Contents and storage of trace files

The user is personally responsible for ensuring the safety of data collected, particularly for monitoring and restricting access to collected data stored on the computer until it is submitted to Kaspersky.

Trace files are stored on the computer as long as the application is in use, and are deleted permanently when the application is removed.

Trace files are stored in the ProgramData\Kaspersky Lab folder.

The trace file has the following name format: KES<version number_dateXX.XX_timeXX.XX_pidXXX.><trace file type>.log.

The Authentication Agent trace file is stored in the System Volume Information folder and has the following name: KLFDE.{EB2A5993-DFC8-41a1-B050-F0824113A33A}.PBELOG.bin.

You can view data saved in trace files.

All trace files contain the following common data:

• Event time.
• Number of the thread of execution.

  The Authentication Agent trace file does not contain this information.

• Application component that caused the event.
• Degree of event severity (informational event, warning, critical event, error).
• A description of the event involving command execution by a component of the application and the result of execution of this command.

Contents of SRV.log, GUI.log, and ALL.log trace files

SRV.log, GUI.log, and ALL.log trace files may store the following information in addition to general data:

• Personal data, including the last name, first name, and middle name, if such data is included in the path to files on the local computer.
• The user name and password if they were transmitted openly. This data can be recorded in trace files during Internet traffic scanning. Traffic is recorded in trace files only from trafmon2.ppl.
• The user name and password if they are contained in HTTP headers.
• The name of the Microsoft Windows account if the account name is included in a file name.
• Your email address or a web address containing the name of your account and password if they are contained in the name of the object detected.
• Websites that you visit and redirects from these websites. This data is written to trace files when the application scans websites.
• Proxy server address, computer name, port, IP address, and user name used to sign in to the proxy server. This data is written to trace files if the application uses a proxy server.
• Remote IP addresses to which your computer established connections.
• Message subject, ID, sender's name and address of the message sender's web page on a social network. This data is written to trace files if the Web Control component is enabled.

Contents of HST.log, BL.log, Dumpwriter.log, WD.log, AVPCon.dll.log trace files

In addition to general data, the HST.log trace file contains information about the execution of a database and application module update task.

In addition to general data, the BL.log trace file contains information about events occurring during operation of the application, as well as data required to troubleshoot application errors. This file is created if the application is started with the avp.exe –bl parameter.

In addition to general data, the Dumpwriter.log trace file contains service information required for troubleshooting errors that occur when the application dump file is written.

In addition to general data, the WD.log trace file contains information about events occurring during operation of the avpsus service, including application module update events.

In addition to general data, the AVPCon.dll.log trace file contains information about events occurring during the operation of the Kaspersky Security Center connectivity module.

Contents of trace files of application plug-ins

Trace files of application plug-ins contain the following information in addition to general data:

• The shellex.dll.log trace file of the plug-in that starts the scan task from the context menu contains information about the execution of the scan task and data required to debug the plug-in.
• The mcou.OUTLOOK.EXE trace file of the Mail Threat Protection plug-in may contain parts of email messages, including email addresses.

Contents of the Authentication Agent trace file

In addition to general data, the Authentication Agent trace file contains information about the operation of Authentication Agent and the actions performed by the user with Authentication Agent.

Page top