Information about the operation of each Kaspersky Endpoint Security component, the performance of each task, and the overall operation of the application is recorded in reports.
Reports are generated differently depending on the application settings and the use of Kaspersky Security Center.
All reports are stored in the local application event storage. The event storage is located in the directory specified by the general application settingEventsStoragePath. By default, the database file in which Kaspersky Endpoint Security saves information about events is located in /var/opt/kaspersky/kesl/events.db. Root privileges are required to access the database of events.
If Kaspersky Endpoint Security is managed by Kaspersky Security Center, information about events may be transmitted to the Kaspersky Security Center Administration Server. For more details about managing reports in Kaspersky Security Center, please refer to the Kaspersky Security Center documentation.
If the general application settingUseSyslog=Yes, information about events is also logged to syslog. Root privileges are required to access syslog.
Reports may contain the following personal data:
User name and user ID of the operating system user
Paths to user files
IP addresses of the remote computers that are scanned by the Anti-Cryptor task
IP addresses of senders and receivers of the network packets checked by the Firewall Management task
Detected malicious, phishing, adware web addresses, and web addresses that contain legal software that may be used by criminals to damage your computer or personal data URL