for 7 days. The data is automatically sent to Kaspersky Security Center.

All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is uninstalled.

By default, only users with System and Administrator permissions have read access to the files. Kaspersky Endpoint Agent does not manage access permissions to this folder and the files in this folder. The access is managed by the system administrator.

Data for creating a threat development chain may contain the following information:

Page top