Kaspersky Sandbox
- Kaspersky Sandbox
- Application licensing
- About the license
- About the End User License Agreement
- About the license certificate
- About the key
- About the key file
- Viewing license information in the web interface
- Viewing the text of the End User License Agreement in the web interface
- Viewing the text of the Privacy Policy in the web interface
- Adding a Kaspersky Sandbox license key using the web interface
- Replacing a Kaspersky Sandbox license key using the web interface
- Removing a Kaspersky Sandbox license key using the web interface
- Adding a Kaspersky Sandbox license key using the KSC
- Replacing a Kaspersky Sandbox license key using the KSC
- Program modes based on the license
- About data provision
- Scaling Kaspersky Sandbox
- Installing and performing initial configuration of the solution
- Installing the Kaspersky Sandbox application
- Step 1. Starting installation of the Kaspersky Sandbox application and selecting the language for viewing End User License Agreements
- Step 2. Viewing the Kaspersky Sandbox End User License Agreement and the Privacy Policy
- Step 3. Viewing the Adobe End User License Agreement
- Step 4. Viewing the Microsoft End User License Agreement
- Step 5. Confirming the Kaspersky Sandbox configuration
- Step 6. Selecting a drive for installing Kaspersky Sandbox
- Step 7. Assigning the host name
- Step 8. Selecting the controlling network interface in the list
- Step 9. Assigning the address, subnet mask, and gateway of the management interface
- Step 10. Creating an administrator account for Kaspersky Sandbox
- Step 11. Completing the installation of Kaspersky Sandbox.
- Getting started with Kaspersky Sandbox
- Managing the Kaspersky Sandbox application using the web interface
- Initial configuration of the application
- Monitoring of application operation
- Information about self diagnostics of the application in Kaspersky Sandbox web interface
- Information about database update state in Kaspersky Sandbox web interface
- Information about the application activation state and the license validity period in the Kaspersky Sandbox web interface
- Configuring the data display period on the diagram in the Kaspersky Sandbox web interface
- Monitoring the processing of objects received from Kaspersky Endpoint Agent in the Kaspersky Sandbox web interface
- Monitoring Kaspersky Sandbox health in KSC
- Updating databases
- Configuring network interfaces
- Configuring integration with Kaspersky Security Center
- Creating a TLS certificate of Kaspersky Sandbox web interface
- Configuring a trusted connection of Kaspersky Sandbox with Kaspersky Endpoint Agent
- Generating a TLS certificate for the connection with Kaspersky Endpoint Agent
- Uploading a TLS certificate for the connection with Kaspersky Endpoint Agent
- Saving the TLS certificate file for the connection with Kaspersky Endpoint Agent on a computer
- Replacing the TLS certificate for the connection with Kaspersky Endpoint Agent
- Setting the date and time
- Installing and configuring images of operating systems and software required for the operation of Kaspersky Sandbox
- Managing the cluster
- Downloading Kaspersky Sandbox system log to the hard drive
- Restarting Kaspersky Sandbox server
- Shutdown of Kaspersky Sandbox server
- Changing Kaspersky Sandbox administrator account password
- Managing the Kaspersky Sandbox application using Kaspersky Security Center
- Installing the Kaspersky Sandbox management plug-in
- Configuring Kaspersky Sandbox device status display in KSC
- Getting started with Kaspersky Sandbox in the KSC Administration Console
- Viewing information about Kaspersky Sandbox and the database update status
- Going to the Kaspersky Sandbox web interface
- Viewing Kaspersky Sandbox license information
- Configuring events of Kaspersky Sandbox
- Displaying information about the Kaspersky Sandbox management plug-in.
- Viewing the threat report
- Viewing object scanning statistics
- Adding a Kaspersky Sandbox license key using the KSC
- Replacing a Kaspersky Sandbox license key using the KSC
- Managing the Kaspersky Endpoint Agent application
- Installing Kaspersky Endpoint Agent
- Installing the Kaspersky Endpoint Agent management plug-in
- Creating a Kaspersky Endpoint Agent policy
- Enabling settings in the Kaspersky Endpoint Agent policy
- Configuring Kaspersky Endpoint Agent security settings
- Configuring proxy server connection settings
- Configuring the usage of Kaspersky Security Network
- Configuring the integration of Kaspersky Endpoint Agent with Kaspersky Sandbox
- Configuring Threat Response actions of Kaspersky Endpoint Agent to respond to threats detected by Kaspersky Sandbox
- Enabling and disabling Threat Response actions
- Adding Threat Response actions to the action list of the current policy
- Authentication for Threat Response group tasks at the Administration Server
- Protection of workstations from legitimate applications that can be exploited by adversaries
- Configuring the running of IOC scanning tasks
- Configuring Quarantine settings and restoration of objects from Quarantine
- Configuring data synchronization with the Administration Server
- Managing Kaspersky Endpoint Agent tasks
- Managing the Kaspersky Endpoint Agent application using the command line interface
- Configuring tracing
- Configuring dump creation
- Viewing information about Quarantine options and quarantined objects
- Actions with quarantined objects
- Managing Kaspersky Sandbox integration options
- Running Kaspersky Endpoint Agent database update
- Running, stopping, and viewing the current state of the application
- Password protecting the application
- Securing services of the application using the PPL technology
- Interaction with external systems using the API
- Contacting the Technical Support Service
- Glossary
- Basic concepts of Kaspersky Security Center relevant to managing the solution using KSC
- Information about third-party code
- Trademark notices
About data provision > Kaspersky Endpoint Agent application data > Data in fields of Windows Event Log events
Data in fields of Windows Event Log events
Data in fields of Windows Event Log events
Event data are stored in the %SystemRoot%\System32\Winevt\Logs\Kaspersky-Security-Soyuz%4Product.evtx file in a plain and non-encrypted form. The data are stored until Kaspersky Endpoint Agent is uninstalled.
These data can be sent to Kaspersky Security Center automatically and are not sent to Kaspersky Sandbox.
By default, only users with System and Administrator permissions have read access to the files. Kaspersky Endpoint Agent does not manage access rights to this folder and the files within. The access is managed by the system administrator.
Event data can contain information about:
- User sessions in the operating system.
- User accounts in the operating system.
- Execution errors of object scan tasks.
- Object scan tasks.
- Detections.
- IOC files generated as part of automatic Threat Response.
- Object scan results.
- Kaspersky Sandbox server certificates.
- The object scan queue.
- Modifications of Kaspersky Endpoint Agent.
- Modifications of KSC policies.
- Changes of scan task status.
- KSC policies.
- Quarantined objects.
- Automatic Threat Response actions.
- Errors while interacting with an application server in the cluster.
Article ID: 189460, Last review: Jan 19, 2022