Participate in Kaspersky Security Network
When you participate in , the Kaspersky Endpoint Security application statistics are automatically sent to Kaspersky to enhance protection of your Mac.
Note: Kaspersky doesn't receive, process, or store any personal data without your explicit consent.
Participation in Kaspersky Security Network is voluntary. The decision to participate is made when you install the application. However, you can change your decision later at any time.
Enable Kaspersky Security Network
- In the menu bar, click the application icon and choose Settings.
The application settings window opens.
- On the Advanced tab, in the Improved protection section, click Show KSN Statement to view the Kaspersky Security Network Statement.
- If you want Kaspersky Endpoint Security to use information about the reputation of files, web resources, and applications received from Kaspersky Security Network and you accept all the terms of the Statement, select the Participate in Kaspersky Security Network checkbox.
- In the window that opens, click Confirm.
The Participate in Kaspersky Security Network and Enable extended KSN mode checkboxes will be selected.
Note: By default, Kaspersky Endpoint Security uses the Extended KSN mode. Extended KSN mode is a mode in which Kaspersky Endpoint Security sends additional data to Kaspersky. If you do not want to provide these data to Kaspersky, deselect the Enable extended KSN mode checkbox.
Data provided to Kaspersky when using Kaspersky Security Network
If the Participate in Kaspersky Security Network checkbox is selected and the Enable extended KSN mode checkbox is unselected, Kaspersky Endpoint Security provides to Kaspersky the following data:
- Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
- Full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service's decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer); public key of the certificate; digital certificate thumbprint of the scanned object and hashing algorithm.
If the Participate in Kaspersky Security Network and Enable extended KSN mode checkboxes are selected, Kaspersky Endpoint Security provides to Kaspersky the following data:
- Information about the version of the operating system (OS) and service packs installed on the computer, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; date and time of the OS launch; processing delay time of the event about OS action in the behavioral analysis subsystem; number of delayed OS action events of the current type; processing delay time of the event about OS action in the proactive defense subsystem; number of processed OS action events; number of processed synchronous OS action events; total delay of all OS action events of the current type; processing delay time of the event about OS action in the persistent event storage subsystem; total delay of all OS action events; number of waiting synchronous OS action events; date and time of received event of an action in the OS.
- Information about the failed last OS reboot: number of failed reboots.
- Information about the Kaspersky installed application and the anti-virus protection status: unique identifier of the instance of application installation on the computer, application type, ID of application type, the full version of the application installed, the identifier of the application settings version, the identifier of the computer type, the unique identifier of the computer on which the application is installed, the unique User identifier in the Kaspersky services, locale language and operation state, version of the installed Software components and their operation state, version of the protocol used to connect with the Kaspersky services; full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service's decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; Unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer); number of update-apply cycles for anti-virus databases; date and time when the anti-virus databases were last updated and applied; release date and time of the Software's databases; version of the Software's component; Software update ID; type of the installed Software; date and time of System Watcher start; installation date and time for the Software; probability of sending statistics by System Watcher; code of the event that took longer than the standard time to process by System Watcher; database processing time of the event that took longer than the standard time to process by System Watcher; maximum allowed time for processing an event by System Watcher; processing time of the event that took longer than the standard time to process by System Watcher; total number of events that took longer than the standard time to process by System Watcher.
- Information about all scanned objects and operations: the name of the scanned object, the date and time of the scan, the URL- and Referrer addresses from which it was downloaded, the size of scanned files and the paths to them, the archive sign, the date and time of the file's creation, the name, size and checksums (MD5, SHA2-256) of the packer (if the file was packed), the file's entropy, the file's type, the file type code, the executable file sign, ID and format, the object's checksum (MD5, SHA2-256), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate): data on the certificate's publisher, number of starts of the object since the last statistics delivery, ID of the application's scanning task, the means of receiving information about the object's reputation, the value of the target filter, technical parameters of the applicable detection technologies; path to the object being processed; directory code.
- For executable files: the entropy of the file sections, reputation verification flag or file signature flag, name, type, ID type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, an attribute indicating presence in the Autorun list, date of entry, the list of attributes, name of the packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format, file build date and time.
- Information about the applications launched and their modules: checksums (MD5, SHA2-256) of running files, size, attributes, creation date, name of the packer (if the file was packed), names of files, information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, a description of the application that the process belongs to (the name of the application and information about the publisher), as well as the digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature), and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), information about the availability and validity of these statistics, identifier of the mode for generating the statistics being sent.
- If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Kaspersky classification, the date and time of the last update of the anti-virus database, executable file name, the checksum (MD5) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the vulnerability identifier and its threat level, the URL and Referrer of the web page where the vulnerability was detected.
- If a potentially malicious object is detected, information is provided about data in the processes' memory.
- Network attack information: IP address of the attacking computer and number of the port on the user's computer targeted by the network attack, ID of the attack protocol, name and type of attack.
- Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process's file and its digital signature, local and remote IP addresses, numbers of local and remote connection ports, connection state, timestamp of the port's opening.
- The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier, weight and degree of the rule used to reach a verdict, the objective of the attack.
- Information about updates of the installed application and anti-virus databases: status of completion of the update task, type of error that may have occurred during the update process, the number of unsuccessful updates, the identifier of the application component that performs updates.
- Information about the use of Kaspersky Security Network (KSN): KSN identifier, application identifier, full version of the application, depersonalized IP address of the user's device, indicators of the quality of fulfillment of KSN requests, indicators of the quality of the processing of KSN packets, indicators of the number of KSN requests and information about the types of KSN requests, date and time when statistics began being sent, date and time when statistics finished being sent, information about KSN configuration updates: identifier of the active configuration, identifier of the configuration received, error code of the configuration update.
- Information about system log events: event time, name of the log where the event has been detected, type and category of event, name of the event source and event description.
- Information to determine the reputation of files and URL-addresses: the URL-address at which the reputation is being requested and the Referrer, the connection's protocol type, the internal identifier of the application type, the number of the port being used, the User identifier, checksum of the scanned file (MD5), type of the detected threat, information about the record used to detect a threat (record identifier for the anti-virus databases, the record timestamp and type); public key of the certificate; digital certificate thumbprint of the scanned object and hashing algorithm.
- Data on the application territorial distribution: date of the application installation and activation, ID of the partner providing the license for the application activation, application ID, application language localization ID, license serial number for the application activation, KSN participation sign.
- Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
- Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
- Information about the operation of the Web Control component: component version, categorization reason, additional information about categorization reason, categorized URL, host IP address of blocked/categorized object.
Note: Depending on Kaspersky Security Center settings, you can participate in Kaspersky Private Security Network instead of Kaspersky Security Network. Kaspersky Endpoint Security notifies you when it switches from Kaspersky Private Security Network to Kaspersky Security Network and prompts you to accept the terms of the Kaspersky Security Network Statement. For detailed information about participating in Kaspersky Private Security Network, see the Kaspersky Security Center Help.
Kaspersky Security Network infrastructure
Kaspersky Endpoint Security supports the following Kaspersky Security Network infrastructural solutions:
- Global KSN is the solution used by most Kaspersky applications. KSN participants receive information from Kaspersky Security Network and send Kaspersky information about objects detected on the user's computer to be analyzed additionally by Kaspersky analysts and to be included in the reputation and statistical databases of Kaspersky Security Network.
- Private KSN is a solution that enables users of computers hosting Kaspersky Endpoint Security or other Kaspersky applications to obtain access to Kaspersky Security Network reputation databases, and to other statistics without sending data to Kaspersky Security Network from their own computers. Private KSN is designed for corporate customers who are unable to participate in Kaspersky Security Network for any of the following reasons:
- Local workstations are not connected to the internet.
- Transmission of any data outside the country or outside the corporate LAN is prohibited by law or restricted by corporate security policies.
By default, Kaspersky Security Center uses Global KSN. You can configure the use of Private KSN in the Kaspersky Security Center Administration Console (MMC) and Kaspersky Security Center Web Console. It is not possible to configure the use of Private KSN in the Kaspersky Security Center Cloud Console.
KSN Proxy
Computers managed by Kaspersky Security Center Administration Server can interact with Kaspersky Security Network via the KSN Proxy service.
The KSN Proxy service provides the following capabilities:
- The user's computer can query KSN and submit information to KSN even without direct access to the internet.
- The KSN Proxy service caches processed data, thereby reducing the load on the external network communication channel and speeding up receipt of the information requested by the user's computer.
For more details on the KSN Proxy service, see the Kaspersky Security Center Help.
Note: Updates functionality (including providing anti-malware signature updates and codebase updates), as well as KSN functionality may not be available in the software in the U.S.
Page top