During operation, Kaspersky Endpoint Security saves and submits to Kaspersky Security Center the following information, which may contain personal and confidential data:
Information about the databases used by the application:
List of the database categories required by the application
Date and time when the databases were released and loaded into the application
Date when the downloaded application database updates were released
Time of the last application database update
Number of records in the currently used application databases
Application license information:
License serial number and type
License validity period in days
Number of devices covered by the license
Start and end dates of license term
License key status
Date and time of the last successful synchronization with activation servers if the application was activated using an activation code
Identifier of the application for which the license is intended
Functionality available under the license
Name of the organization for which the license is provided
Additional information if the application is used under subscription (subscription flag, subscription expiration date and the number of days available for renewing the subscription, subscription provider web address, current subscription status and the reason for this status), date and time when the application was activated on the device
Expiration date and time of the application license on the device
Information about the application updates:
List of updates to be installed or removed
Update release date and the sign of the Critical status
Name, version, and short description of the update
Link to the detailed description of the update
Identifier and text of the End User License Agreement and the Privacy Policy for the application updates
Identifier and text of Kaspersky Security Network Statement for the application updates
Indicator showing if the update can be removed
Versions of the application policy and administration plug-in
Web address for downloading the application administration plug-in
Names, version, and installation dates of the installed application updates
Error code and description if the update installation or removal completed with an error
Sign and reason for the device or application restart necessity because of the application update
User agreement or disagreement with the terms and conditions of Kaspersky Security Network Statement, End User License Agreement and Privacy Policy
List of tags assigned to the device
List of device statuses and reasons they are assigned.
The overall status of the application and the status of all its components; information about policy compliance, real-time protection status of the device, application stability status, information about the application stopping.
Date and time of the last device scan; number of scanned objects; number of detected malicious objects; number of blocked, deleted and disinfected objects; number of objects that cannot be disinfected; number of scan errors; number of detected network attacks
Data on the currently applied values of the application settings
The current status and execution results of the group and local tasks and the values of their settings
Information about external devices connected to the client device (ID, name, type, manufacturer, description, serial number, VID/PID)
Information about backup copies of files in the Backup storage (name, path, size and type of the object, description of the object, name of the detected threat, version of the application database which is used to detect the threat, date and time when the object was moved to the Backup storage), actions on the objects in the Backup storage (removed, restored), and the files by administrator request.
Information about the operation of each application component and about the execution of each task represented as events:
Date and time of event
Name and type of event
Event severity level
Name of the task or the application component running when the event occurred
Information about the application that triggered the event: application name, path to the file on the disk, process identifier, setting values​ (if the application launch or settings modification event is triggered)
User ID
Name of the initiator (task scheduler, application, Kaspersky Security Center, or a user) whose actions triggered the event
Name and identifier of the user who initiated access to the file
Object or action processing result (description, type, name, threat level and accuracy, file name and type of operation on the device, application decision on the operation)
Information about the object (object name and type, path to the object on the disk, object version, size, information about the performed action, event trigger description, description of the reason for not processing and skipping the object)
Device information (manufacturer name, device name, path, device type, bus type, identifier, VID/PID, system device flag, name of the device access rule schedule)
Information about blocking and unblocking the device; information about blocked connections (name, description, device name, protocol, remote address and port, local address and port, packet rules, actions)
Information about requested web address
Information about detected objects
Type, method, and ID of the detection
Information about the performed action
Information about the application databases (date when the downloaded database updates are released, information on the database usage, database usage errors, information on canceling the installed database updates)
Information about encryption detection (ransomware name; name of the device where encryption was detected; information about blocking and unblocking the device)
Application settings and network settings
Information about the triggered Application Control rule (name and type) and the result of its application
Information about containers and container images (names of containers or container images, paths to containers or container images, repository URL)
Information about active and blocked connections (name, description, and type)
Information about blocking and unblocking access to untrusted devices
Information about the use of KSN (KSN connection status, KSN infrastructure, identifier of the KSN Statement in extended mode, acceptance of the KSN Statement in extended mode, identifier of the KSN Statement, acceptance of the KSN Statement)
Information about certificates (domain name, subject name, issuer name, expiration date, certificate status, certificate type, date certificate was added, issue date, serial number, SHA256 thumbprint)
Information about external systems that are part of corporate software solutions (integration server address)
Information about enabling and disabling network isolation for the device
Information about working in Light Agent mode: name of the virtual machine template, address of the Integration Server
Name of the device for which network isolation is enabled or disabled
Scan task statistics: number of scanned objects; number of threats found; number of infected objects; number of probably infected objects; number of disinfected objects; number of objects added to Backup; number of deleted objects; number of not disinfected objects; number of scan errors; number of password-protected objects; number of skipped objects; number of scanned containers and images
Information about the version of the EDR Optimum component used in the application
Information about threat development chains: name of the online list of threat development chains, ID of the threat development chain
Information about operation of the system integrity scan task (name, type, path) and information about the system baseline
Information about network activity, packet rules, and network attacks
User role information:
Name and identifier of the user who initiated changing the user role
User role
Name of the user who has been assigned or revoked the role
Information about executable files of applications detected on the client device (name, path, type, and hash of the file; list of categories to which the application belongs; KL category to which the application belongs; trust group to which the application belongs; time of the first file launch; name and version of the application; name of the application vendor; information about the certificate used to sign the application: serial number, thumbprint, issuer, subject, release date, expiration date, and public key).
Information about the online list of threat development chains: threat development chain ID; creation timestamp of the threat development chain; format of the threat development chain (text or archive); body size of the threat development chain in bytes.