About data provision

The Software means software including any Updates and related materials.

Rightholder (owner of all rights, whether exclusive or otherwise to the Software) means AO Kaspersky Lab, a company incorporated according to the laws of the Russian Federation.

Computer(s) means hardware, including personal computers, laptops, workstations, personal digital assistants, "smart phones", handheld devices, or other electronic devices for which the Software was designed where the Software will be installed and/or used.

End User (You/Your) means individual(s) installing or using the Software on their own behalf or who are legally using a copy of the Software. If the Software is being downloaded or installed on behalf of an organization, such as an employer, "You" hereinafter means the organization for which the Software is downloaded or installed and it is represented hereby that such organization has authorized the person accepting this agreement to do so on its behalf.

Update(s) means all upgrades, revisions, patches, enhancements, fixes, modifications, copies, additions or maintenance packs, etc.

Trace files mean data containing information on work of the Software or its components.

Dump files mean the contents of system memory of the Software processes at the time of generation.

System information files mean data containing information about Computer.

By accepting the terms of the End User License Agreement, You agree to submit information about the copy of Kaspersky Internet Security installed on Your Computer, Software version and preferences, and activation of the Software to Kaspersky Lab, which is done to improve real-time protection.

When You participate in Kaspersky Security Network, the following information obtained as a result of Kaspersky Internet Security operation is automatically sent from the Computer to Kaspersky Lab:

Information about the operating system (OS) installed on the Computer and installed Updates.
Information about the Rightholder's installed Software and the anti-virus protection status, including the version of the Software, the unique Software identifiers on the Computer, and information about Updates.
Information about all scanned objects and actions, including the name of the scanned object, the date and time of the scan, the web address and Referrer from which it was downloaded, the names and size of scanned files and the paths to them, a sign in the archive, the date and time of file creation, the name of the packer (if the file was packed), the file entropy, the file type, the file type code, identifier and format, the web addresses from which the object is downloaded, the object checksum (MD5, SHA256), the type and value of the object supplementary checksum, data about the object's digital signature (certificate), and number of starts of the object since the last statistics sending the task identifier of the Software that performed the scan.
For executable files: sign of sending service information, reputation verification flag or file signature flag, name, type, ID, type, checksum (MD5, SHA256) and the size of the application that was loaded by the object being validated, the application path and template paths, a sign of the Autorun list, date of entry, the list of attributes, name of the Packer, information about the digital signature of the application, including the publisher certificate, and the name of the uploaded file in MIME format.
Information about the running applications and their modules, including checksums (MD5, SHA256) of running files, size, attributes, creation date, and PE file header information, names of packers (if the file was packed), code of the account under which the process has been started, command line parameters used to start the process, and names of files and their modules, the checksums of the files (SHA256), running of the executable file, the identifier conditions for the formation of statistics based on the information provided, an identifier of the existence and validity of the data provided in the statistics.
If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus databases, the name of the threat based on the Rightholder's classification, the checksum (MD5) of the application file that requested the web addresses where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the identifier of the type of traffic in which the threat was detected, the vulnerability identifier and its threat level, the web address where the vulnerability was detected, the number of the script on the page, the identifier of the danger, type, and status of the detected vulnerability, and the intermediate results of object analysis.
Information about network attacks, including the IP address of the attacking computer and the user Computer's port number at which the network attack is directed, the identifier of the protocol used to carry out the attack, and the name and type of attack.
The web address and IP address of the webpage where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the web address, the identifier and weight of the rule used to reach a decision, and the objective of the attack.
Information about changes made by the user in the list of websites protected by the Safe Money component, including the web address of the website, a flag indicating a website has been added, modified, or deleted, and the mode in which Safe Money runs for the website.

Aggregated data from the results of scanning using the local and cloud KSN databases, including the number of unique unknown objects, the number of unique trusted objects, the number of unique untrusted objects; the total number of "unknown object", "trusted object", and "untrusted object" statuses, and the number of objects that have been: trusted based on validation of a certificate, designated as trusted based on a trusted web address, or recognized as trusted based on transfer of trust from a trusted process; the number of unknown objects for which no decision regarding trust has been made, the number of objects that the user has designated as trusted, version of the private KSN database on the Computer at the time the statistics are sent, the Software's database settings identifier, information about successful/unsuccessful requests to KSN, the duration of sessions with KSN, the amount of data sent and received, and the times at which the collection of information to be sent to KSN was started and stopped.

Kaspersky Security Network may process and submit whole files, including objects detected through malicious links that might be used by criminals to harm Your Computer and/or parts of these files, to Kaspersky Lab for additional examination.

Additionally, to prevent incidents and investigate those that do occur, trusted executable and non-executable files, application activity reports, portions of the Computer's RAM, and the operating system's boot sector may be sent.

To improve the quality of the Software, You agree to provide Kaspersky Lab with the following information:

Information about use of the user interface of Software, including information about the opening of the interface windows (including identifiers and names of windows and used control elements) and switching between windows, information about the reason for opening a window, the date and time the interface was started and the stages of interface startup, the time and type of the user's interaction with the interface, and information about changes to settings and apllication parameters (including the name of the setting or parameter, and the old and new values).
The ID of the Software in interactive mode.

To receive the most relevant information and promotions, You agree to provide information about the identifier of the Software settings, the word size of the operating system installed on the Computer, information about the Software’s connection to the Rightholder’s services, and the User’s unique identifier for the Rightholder’s services.

You acknowledge, accept and agree to receive informational materials via the Software from the Rightholder and/or its Partners intended to help improve the protection level of the Computer.

You agree to submit the following information for the purpose of Software identification during database and module Updates:

Software ID (AppID)
Active license ID
Unique Software installation ID (InstallationID)
Unique Update task launch ID (SessionID)
Version of Software (BuildInfo)

To provide data on the global distribution of the Software, You agree to submit the following information to the Rightholder automatically:

Software installation and activation dates
ID of the Partner that provided the Software activation license
Software ID, version of the Software installed, including versions of installed upgrades, and ID of the language localization of the Software
Unique ID of the Computer and unique ID of Software installation
Type of Computer
Serial number of Software license installed

To enhance operational security, You agree to automatically provide the Rightholder with the following information about web addresses and files for which reputation information is requested:

Web address for which the reputation request is being made
Type of connection protocol
Internal identifier of the type of product
Port number in use
Software installation ID
User ID
Web address from which the scanned web address was received
Checksum (MD5) of the file for which the reputation request is being made
Type of threat detected
Information about the record for which the reputation decision was delivered (including the ID of the record in the database, the timestamp of the record, and the record type)

To facilitate timely detection and correction of installation errors and to ensure accurate user counts, You agree to provide the following information:

Full information about the Software version
Software ID
ID of the Software full name in the IT Globalbase database
Your Computer ID
Customization ID
ID of the Partner that provided the Software activation license
Operating system type
Full information about the operating system version
Information about the operating system edition
Bit version of the operating system (32- or 64-bit)
Additional information about the operating system
Device type
Device information
Localization
Software customization name
License type
License term
Error code
Error category
Installation type (new installation, upgrade, silent update)

Any information transferred does not contain any personal or other confidential data of the User. The Rightholder protects any information received in this way as prescribed by law.

If Kaspersky Internet Security returns an error, the user can send a file containing the following data to Kaspersky Lab:

Process name and ID
Path to the executable module
Software version
Bit version of the process (32- or 64-bit)
Parent process name and ID
Software crash date and time
Operating system version
Report version
Type of error that caused the Software crash
Error information
Number of the thread in which the error occurred
Call stacks for each thread during the Software crash (frame number, module name, address in the code, name of the function at the corresponding address)
Registry values of the thread in which the error occurred
List of loaded modules with the address at which the module is loaded, module name, module version, UUID, and path to the module

The following information is additionally specified for the Yosemite operating system:

User ID (UID)
Call statistics of specific system calls for interaction of other processes with this process
Memory distribution (statistics of the amount of memory allocated for specific areas)

Kaspersky Internet Security saves the following information in a Trace file:

Information about the anti-virus protection status of the Computer, as well as all detected objects and actions (including the name of the detected object, date and time of detection, the web address from which it was downloaded, the names and sizes of infected files and paths to them, the IP address of the attacking computer and the number of the Computer port targeted by the network attack, list of malware activity, and unwanted web addresses) and the decisions taken by the Software and the user on them.
Information about applications downloaded by the user (web address, attributes, file size, and information about the process that downloaded the file).
Information about the applications launched and their modules (size, attributes, creation date, PE header details, region, name, location, and packers).
Information about interface errors and usage of the interface of the installed Kaspersky Lab Software.
Information about network connections, including the IP address of the remote computer and the user's Computer, the numbers of ports through which the connection was established, and the network protocol of the connection.
Information about network packets received and sent by the Computer over IT and telecom networks.
Information about email and instant messages sent and received.
Information about web addresses visited, including when the connection was established using an open protocol, data on the website access login and password, and the content of cookies.
Server public certificate.

Data recorded in Dump files contains all information present in the operating memory of Software processes at the time of dump creation.

Files (or their parts) that may be exploited by intruders to harm the Computer or data may be also sent to Kaspersky Lab to be examined additionally.

Kaspersky Lab protects any information received in this way as prescribed by law and applicable rules of Kaspersky Lab.

Kaspersky Lab uses any received information in anonymized form and as general statistics only. Aggregate statistics are automatically generated from the source information that is received, and do not contain any personal or other confidential data. The original information received is destroyed as new information is accumulated (once a year). Aggregate statistics are stored indefinitely.

Page top