Kaspersky Endpoint Security for Windows 11.0.0
English
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
English
- Čeština (Česká republika)
- Deutsch
- Español (España)
- Español (México)
- Français
- Italiano
- Magyar (Magyarország)
- Nederlands (Nederland)
- Polski (Polska)
- Português (Brasil)
- Português (Portugal)
- Română (România)
- Tiếng Việt (Việt Nam)
- Türkçe (Türkiye)
- Русский
- العربية (الإمارات العربية المتحدة)
- 한국어 (대한민국)
- 简体中文
- 繁體中文
- 日本語(日本)
- About Kaspersky Endpoint Security for Windows
- Installing and removing the application
- Installing the application
- About ways to install the application
- Installing the application by using the Setup Wizard
- Step 1. Making sure that the computer meets installation requirements
- Step 2. Welcome page of the installation procedure
- Step 3. Viewing the License Agreement and Privacy Policy
- Step 4. Selecting the installation type
- Step 5. Selecting application components to install
- Step 6. Selecting the destination folder
- Step 7. Adding scan exclusions
- Step 8. Preparing for application installation
- Step 9. Application installation
- Installing the application from the command line
- Remotely installing the application using System Center Configuration Manager
- Description of setup.ini file installation settings
- Initial Configuration Wizard
- Step 1. Application activation
- Step 2. Activating with an activation code
- Step 3. Activating with a key file
- Step 4. Selecting the functions to activate
- Step 5. Completing activation
- Step 6. Finishing the initial configuration of the application
- Step 7. Analyzing the operating system
- Step 8. Kaspersky Security Network Statement
- Updating to the new version of the application
- Removing the application
- Installing the application
- Application interface
- Application licensing
- About the End User License Agreement
- About the license
- About the license certificate
- About subscription
- About activation code
- About the key
- About the key file
- About data provision
- Viewing license information
- Purchasing a license
- Renewing subscription
- Visiting the website of the service provider
- About application activation methods
- Starting and stopping the application
- Participation in Kaspersky Security Network
- About participation in Kaspersky Security Network
- Enabling and disabling use of Kaspersky Security Network
- About data provision when using Kaspersky Security Network
- Enabling and disabling cloud mode for protection components
- Checking the connection to Kaspersky Security Network
- Checking the reputation of a file in Kaspersky Security Network
- Enhanced protection with Kaspersky Security Network
- Application Behavior Detection
- Exploit Prevention
- Host Intrusion Prevention
- About Host Intrusion Prevention
- Limitations of audio and video device control
- Enabling and disabling Host Intrusion Prevention
- Managing application trust groups
- Managing Application control rules
- Changing application control rules for trust groups and groups of applications
- Editing an application control rule
- Disabling downloads and updates of application control rules from the Kaspersky Security Network database
- Disabling the inheritance of restrictions from the parent process
- Excluding specific application actions from application control rules
- Removing outdated application control rules
- Protecting operating system resources and identity data
- Remediation Engine
- File Threat Protection
- About File Threat Protection
- Enabling and disabling File Threat Protection
- Automatic pausing of File Threat Protection
- File Threat Protection settings
- Changing the security level
- Changing the action taken on infected files by the File Threat Protection component
- Forming the protection scope of the File Threat Protection component
- Using heuristic analysis in the operation of the File Threat Protection component
- Using scan technologies in the operation of the File Threat Protection component
- Optimizing file scanning
- Scanning compound files
- Changing the scan mode
- Web Threat Protection
- About Web Threat Protection
- Enabling and disabling Web Threat Protection
- Web Threat Protection settings
- Changing the web traffic security level
- Changing the action to take on malicious web traffic objects
- Web Threat Protection scanning of links to check them against databases of phishing and malicious web addresses
- Using heuristic analysis in the operation of the Web Threat Protection component
- Editing the list of trusted web addresses
- Mail Threat Protection
- Network Threat Protection
- Firewall
- BadUSB Attack Prevention
- Application Control
- About Application Control
- Enabling and disabling Application Control
- Application Control functionality limitations
- About Application Control rules
- Managing Application Control rules
- Editing Application Control message templates
- About Application Control operating modes
- Selecting the Application Control mode
- Managing Application Control rules using Kaspersky Security Center
- Gathering information about applications that are installed on user computers
- Gathering information about applications that are started on user computers
- Creating application categories
- Step 1. Selecting the category type
- Step 2. Entering a user category name
- Step 3. Configuring the conditions for including applications in a category
- Step 4. Configuring the conditions for excluding applications from a category
- Step 5. Settings
- Step 6. Repository folder
- Step 7. Creating a custom category
- Adding executable files from the Executable files folder to the application category
- Adding and modifying an Application Control rule using Kaspersky Security Center
- Changing the status of an Application Control rule via Kaspersky Security Center
- Testing Application Control rules using Kaspersky Security Center
- Viewing events resulting from test operation of the Application Control component
- Viewing events resulting from operation of the Application Control component
- Adding event-related executable files to the application category
- Viewing a report on test blocked runs
- Viewing a report on blocked runs
- Best practices for implementing white list mode
- Device Control
- About Device Control
- Enabling and disabling Device Control
- About rules of access to devices and connection buses
- About trusted devices
- Standard decisions on access to devices
- Editing a device access rule
- Adding or excluding records to or from the event log
- Adding a Wi-Fi network to the trusted list
- Editing a connection bus access rule
- Actions with trusted devices
- Adding a device to the Trusted list from the application interface
- Adding devices to the Trusted list based on the device model or ID
- Adding devices to the Trusted list based on the mask of the device ID
- Configuring user access to a trusted device
- Removing a device from the list of trusted devices
- Importing the list of trusted devices
- Exporting the list of trusted devices
- Editing templates of Device Control messages
- Anti-Bridging
- Obtaining access to a blocked device
- Creating a key for accessing a blocked device using Kaspersky Security Center
- Web Control
- About Web Control
- Enabling and disabling Web Control
- Web resource content categories
- About web resource access rules
- Actions with web resource access rules
- Migrating web resource access rules from previous versions of the application
- Exporting and importing the list of web resource addresses
- Editing masks for web resource addresses
- Editing templates of Web Control messages
- Data Encryption
- About data encryption
- Encryption functionality limitations
- Changing the encryption algorithm
- Enabling Single Sign-On (SSO) technology
- Special considerations for file encryption
- File Level Encryption on local computer drives
- Encryption of removable drives
- Full Disk Encryption
- Using the Authentication Agent
- Using a token and smart card with Authentication Agent
- Editing Authentication Agent help messages
- Limited support for characters in Authentication Agent help messages
- Selecting the Authentication Agent trace level
- Managing Authentication Agent accounts
- Adding a command for creating an Authentication Agent account
- Adding an Authentication Agent account editing command
- Adding a command for deleting an Authentication Agent account
- Restoring Authentication Agent account credentials
- Responding to a user request to restore Authentication Agent account credentials
- Viewing data encryption details
- Managing encrypted files with limited file encryption functionality
- Working with encrypted devices when there is no access to them
- Obtaining access to encrypted devices through the application interface
- Granting user access to encrypted devices
- Providing a user with a recovery key for hard drives encrypted with BitLocker
- Creating the executable file of Restore Utility
- Restoring data on encrypted devices using the Restore Utility
- Responding to a user request to restore data on encrypted devices
- Restoring access to encrypted data after operating system failure
- Creating an operating system rescue disk
- Endpoint Sensor
- Updating databases and application software modules
- Scanning the computer
- About scan tasks
- Starting or stopping a scan task
- Configuring scan task settings
- Changing the security level
- Changing the action to take on infected files
- Generating a list of objects to scan
- Selecting the type of files to scan
- Optimizing file scanning
- Scanning compound files
- Using scan methods
- Using scan technologies
- Selecting the run mode for the scan task
- Starting a scan task under the account of a different user
- Scanning removable drives when they are connected to the computer
- Working with active threats
- Checking the integrity of application modules
- Managing reports
- Notification service
- Managing Backup
- Advanced application settings
- Trusted zone
- About the trusted zone
- Creating a scan exclusion
- Modifying a scan exclusion
- Deleting a scan exclusion
- Enabling and disabling a scan exclusion
- Editing the list of trusted applications
- Enabling and disabling trusted zone rules for an application in the list of trusted applications
- Using trusted system certificate storage
- Network Protection
- Kaspersky Endpoint Security Self-Defense
- Kaspersky Endpoint Security performance and compatibility with other applications
- About Kaspersky Endpoint Security performance and compatibility with other applications
- Selecting types of detectable objects
- Enabling or disabling Advanced Disinfection technology for workstations
- Enabling or disabling Advanced Disinfection technology for file servers
- Enabling or disabling energy-saving mode
- Enabling or disabling conceding of resources to other applications
- Password protection
- Creating and using a configuration file
- Trusted zone
- Remote administration of the application through Kaspersky Security Center
- Managing the application from the command line
- Commands
- SCAN. Virus Scan
- UPDATE. Updating databases and application software modules
- ROLLBACK. Rolling back the last update
- TRACES. Traces
- START. Start the profile
- STOP. Stopping a profile
- STATUS. Profile status
- STATISTICS. Profile operation statistics
- RESTORE. Restoring files
- EXPORT. Exporting application settings
- IMPORT. Importing application settings
- ADDKEY. Applying a key file.
- LICENSE. Licensing
- RENEW. Purchasing a license
- PBATESTRESET. Reset the pre-encryption check results
- EXIT. Exit the application
- EXITPOLICY. Disabling policy
- STARTPOLICY. Enabling policy
- DISABLE. Disabling protection
- SPYWARE. Spyware detection
- Appendix. Application profiles
- Commands
- Sources of information about the application
- Contacting Technical Support
- Glossary
- Active key
- Additional key
- Administration group
- Administration Server
- Anti-virus databases
- Application modules
- Application settings
- Archive
- Authentication Agent
- Backup
- Black list of addresses
- Certificate
- Certificate issuer
- Certificate subject
- Certificate thumbprint
- Database of malicious web addresses
- Database of phishing web addresses
- Disinfection
- Exploits
- False alarm
- File mask
- Heuristic Analysis
- Infectable file
- Infected file
- License certificate
- Network Agent
- Network Agent Connector
- Network service
- Normalized form of the address of a web resource
- OLE object
- Patch
- Phishing
- Portable File Manager
- Protection scope
- Scan scope
- Signature Analysis
- Task
- Task settings
- Trusted Platform Module
- Update
- Information about third-party code
- Trademark notices
Contacting Technical Support > Collecting information for Technical Support > Contents and storage of trace files
Contents and storage of trace files
Contents and storage of trace files
The user is personally responsible for ensuring the safety of data collected, particularly for monitoring and restricting access to collected data stored on the computer until it is submitted to Kaspersky.
Trace files are stored on the computer as long as the application is in use, and are deleted permanently when the application is removed.
Trace files are stored in the ProgramData\Kaspersky Lab folder.
The trace file has the following name format: KES<version number_dateXX.XX_timeXX.XX_pidXXX.><trace file type>.log.
The Authentication Agent trace file is stored in the System Volume Information folder and has the following name: KLFDE.{EB2A5993-DFC8-41a1-B050-F0824113A33A}.PBELOG.bin.
You can view data saved in trace files.
All trace files contain the following common data:
- Event time.
- Number of the thread of execution.
The Authentication Agent trace file does not contain this information.
- Application component that caused the event.
- Degree of event severity (informational event, warning, critical event, error).
- A description of the event involving command execution by a component of the application and the result of execution of this command.
Contents of SRV.log, GUI.log, and ALL.log trace files
SRV.log, GUI.log, and ALL.log trace files may store the following information in addition to general data:
- Personal data, including the last name, first name, and middle name, if such data is included in the path to files on the local computer.
- The user name and password if they were transmitted openly. This data can be recorded in trace files during Internet traffic scanning. Traffic is recorded in trace files only from trafmon2.ppl.
- The user name and password if they are contained in HTTP headers.
- The name of the Microsoft Windows account if the account name is included in a file name.
- Your email address or a web address containing the name of your account and password if they are contained in the name of the object detected.
- Websites that you visit and redirects from these websites. This data is written to trace files when the application scans websites.
- Proxy server address, computer name, port, IP address, and user name used to sign in to the proxy server. This data is written to trace files if the application uses a proxy server.
- Remote IP addresses to which your computer established connections.
- Message subject, ID, sender's name and address of the message sender's web page on a social network. This data is written to trace files if the Web Control component is enabled.
Contents of HST.log, BL.log, Dumpwriter.log, WD.log, AVPCon.dll.log trace files
In addition to general data, the HST.log trace file contains information about the execution of a database and application module update task.
In addition to general data, the BL.log trace file contains information about events occurring during operation of the application, as well as data required to troubleshoot application errors. This file is created if the application is started with the avp.exe –bl parameter.
In addition to general data, the Dumpwriter.log trace file contains service information required for troubleshooting errors that occur when the application dump file is written.
In addition to general data, the WD.log trace file contains information about events occurring during operation of the avpsus service, including application module update events.
In addition to general data, the AVPCon.dll.log trace file contains information about events occurring during the operation of the Kaspersky Security Center connectivity module.
Contents of trace files of application plug-ins
Trace files of application plug-ins contain the following information in addition to general data:
- The shellex.dll.log trace file of the plug-in that starts the scan task from the context menu contains information about the execution of the scan task and data required to debug the plug-in.
- The mcou.OUTLOOK.EXE trace file of the Mail Threat Protection plug-in may contain parts of email messages, including email addresses.
Contents of the Authentication Agent trace file
In addition to general data, the Authentication Agent trace file contains information about the operation of Authentication Agent and the actions performed by the user with Authentication Agent.
Article ID: 124710, Last review: Dec 22, 2022