About data provision

The License Agreement for Kaspersky Embedded Systems Security, specifically the section entitled "Terms of data processing", specifies the terms, liability, and procedure for sending and processing the data indicated in this Guide. Before accepting the License Agreement, carefully review its terms as well as all documents linked to by the License Agreement.

The data Kaspersky receives from you when you use the application is protected and processed in accordance with the Privacy Policy available at www.kaspersky.com/Products-and-Services-Privacy-Policy.

The terms of the License Agreement and Privacy Policy are available during the Kaspersky Embedded Systems Security installation, as a part of distribution kit, and from the Start menu (All programs > Kaspersky Embedded Systems Security > EULA and Privacy Policy) after the installation.

During the Kaspersky Embedded Systems Security uninstallation, all the data stored by Kaspersky Embedded Systems Security on the protected device is deleted.

By accepting the terms of the License Agreement, you agree to automatically send the following data to Kaspersky:

To support the mechanism for receiving updates – information about the installed application and its activation: identifier of the application being installed and its full version, including build number, type, and license identifier, installation identifier, update task identifier.
To use the ability to navigate to Knowledge Base articles when application errors occur (Redirector service) – information about the application and link type: the name, locale, and full version number of the application, type of redirecting link, and error identifier.
To manage confirmations for data processing – information about the status of acceptance of license agreements and other documents, that stipulate data transferring terms: identifier and version of the License Agreement or other document, as a part of which the data processing terms are accepted or declined; an attribute, signifying the user's action (confirmation or recall of the terms acceptance); date and time of status changes of the data processing terms acceptance.

Local data processing

While executing the application's primary functions described in this Guide, Kaspersky Embedded Systems Security locally processes and stores a sequence of data on the protected computer.

The table below contains information about local processing and storing by Kaspersky Embedded Systems Security of data contained in reports.

Processing and storing of data contained in reports

Functional area	Event registration
Type of use	Kaspersky Embedded Systems Security stores the data locally and sends the data to the Administration Server. The Administration Server's database stores information about application events that occur on the managed protected devices.
Storage	%ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Embedded Systems Security\<product version>\Reports %SystemRoot%\System32\Winevt\Logs\Kaspersky Security.evtx Administration Server's database
Security measures	Access-control list.
Storage period	Kaspersky Embedded Systems Security stores the data until the uninstallation of Kaspersky Embedded Systems Security. During the Kaspersky Embedded Systems Security uninstallation, all the data stored by Kaspersky Embedded Systems Security on the protected device is deleted.
Purpose	Providing primary functionality.

Kaspersky Embedded Systems Security does not delete events in the Windows Event Log including during the Kaspersky Embedded Systems Security uninstallation.

In order to provide event registration functionality, Kaspersky Embedded Systems Security locally processes the following data:

Names, checksums (MD5, SHA-256) and attributes of processed files and full paths to them on the scanned media.
Actions taken on scanned files by Kaspersky Embedded Systems Security.
User actions taken on scanned files on the protected computer.
Information about accounts of users performing any actions on the protected network or protected device.
Device Instance Path values for devices added to the Device Control rules.
Information about processes and scripts running on the system: checksums (MD5, SHA-256) and full paths to executable files, information about digital certificates.
Windows Firewall settings.
Windows Event Log entries.
Names of user accounts taking actions on scanned files on the protected computer.
Instances of executable files being started, and the types, names, checksums, and attributes of these files.
Information about network activity:
- The IP addresses of blocked external devices.
- Processed IP addresses.
Information about the Windows USN Journal status.

The following table contains information about the service data processed by the Kaspersky Embedded Systems Security. The service data includes: program parameters, quarantined and backup files, information in the program's service databases, license data.

The table below contains information about local processing and storing by Kaspersky Embedded Systems Security of data about parameters specified by a user.

Processing and storing of data about parameters specified by a user

Functional area	All Kaspersky Embedded Systems Security functionality
Type of use	Kaspersky Embedded Systems Security stores the data locally and sends the data to the Administration Server. The data is stored in Administration Server's database. The data processed by the application locally is not automatically sent to Kaspersky or other third-party systems.
Storage	%ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Embedded Systems Security\<product version>\ Administration Server's database
Security measures	Access-control list.
Processing period	Kaspersky Embedded Systems Security stores the data until the uninstallation of Kaspersky Embedded Systems Security. During the Kaspersky Embedded Systems Security uninstallation, all the data stored by Kaspersky Embedded Systems Security on the protected device is deleted. Kaspersky Embedded Systems Security does not delete the data about parameters exported into configuration file. Kaspersky Embedded Systems Security does not delete Quarantine objects and Backup objects if the Export quarantine objects and Export Backup objects check boxes are selected in the Setup Wizard.
Purpose	Providing primary functionality.

For specified purposes, Kaspersky Embedded Systems Security locally processes the following data:

Objects placed in Quarantine or Backup.
Information about user accounts (username and password) under which Kaspersky Embedded Systems Security runs tasks.
Kaspersky Embedded Systems Security password.
IP addresses and identifiers of blocked logon sessions.
Windows Firewall settings and Windows Firewall rules settings.
Checksums (MD5, SHA-256) and paths to executable files added to the Application Launch Control task rules.
Device Instance Path values for devices added to the Device Control rules.
Information about files and folders included in scopes of Kaspersky Embedded Systems Security tasks.
IP addresses included or excluded from the protection scope.
Information about events in the Windows Event Log.
Information about detections with the use of iSwift or iChecker technology.
Checksums (MD5, SHA-256), full paths and masks specified in exclusions settings.
Information about processes added to the Trusted Zone.
Information about added license keys.
Information about digital certificates.
Files unpacked from an archive or other composite object during the scan.

Kaspersky Embedded Systems Security processes and stores data as part of the application's basic functionality, including to log application events and receive diagnostic data. Locally processed data is protected in accordance with the configured and applied application settings.

Kaspersky Embedded Systems Security lets you configure the level of protection for data processed locally (Managing access permissions for Kaspersky Embedded Systems Security functions, Event registration. Kaspersky Embedded Systems Security logs): you can change user privileges to access process data, change data retention periods for such data, entirely or partially disable functionality that involves data logging, and change the path and attributes of the folder where the data is logged.

The data processed by the application locally is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application during operation is removed after Kaspersky Embedded Systems Security removal from the protected device.

Exception applies to files with diagnostics information (trace and dump files), the application events in the Windows Event Log, and files with exported Kaspersky Embedded Systems Security settings - it is recommended to manually remove these files.

You can find the detailed information about working with files containing diagnostic data of the application in the corresponding sections of this Guide.

You can delete Windows Event Log files containing the program events of Kaspersky Embedded Systems Security via standard means of the operating system.

Local data processing by means of the application auxiliary components

The Kaspersky Embedded Systems Security installation package comprises the application auxiliary components, which can be installed on your device even if Kaspersky Embedded Systems Security is not installed on it. Such auxiliary components are:

The Application Console. This component is included in the Kaspersky Embedded Systems Security Administration Tools set and is represented by a Microsoft Management Console snap-in.
The Administration Plug-in. This component provides a full integration with Kaspersky Security Center application.

While performing the main functions of the application described in this Guide, the application auxiliary components locally process and store a set of data on the protected device where they are installed, even if they are installed separately from Kaspersky Embedded Systems Security.

The application components locally process and store the following data:

The Application Console: the name of the protected device with installed Kaspersky Embedded Systems Security (IP address or domain name) to which the Application Console last connected remotely; display parameters configured in the Microsoft Management Console snap-in; data about the last folder in which the user selected objects via the Application Console (by means of system dialog opened by clicking the Browse button). The Application Console trace files can also contain the following data: the name of the protected device with installed Kaspersky Embedded Systems Security application to which the remote connection was established, the name of the user account under which the remote connection was established.
The Administration Plug-in can process and temporarily store data processed by Kaspersky Embedded Systems Security; for example, configured parameters of the application tasks and components, parameters of Kaspersky Security Center policies, data sent in network lists.

The table below contains information about local processing and storing by Kaspersky Embedded Systems Security of data written in dump and trace files.

Kaspersky Embedded Systems Security locally processes and stores the following data written in dump and trace files:

Information about actions performed by Kaspersky Embedded Systems Security on the protected device.
Information about objects processed by Kaspersky Embedded Systems Security.
Information about activity on the protected device processed by Kaspersky Embedded Systems Security.
Information about errors that occurred during the running of Kaspersky Embedded Systems Security.

The data processed by the auxiliary components is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application auxiliary components during the operation is deleted after removal of these components.

The exceptions are trace files of the application auxiliary components, it is recommended to delete this files manually.

Data in trace and dump files

Kaspersky Embedded Systems Security can, in accordance with the settings, write debug information to trace files for the purposes of technical support during the operation of Kaspersky Embedded Systems Security.

Kaspersky Embedded Systems Security dump files are generated by the operating system during application crashes and are overwritten by the next crash.

Trace and dump files can include any personal data of a user or confidential data of your organization.

Do not use Kaspersky Embedded Systems Security on devices for which data submission is prohibited by the policy of your organization.

By default, Kaspersky Embedded Systems Security does not record debug information.

Trace and dump files are not automatically submitted beyond the host on which they were generated. The content of trace files can be viewed using standard text file viewers. Trace and dump files are kept indefinitely and are not deleted on uninstalling Kaspersky Embedded Systems Security.

Debug information can be useful for Technical Support.

No special mechanisms are provided for limiting access to trace and dump files. The administrator can configure this data to be written to a protected folder.

The path to the trace and dump file folder is not configured by default. To use the trace and dump folder, the administrator must specify it.

Data in trace and dump files can contain:

Actions performed by Kaspersky Embedded Systems Security on the host.
Information about objects processed by Kaspersky Endpoint Agent.
Errors arising during the operation of Kaspersky Endpoint Agent.

Page top