You are personally responsible for the security of the data that is stored on your computer, particularly for monitoring and restricting access to the data until it is submitted to Kaspersky.
Trace files are stored on the computer as long as the application is in use, and are deleted permanently when the application is removed.
Trace files, except trace files of Authentication Agent, are stored in the folder %ProgramData%\Kaspersky Lab\KES\Traces.
Trace files are named as follows: KES<service version number_dateXX.XX_timeXX.XX_pidXXX.><trace file type>.log.
You can view data saved in trace files.
All trace files contain the following common data:
The Authentication Agent trace file does not contain this information.
Kaspersky Endpoint Security saves user passwords to a trace file only in encrypted form.
Contents of SRV.log, GUI.log, and ALL.log trace files
SRV.log, GUI.log, and ALL.log trace files may store the following information in addition to general data:
Contents of HST.log, BL.log, Dumpwriter.log, WD.log, AVPCon.dll.log trace files
In addition to general data, the HST.log trace file contains information about the execution of a database and application module update task.
In addition to general data, the BL.log trace file contains information about events occurring during operation of the application, as well as data required to troubleshoot application errors. This file is created if the application is started with the avp.exe –bl parameter.
In addition to general data, the Dumpwriter.log trace file contains service information required for troubleshooting errors that occur when the application dump file is written.
In addition to general data, the WD.log trace file contains information about events occurring during operation of the avpsus service, including application module update events.
In addition to general data, the AVPCon.dll.log trace file contains information about events occurring during the operation of the Kaspersky Security Center connectivity module.
Contents of performance trace files
Performance trace files are named as follows: KES<version number_dateXX.XX_timeXX.XX_pidXXX.>PERF.HAND.etl.
In addition to general data, performance trace files contain information about the load on the processor, information about the loading time of the operating system and applications, and information about running processes.
Contents of the AMSI Protection component trace file
In addition to general data, the AMSI.log trace file contains information about the results of scans performed on requests from third-party applications.
Contents of trace files of the Mail Threat Protection component
The trace file mcou.OUTLOOK.EXE.log may contain parts of email messages, including email addresses, in addition to general data.
Contents of trace files of the Scan from Context Menu component
The shellex.dll.log trace file contains information about completion of the scan task and data required to debug the application, in addition to general information.
Contents of trace files of the application web plug-in
Trace files of the application web plug-in are stored on the computer on which Kaspersky Security Center 12 Web Console is deployed, in the folder Program Files\Kaspersky Lab\Kaspersky Security Center Web Console 12\logs.
Trace files of the application web plug-in are named as follows: logs-kes_windows-<type of trace file>.DESKTOP-<date of file update>.log. Web Console begins writing data after installation and deletes the trace files after Web Console is removed.
Trace files of the application web plug-in contain the following information in addition to general data:
Contents of the Authentication Agent trace file
The Authentication Agent trace file is stored in the System Volume Information folder and is named as follows: KLFDE.{EB2A5993-DFC8-41a1-B050-F0824113A33A}.PBELOG.bin.
In addition to general data, the Authentication Agent trace file contains information about the operation of Authentication Agent and the actions performed by the user with Authentication Agent.
Page top