Reports and storage

Reports

Information about the operation of each Kaspersky Endpoint Security component, data encryption events, the performance of each scan task, the update task and integrity check task, and the overall operation of the application is recorded in reports.

Reports are stored in the folder C:\ProgramData\Kaspersky Lab\KES.21.13\Report.

Backup

Backup stores backup copies of files that were deleted or modified during disinfection. A backup copy is a file copy created before the file was disinfected or deleted. Backup copies of files are stored in a special format and do not pose a threat.

Backup copies of files are stored in the folder C:\ProgramData\Kaspersky Lab\KES.21.13\QB.

Users in the Administrators group are granted full permission to access this folder. Limited access rights to this folder are granted to the user whose account was used to install Kaspersky Endpoint Security.

Kaspersky Endpoint Security does not provide the capability to configure user access permissions to backup copies of files.

Quarantine

Quarantine is a special local storage on the computer. The user can quarantine files that the user considers dangerous for the computer. Quarantined files are stored in an encrypted state and do not threaten the security of the device. Kaspersky Endpoint Security uses Quarantine only when working with Detection and Response solutions: EDR Optimum, EDR Expert, KATA (EDR), Kaspersky Sandbox. In other cases Kaspersky Endpoint Security places the relevant file in Backup. For details on managing Quarantine as part of solutions, please refer to the Kaspersky Sandbox Help, Kaspersky Endpoint Detection and Response Optimum Help, and Kaspersky Endpoint Detection and Response Expert Help, Kaspersky Anti Targeted Attack Platform Help.

Quarantine can only be configured using Web Console. You can also use Web Console to manage quarantined objects (restore, delete, add, etc). You can restore objects locally on the computer using the command line.

Kaspersky Endpoint Security uses the system account (SYSTEM) to quarantine files.

Settings of reports and storage

Parameter

Description

Store reports no longer than N days

If the check box is selected, the maximum report storage term is limited to the defined time interval. The default maximum storage term for reports is 30 days. After that period of time, Kaspersky Endpoint Security automatically deletes the oldest entries from the report file.

Limit the size of report file to N MB

If the check box is selected, the maximum report file size is limited to the defined value. By default, the maximum file size is 1024 MB. To avoid exceeding the maximum report file size, Kaspersky Endpoint Security automatically deletes the oldest entries from the report file when the maximum report file size is reached.

Store objects no longer than N days

If the check box is selected, the maximum file storage term is limited to the defined time interval. The default maximum storage term for files is 30 days. After expiration of the maximum storage term, Kaspersky Endpoint Security deletes the oldest files from Backup.

Limit the size of Backup to N MB

If the check box is selected, the maximum storage size is limited to the defined value. By default, the maximum size is 1024 MB. To avoid exceeding the maximum storage size, Kaspersky Endpoint Security automatically deletes the oldest files from storage when the maximum storage size is reached.

Limit the size of Quarantine to N MB

Maximum Quarantine size in MB. For example, you can set the maximum Quarantine size to 200 MB. When Quarantine reaches maximum size, Kaspersky Endpoint Security sends the corresponding event to Kaspersky Security Center and publishes the event in Windows Event Log. Meanwhile the application stops quarantining new objects. You must empty the Quarantine manually.

Notify when the Quarantine storage reaches N percent

Threshold value of the Quarantine. For example, you can set the Quarantine threshold to 50%. When Quarantine reaches the threshold, Kaspersky Endpoint Security sends the corresponding event to Kaspersky Security Center and publishes the event in Windows Event Log. Meanwhile the application continues quarantining new objects.

Data transfer to Administration Server

(available only in Kaspersky Security Center)

Categories of events on client computers whose information must be relayed to the Administration Server.

See also

Viewing reports

Saving a report to file

Clearing reports

Configuring the maximum Quarantine size

Sending data about quarantined files to Kaspersky Security Center

Restoring files from Quarantine

Page top