Configure Advanced Threat Protection settings
In the Advanced Threat Protection section, you can choose whether Kaspersky Endpoint Security on client computers participates in Kaspersky Security Network and configure the use of KSN proxy.
Do the following if necessary:
- Read the full text of the Kaspersky Security Network Statement by clicking the KSN Statement link.
- View information about KSN infrastructure provided by Kaspersky Security Center by clicking the KSN Statement link.
Note: Global KSN infrastructure is used in Kaspersky Security Center by default. If you manage Kaspersky Endpoint Security via Kaspersky Security Center Web Console and depending on Kaspersky Security Center settings, you can participate in Kaspersky Private Security Network instead of Kaspersky Security Network. If you manage Kaspersky Endpoint Security via Kaspersky Security Center Cloud Console, participation in Kaspersky Private Security Network is unavailable. For detailed information about participating in Kaspersky Private Security Network, see the Kaspersky Security Center help.
- Turn on/off the use of Kaspersky Security Network.
- Turn on/off extended KSN mode.
- Turn on/off Cloud mode.
- Enable or disable the use of a KSN proxy.
- Enable or disable the use of Kaspersky servers when the KSN proxy is unavailable.
Note: If you manage Kaspersky Endpoint Security via Kaspersky Security Center Web Console, use of Kaspersky Security Network and a KSN proxy on remote computers is available only if Kaspersky Security Center Administration Server is used as the proxy server. For detailed information about Administration Server properties, see the Kaspersky Security Center help.
If you manage Kaspersky Endpoint Security via Kaspersky Security Center Cloud Console, you can use Kaspersky Security Network and a KSN proxy on remote computers through distribution points running a Windows operating system.
When Global KSN infrastructure is used by Kaspersky Security Center and you choose to participate in Kaspersky Security Network in policy settings, Kaspersky Endpoint Security statistics from client computers to which the policy is applied are automatically sent to Kaspersky to enhance protection of these computers.
Note: Kaspersky doesn't receive, process, or store any personal data without your explicit consent.
Data provided to Kaspersky when using Kaspersky Security Network in Global KSN infrastructure
If the Kaspersky Security Network toggle switch is enabled and the Extended KSN mode toggle switch is disabled, Kaspersky Endpoint Security running on client computers provides to Kaspersky the following data:
- Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
- Full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service's decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer); public key of the certificate; digital certificate thumbprint of the scanned object and hashing algorithm.
If the Kaspersky Security Network and Extended KSN mode toggle switches are enabled, Kaspersky Endpoint Security running on client computers provides to Kaspersky the following data:
- Information about the version of the operating system (OS) and service packs installed on the computer, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode.
- Information about the failed last OS reboot: number of failed reboots.
- Information about the Kaspersky installed application and the anti-virus protection status: unique identifier of the instance of application installation on the computer, application type, ID of application type, the full version of the application installed, the identifier of the application settings version, the identifier of the computer type, the unique identifier of the computer on which the application is installed, the unique User identifier in the Kaspersky services, locale language and operation state, version of the installed Software components and their operation state, version of the protocol used to connect with the Kaspersky services.
- Full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service`s decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; Unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer).
- Information about all scanned objects and operations: the name of the scanned object, the date and time of the scan, the URL- and Referrer addresses from which it was downloaded, the size of scanned files and the paths to them, the archive sign, the date and time of the file's creation, the name, size and checksums (MD5, SHA2-256) of the packer (if the file was packed), the file's entropy, the file's type, the file type code, the executable file sign, ID and format, the object's checksum (MD5, SHA2-256), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate): data on the certificate's publisher, number of starts of the object since the last statistics delivery, ID of the application's scanning task, the means of receiving information about the object's reputation, the value of the target filter, technical parameters of the applicable detection technologies.
For executable files: the entropy of the file sections, reputation verification flag or file signature flag, name, type, ID type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, an attribute indicating presence in the Autorun list, date of entry, the list of attributes, name of the packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format, file build date and time.
- Information about the applications launched and their modules: checksums (MD5, SHA2-256) of running files, size, attributes, creation date, name of the packer (if the file was packed), names of files, information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, a description of the application that the process belongs to (the name of the application and information about the publisher), as well as the digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature), and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), information about the availability and validity of these statistics, identifier of the mode for generating the statistics being sent.
- If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Kaspersky classification, the date and time of the last update of the anti-virus database, executable file name, the checksum (MD5) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the vulnerability identifier and its threat level, the URL and Referrer of the web page where the vulnerability was detected.
- If a potentially malicious object is detected, information is provided about data in the processes' memory.
- Network attack information: IP address of the attacking computer and number of the port on the user's computer targeted by the network attack, ID of the attack protocol, name and type of attack.
- Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process's file and its digital signature, local and remote IP addresses, numbers of local and remote connection ports, connection state, timestamp of the port's opening.
- The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier, weight and degree of the rule used to reach a verdict, the objective of the attack.
- Information about updates of the installed application and anti-virus databases: status of completion of the update task, type of error that may have occurred during the update process, the number of unsuccessful updates, the identifier of the application component that performs updates.
- Information about the use of Kaspersky Security Network (KSN): KSN identifier, application identifier, full version of the application, depersonalized IP address of the user's device, indicators of the quality of fulfillment of KSN requests, indicators of the quality of the processing of KSN packets, indicators of the number of KSN requests and information about the types of KSN requests, date and time when statistics began being sent, date and time when statistics finished being sent, information about KSN configuration updates: identifier of the active configuration, identifier of the configuration received, error code of the configuration update.
- Information about system log events: event time, name of the log where the event has been detected, type and category of event, name of the event source and event description.
- Information to determine the reputation of files and URL-addresses: the URL-address at which the reputation is being requested and the Referrer, the connection's protocol type, the internal identifier of the application type, the number of the port being used, the User identifier, checksum of the scanned file (MD5), type of the detected threat, information about the record used to detect a threat (record identifier for the anti-virus databases, the record timestamp and type); public key of the certificate; digital certificate thumbprint of the scanned object and hashing algorithm.
- Data on the application territorial distribution: date of the application installation and activation, ID of the partner providing the license for the application activation, application ID, application language localization ID, license serial number for the application activation, KSN participation sign.
- Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
- Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
- Information about the operation of the Web Control component: component version, categorization reason, additional information about categorization reason, categorized URL, host IP address of blocked/categorized object.
When Private KSN infrastructure is used by Kaspersky Security Center and you choose to participate in Kaspersky Security Network in policy settings, Kaspersky Endpoint Security doesn't send statistics from client computers to which the policy is applied to Kaspersky.
Page top