Service data

Service data of Kaspersky Endpoint Agent include:

• Data entered in configuration files as a result of an administrator configuring settings.
• Data processed during automatic Threat Response.
• Data processed as part of integration with Kaspersky Sandbox.

Service data are stored in the %ALLUSERSPROFILE%\Kaspersky Lab\Endpoint Agent\<product version> file. Data in the Settings subfolder are encrypted using the Encrypting File System (EFS). The data are stored until Kaspersky Endpoint Agent is uninstalled.

These data can be sent to Kaspersky Security Center automatically and are not sent to Kaspersky Sandbox.

By default, these files can be accessed only by users with System (full access) and Administrator (read and execute) permissions. The %ALLUSERSPROFILE%\Kaspersky Lab\Endpoint Agent\<product version> folder and Restored subfolder are also accessible to users with User (read only) permissions.

Kaspersky Endpoint Agent stores the following data about automatic Threat Response and integration with Kaspersky Sandbox:

1. Processed files and data entered by the user during configuration during Kaspersky Endpoint Agent settings configuration.
   • Access password for Kaspersky Endpoint Agent.
   • Quarantined files.
   • Kaspersky Endpoint Agent settings.
   • Credentials of operating system users for starting tasks with user permissions.
   • Authentication credentials for the Kaspersky Security Center Administration Server.
   • Authentication credentials for the proxy server.
   • Addresses of user-defined update sources.
   • Public key of the certificate used for integration with Kaspersky Sandbox.
2. Kaspersky Endpoint Agent cache.
   • Time when scan results were written to the cache.
   • MD5 hash of the scan task.
   • ID of the scan task.
   • Scan result for the object.
3. Object scan queue.
   • ID of the object in the queue.
   • Time when the object was placed in the queue.
   • Processing status of the object in the queue.
   • ID of the user session in the operating system where the scan task was created.
   • SID of the operating system user under whose user account the scan task was created.
   • MD5 hash of the scan task.
4. Information about tasks for which Kaspersky Endpoint Agent awaits scan results from Kaspersky Sandbox.
   • Time when the scan task was received.
   • Object processing status.
   • ID of the user session in the operating system where the scan task was created.
   • ID of the scan task.
   • MD5 hash of the scan task.
   • SID of the operating system user under whose user account the scan task was created.
   • XML schema of the automatically created IOC.
   • MD5 or SHA256 hash of the scanned object.
   • Processing errors.
   • Name/names of objects for which the scan task was created.
   • Scan result for the object.

Page top