About data provision

By accepting the terms of the End User License Agreement, you agree to automatically send the following data to Kaspersky:

To support the mechanism for receiving updates – information about the installed application and licensing certificate: identifier of the application being installed and its full version, including build number, type, and license identifier, installation identifier, unique update task identifier.
To manage confirmations for data processing – information about the status of acceptance of the License Agreement and other documents, that stipulate data transferring terms: identifier and version of License Agreement or other document, as a part of which the data processing terms are accepted or declined; an attribute, signifying the user’s action (confirmation or recall of the terms acceptance); date and time of status changes of the data processing terms acceptance.
To activate the application with an activation code - information about the type, version and localization of the installed application, versions of the installed updates, the identifier of the protected device and the identifier of the application installation on the protected device, the activation code and the unique identifier of the current license, the type, version and word size of the operating system, the name of the virtual environment when the application is installed in the virtual environment, and identifiers of the application components that are active at the time the information is provided.

The data Kaspersky receives from you when you use the application is protected and processed in accordance with the requirements established by the law and the current Kaspersky rules. Data is transmitted via encrypted communication channels. For more detailed information about processing, storage, and destruction of information obtained during the use of the application and transmitted to Kaspersky, please refer to the Privacy Policy on www.kaspersky.com/Products-and-Services-Privacy-Policy.

Local data processing

While executing the application's primary functions described in this Guide, Kaspersky Industrial CyberSecurity for Nodes locally processes and stores a sequence of data on the protected device.

The table below contains information about local processing and storing by Kaspersky Industrial CyberSecurity for Nodes of data contained in reports.

Processing and storing of data contained in reports

Functional area	Audit.
Type of use	Kaspersky Industrial CyberSecurity for Nodes stores the data locally and sends the data to the Administration Server. The Administration Server database stores information about application events that occur on the managed protected devices.
Storage	%ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\<product version>\Reports %SystemRoot%\System32\Winevt\Logs\Kaspersky Security.evtx Administration Server's database
Security measures	Access-control list.
Storage period	Kaspersky Industrial CyberSecurity for Nodes stores the data until the uninstallation of Kaspersky Industrial CyberSecurity for Nodes. During the Kaspersky Industrial CyberSecurity for Nodes uninstallation, all the data stored by Kaspersky Industrial CyberSecurity for Nodes on the protected device is deleted.
Purpose	Providing primary functionality.

Kaspersky Industrial CyberSecurity for Nodes does not delete events in the Windows Event Log.

Kaspersky Industrial CyberSecurity for Nodes locally processes and stores in reports the following data:

Names and attributes of processed files and full paths to them on the scanned media.
Actions taken on scanned files by Kaspersky Industrial CyberSecurity for Nodes.
User actions taken on scanned files on the protected device.
Information about accounts of users performing any actions on the protected network or protected device.
Device Instance Path values for devices added to the Device Control rules.
Information about processes and scripts running on the system: checksums (MD5, SHA-256) and full paths to executable files, information about digital certificates.
Windows Firewall settings.
Windows Event Log entries.
Names of user accounts taking actions on scanned files on the protected device.
Instances of executable files being started, and the types, names, checksums, and attributes of these files.
Information about network activity: the IP addresses of blocked external devices, identifiers of compromised logon sessions from which access to protected shared resources was performed.
Information about the Wi-Fi networks, that protected device connects to: network names and network identifiers.
Information about the PLC projects, that are added to the protection scope, including PLC connection settings (IP, rack and slot numbers, password) and firmware checksums.
Information about the Windows USN Journal status.

The table below contains information about local processing and storing by Kaspersky Industrial CyberSecurity for Nodes of data about parameters specified by a user.

Kaspersky Industrial CyberSecurity for Nodes processes and stores only the parameters' data specified by a user.

Processing and storing of data about parameters specified by a user

Functional area	Auto-remediation, Sandbox integration.
Type of use	Kaspersky Industrial CyberSecurity for Nodes stores the data about parameters locally and sends the data to the Administration Server. The Administration Server's database stores information about parameters of the managed protected devices.
Storage	%ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\<product version>\
Security measures	Access-control list.
Storage period	Kaspersky Industrial CyberSecurity for Nodes stores the data until the uninstallation of Kaspersky Industrial CyberSecurity for Nodes. During the Kaspersky Industrial CyberSecurity for Nodes uninstallation, all the data stored by Kaspersky Industrial CyberSecurity for Nodes on the protected device is deleted.
Purpose	Providing primary functionality.

Kaspersky Industrial CyberSecurity for Nodes does not delete the data about parameters exported into configuration file.

Kaspersky Industrial CyberSecurity for Nodes does not delete Quarantine objects and Backup objects if the Export quarantine objects and Export quarantine objects check boxes are selected in the Setup Wizard.

Kaspersky Industrial CyberSecurity for Nodes locally processes and stores the following data about parameters specified by a user:

Information about objects placed in Quarantine or Backup.
Information about the settings configured via the Application Console or via the Administration Plug-in, for example:
- Kaspersky Industrial CyberSecurity for Nodes password, names of user accounts under which Kaspersky Industrial CyberSecurity for Nodes tasks are run.
- The name of user account used for proxy server authentication.
- The addresses of network folders or folders on the HTTP or FTP servers used as user-defined update sources.
- Information about the Wi-Fi networks.
- Information about the PLC projects, that are added to the protection scope, including PLC connection settings and firmware checksums.
- IP addresses and identifiers of blocked logon sessions.
- Windows Firewall settings.
- Checksums (MD5, SHA-256) and paths to executable files added to the Application Launch Control task rules.
- Device Instance Path values for devices added to the Device Control rules.
- Information about folders included in scopes of Kaspersky Industrial CyberSecurity for Nodes tasks.
- Information about events in the Windows Event Log.
- Information about files detected through the use of iSwift or iCheker technology.
- Checksums (MD5, SHA-256) and paths to the files added to the Trusted Zone.
- Information about added license keys.
- Information about digital certificates.
- Checksums of the files, digital certificates data, full paths to the files (SDC database, files for Baseline File Integrity Monitor task).
- Temporary files created when the application scans the archives.
- Information in %SystemRoot%.
Data about files processed by the Kaspersky Industrial CyberSecurity for Nodes, for example, checksums (MD5, SHA-256) of files, information about digital certificates, full paths to files.

Kaspersky Industrial CyberSecurity for Nodes processes and stores data as part of the application's basic functionality, including to log application events and receive diagnostic data. Locally processed data is processed and protected in accordance with the configured and applied application settings.

Kaspersky Industrial CyberSecurity for Nodes lets you configure the level of protection for data processed locally: you can change user privileges to access process data, change data retention periods for such data, entirely or partially disable functionality that involves data logging, and change the path and attributes of the folder on the drive where data is logged.

Detailed information about configuring application functionality that involves data processing can be found in the corresponding sections of this Guide.

Local data processing by means of the application auxiliary components

The Kaspersky Industrial CyberSecurity for Nodes installation package comprises the application auxiliary components, which can be installed on your device even if Kaspersky Industrial CyberSecurity for Nodes is not installed on it.

While performing the main functions of the application described in this Guide, the application auxiliary components locally process and store a set of data on the protected device where they are installed, even if they are installed separately from Kaspersky Industrial CyberSecurity for Nodes.

The table below contains information about local processing and storing by Kaspersky Industrial CyberSecurity for Nodes of data written in dump and trace files.

By default, Kaspersky Industrial CyberSecurity for Nodes does not write dump and trace files.

Processing and storing of data written in dump and trace files

Storage	By default the folder to which dump and trace files are saved is not specified. You can specify the folder
Security measures	Kaspersky Industrial CyberSecurity for Nodes does not restrict access to dump and trace files.
Storage period	Kaspersky Industrial CyberSecurity for Nodes does not delete dump and trace files.
Purpose	Providing technical support.

Kaspersky Industrial CyberSecurity for Nodes locally processes and stores the following data written in dump and trace files:

Information about actions performed by Kaspersky Industrial CyberSecurity for Nodes on the protected device.
Information about objects processed by Kaspersky Industrial CyberSecurity for Nodes.
Information about errors that occurred during the running of Kaspersky Industrial CyberSecurity for Nodes.

The data processed by the auxiliary components is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application auxiliary components during the operation is deleted after removal of these components.

The exception is trace files of auxiliary application components. We recommend that you delete these files manually.

You can find the detailed information about working with files containing diagnostic data of the application auxiliary components in the corresponding sections of this Guide.

Page top