Kaspersky Endpoint Security for Windows 11.2.0

Managing reports

Information about the operation of each Kaspersky Endpoint Security component, data encryption events, the performance of each scan task, the update task and integrity check task, and the overall operation of the application is recorded in reports.

Reports are stored in the folder C:\ProgramData\Kaspersky Lab\KES\Report.

Reports may contain the following user data:

  • Paths to files scanned by Kaspersky Endpoint Security
  • Paths to registry keys modified during the operation of Kaspersky Endpoint Security
  • Microsoft Windows user name
  • Addresses of web pages opened by the user.

Report data is presented in the form of a table which contains a list of events. Each table line contains information on a separate event. Event attributes are located in the table columns. Certain columns are compound ones which contain nested columns with additional attributes. To view additional attributes, you must press the icon_open_column.png button next to the name of the graph. Events that are logged during the operation of various components or the performance of various tasks have different sets of attributes.

The following reports are available:

  • System Audit report. Contains information about events occurring during the interaction between the user and the application and in the course of application operation in general, which are unrelated to any particular Kaspersky Endpoint Security components or tasks.
  • Report on the operation of a Kaspersky Endpoint Security component or the execution of a task.
  • Encryption report. Contains information about events occurring during data encryption and decryption.

Reports use the following event importance levels:

  • Informational messages. Icon inquiry_event.bmp. Formal events that normally do not contain important information.
  • Warnings. Icon important_event.bmp. Events that need attention because they reflect important situations in the operation of Kaspersky Endpoint Security.
  • Critical events. Icon critical_event.bmp. Events of critical importance that indicate problems in the operation of Kaspersky Endpoint Security or vulnerabilities in the protection of the user's computer.

For convenient processing of reports, you can modify the presentation of data on the screen in the following ways:

  • Filter the event list by various criteria.
  • Use the search function to find a specific event.
  • View the selected event in a separate section.
  • Sort the list of events by each report column.
  • Display and hide events grouped by the event filter.
  • Change the order and arrangement of columns that are shown in the report.

You can save a generated report to a text file, if necessary.

You can also delete report information on Kaspersky Endpoint Security components and tasks that are combined into groups. Kaspersky Endpoint Security deletes all entries of the selected reports from the earliest entry to the current time.

If Kaspersky Endpoint Security is running under the management of Kaspersky Security Center, information about events may be transmitted to the Kaspersky Security Center Administration Server. For more details about managing reports in Kaspersky Security Center, please refer to the Kaspersky Security Center Help system.

In this section:

View reports

Viewing event information in a report

Configuring report settings

Saving a report to file

Clearing reports