About data provision
Data transferred to third parties
When using the mobile device management functionality of the Software, for the purpose of timely delivery of commands to devices running the Android operating system through the push notification mechanism, the Google Firebase Cloud Messaging service is used. If the User has configured the usage of the Google Firebase Cloud Messaging service, the User agrees to provide the following information to the Google Firebase Cloud Messaging service in automatic mode:
- Instance ID.
- Software ID in the Google Firebase Cloud Messaging service.
- Version of the installed software.
- Full version of the Software.
- Google Play version.
- Software distributive package name.
- Schema version for data provided.
- Version of the operating system.
- Software ID.
To block exchange of information with the Google Firebase Cloud Messaging service, the User must roll back the usage settings of the Google Firebase Cloud Messaging service to their factory values.
When using the mobile device management functionality of the Software, for the purpose of timely delivery of commands to devices running the iOS operating system through the push notification mechanism, the Apple Push Notification Service (APNs) is used. If the User has installed an APNs certificate on an iOS MDM Server, created an iOS MDM profile with a collection of settings for connection of iOS mobile devices to the Software, and installed this profile on mobile devices, the User agrees to provide the following information to APNs in automatic mode:
- Token—Push token of the device. The server uses this token when sending push notifications to the device.
- PushMagic—String that must be included in the push notification. The string value is generated by the device.
Data processed locally
Kaspersky Security Center Linux is designed for centralized execution of basic administration and maintenance tasks on an organization's network. Kaspersky Security Center Linux provides the administrator with access to detailed information about the organization's network security level; Kaspersky Security Center Linux lets an administrator configure all the components of protection based on Kaspersky applications. Kaspersky Security Center Linux performs the following main functions:
- Detecting devices and their users on the organization's network
- Creating a hierarchy of administration groups for device management
- Installing Kaspersky applications on devices
- Managing the settings and tasks of installed applications
- Managing the updates for Kaspersky and third-party applications, and finding and fixing vulnerabilities
- Activating Kaspersky applications on devices
- Managing user accounts
- Viewing information about the operation of Kaspersky applications on devices
- Viewing reports
To perform its main functions Kaspersky Security Center Linux can receive, store, and process the following information:
- Information about the devices on the organization's network received through scanning of Active Directory or Samba domain controllers or through scanning of IP intervals. Administration Server gets data independently or receives data from Network Agent.
- Information from Active Directory and Samba about organizational units, domains, users, and groups. Administration Server gets data by itself or receives data from Network Agent assigned to work as a distribution point.
- Details of managed devices. Network Agent transfers the data listed below from the device to Administration Server. The user enters the display name and description of the device in the Kaspersky Security Center Web Console interface:
- Technical specifications of the managed device and its components required for device identification: device display name and description, Windows domain name and type (for devices belonging to a Windows domain), device name in Windows environment (for devices belonging to a Windows domain), DNS domain and DNS name, IPv4 address, IPv6 address, network location, MAC address, serial number, operating system type, whether the device is a virtual machine together with hypervisor type, and whether the device is a dynamic virtual machine as part of VDI.
- Other specifications of managed devices and their components required for audit of managed devices and for making decisions about whether specific patches and updates are applicable: operating system architecture, operating system vendor, operating system build number, operating system release ID, operating system location folder, if the device is a virtual machine—the virtual machine type, name of the virtual Administration Server that manages the device.
- Details of actions on managed devices: date and time of the last update, time the device was last visible on the network, restart waiting status, and time the device was turned on.
- Details of device user accounts and their work sessions.
- Data received by running remote diagnostics on a managed device: trace files, system information, details of Kaspersky applications installed on the device, dump files, event logs, the results of running the diagnostic scripts received from Kaspersky Technical Support.
- Distribution point operation statistics if the device is a distribution point. Network Agent transfers data from the device to Administration Server.
- Distribution point settings entered by the User in Kaspersky Security Center Web Console.
- Data necessary for the connection of mobile devices to the Administration Server: certificate, mobile connection port, Administration Server connection address. The User enters the data in Kaspersky Security Center Web Console.
- Details of mobile devices transferred by using the mobile protocol. The data listed below is transferred from the mobile device to Administration Server:
- Information about the application: application name, full version of the application, installation date and time of the application, real-time protection status of the device, session ID.
- Information about the license keys used by the application: license key serial number and license type, license key status, license key validity period in days, license key generation and expiration dates, name of the company to which the license was provided, additional information in case a subscription is used (subscription flag, expiration date and number of days available for subscription renewal, web address of the subscription provider, and current subscription status and cause for obtaining this status), date and time when the application was activated on the device, date and time when the license on the device expires.
- Information about the managed device: device name, device ID, device type, device IMEI (if available), device serial number (if available), device manufacturer, device CPU family name, device owner certificate thumbprint, OS type, OS version, OS name, total disk space on device, name of the server to which the device belongs, device IP address, device group name, distinguished name of the user, distinguished name of the domain, one-time password or domain password.
- Information about the result of executing custom commands: command ID, command execution status, command execution result; for the device locate command: latitude, longitude, altitude, and movement speed of the device; for the mugshot command: photos taken by the front camera of the mobile device when trying to unlock.
- Information about device scanning: date and time of the last device scan; full path in the file system from which the scan started; number of scanned object; number of detected malicious objects; number of blocked, deleted, and disinfected objects; number of objects that could not be disinfected; number of validation errors; number of terminated processes.
- Information about the functioning of each application component and about the performance of each task, presented as events:
- Event ID.
- Importance level.
- Event name and type.
- Description of the event cause.
- Date and time when the event occurred.
- Information about Anti-Theft operation events (device unlock code, device coordinates, command delivery method, list of deleted data).
- Results of processing a detected object or action (file name on the device; application name; threat name; threat type; type of action performed with the file; action result; error code, in case of occurrence).
- Information about the triggered compliance rule (rule criterion; applied action; description of the error in applying the action, in case of occurrence).
- Information about the application operation error (application version, OS version, device name, error description).
- Information about the error of Samsung KNOX (error code, URL from which the file could not be downloaded).
- Information about the permissions granted to the application.
- Information about each of the applications installed on the managed device (application name, installation status).
- Information about global acceptance of the End User License Agreement (EULA): EULA ID, EULA timestamp, EULA text.
- Google Firebase Cloud Messaging Settings: Sender ID, device registration ID.
- Details of mobile devices transferred by using the iOS MDM protocol. The data listed below are transferred from the mobile device to Administration Server:
- Technical specifications of the mobile device and its components required for device identification: device name, model, operating system name, version and build number, device model number, IMEI number, phone number, UDID, MEID, serial number, amount of full and available memory, modem firmware version, Bluetooth MAC address, Wi-Fi MAC address, and SIM card details (ICCID as part of the SIM card ID).
- Details of the mobile network used by the managed device: mobile network type, name of the currently used mobile network, name of the home mobile network, version of the mobile network operator settings, voice roaming and data roaming status, country code of the home network, residence country code, country code of the currently used network, and encryption level.
- Security settings of the mobile device: use of a password and its compliance with the policy settings, list of installed certificates, apps and configuration profiles.
- Date and time of last synchronization with Administration Server and device management status.
- Details of Kaspersky applications installed on the device. The managed application transfers data from the device to Administration Server through Network Agent:
- Settings of Kaspersky applications installed on the managed device: Kaspersky application name and version, status, real-time protection status, last device scan date and time, number of threats detected, number of objects that failed to be disinfected, availability and status of the application components, details of Kaspersky application settings and tasks, information about the current and reserve license keys, application installation date and ID.
- Application operation statistics: events related to the changes in the status of Kaspersky application components on the managed device and to the performance of tasks initiated by the application components.
- Device status defined by the Kaspersky application.
- Tags assigned by the Kaspersky application.
- Data contained in events from Kaspersky Security Center Linux components and Kaspersky managed applications. Network Agent transfers data from the device to Administration Server.
- Data necessary for the integration of Kaspersky Security Center Linux with a SIEM system for event export. The User enters the data in Kaspersky Security Center Web Console.
- Settings of Kaspersky Security Center Linux components and Kaspersky managed applications presented in policies and policy profiles. The User enters data in the Kaspersky Security Center Web Console interface.
- Task settings of Kaspersky Security Center Linux components and Kaspersky managed applications. The User enters data in the Kaspersky Security Center Web Console interface.
- Data processed by the System management feature. Network Agent transfers from the device to Administration Server the following information:
- Information about the hardware detected on managed devices (Hardware registry).
- Details of applications and patches installed on managed devices (Applications registry). The applications can be compared with the information about the executable files detected on the devices by the Application Control function.
- Details of vulnerabilities in third-party software detected on managed devices.
- Details of updates available for third-party applications installed on managed devices.
- Data required to download updates on isolated Administration Server to fix third-party software vulnerabilities on managed devices. The User enters and transmits data by using the Administration Server klscflag utility.
- User categories of applications. The User enters data in the Kaspersky Security Center Web Console interface.
- Details of executable files detected on managed devices by the Application Control feature. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Details of files placed in Backup. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Details of files placed in Quarantine. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Details of files requested by Kaspersky specialists for detailed analysis. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Details of the status and triggering of Adaptive Anomaly Control rules. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Details of external devices (memory units, information transfer tools, information hardcopy tools, and connection buses) installed or connected to the managed device and detected by the Device Control feature. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Information about encrypted Windows-based devices and the encryption status. A managed application transfers data from the device to Administration Server through Network Agent.
- Information about data encryption errors on the devices. The encryption is performed by the Encryption data function of Kaspersky applications. A managed application transfers data from the device to Administration Server through Network Agent. The full list of data is provided in the Online Help of the corresponding application.
- List of managed programmable logic controllers (PLCs). The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Data required for creation of a threat development chain. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Information about attempts by an organization's employees to access cloud services. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
- Data required for Kaspersky Security Center integration with the Kaspersky Managed Detection and Response service (the dedicated plug-in must be installed for Kaspersky Security Center Web Console): integration initiation token, integration token, and user session token. The User enters the integration initiation token in the Kaspersky Security Center Web Console interface. The Kaspersky MDR service transfers the integration token and the user session token through the dedicated plug-in.
- Details of the entered activation codes and key files. The User enters data in the Kaspersky Security Center Web Console interface.
- User accounts: name, description, full name, email address, main phone number, password, secret key generated by Administration Server, and one-time password for two-step verification. The User enters data in the Kaspersky Security Center Web Console interface.
- Revision history of management objects. The User enters data in the Kaspersky Security Center Web Console interface.
- IP address of the device on which a user created a revision. The IP address is defined by Administration Server automatically.
- Registry of deleted management objects. The User enters data in the Kaspersky Security Center Web Console interface.
- Installation packages created from the file, as well as installation settings. The User enters data in the Kaspersky Security Center Web Console interface.
- Data required for the display of announcements from Kaspersky in Kaspersky Security Center Web Console. The User enters data in the Kaspersky Security Center Web Console interface.
- Data required for the functioning of plug-ins of managed applications in Kaspersky Security Center Web Console and saved by the plug-ins in the Administration Server database during their routine operation. The description and ways of providing the data are provided in the Help files of the corresponding application.
- Kaspersky Security Center Web Console user settings: localization language and theme of the interface, Monitoring panel display settings, information about the status of notifications (Already read / Not yet read), status of columns in spreadsheets (Show / Hide), Training mode progress. The User enters data in the Kaspersky Security Center Web Console interface.
- Certificate for secure connection of managed devices to the Kaspersky Security Center Linux components. The User enters and transmits data by using the Administration Server klsetsrvcert utility.
- Certificates for establishing trust to the internal web resources of the organization. The User enters data in the Kaspersky Security Center Web Console interface.
- Information on which Kaspersky legal agreement terms have been accepted by the user.
- The Administration Server data that the User enters in the Kaspersky Security Center Web Console or program interface Kaspersky Security Center OpenAPI.
- Any data that the User enters in the Kaspersky Security Center Web Console interface.
The data listed above can be present in Kaspersky Security Center Linux if one of the following methods is applied:
- The User enters data in the Kaspersky Security Center Web Console interface.
- Network Agent automatically receives data from the device and transfers it to Administration Server.
- Network Agent receives data retrieved by the Kaspersky managed application and transfers it to Administration Server. The lists of data processed by Kaspersky managed applications are provided in the Help files for the corresponding applications.
- Administration Server gets the information about the networked devices by itself or receives data from Network Agent assigned to work as a distribution point.
- Data is transferred from the mobile device to Administration Server by using the iOS MDM protocol or mobile protocol.
The listed data is stored in the Administration Server database. User names and passwords are stored in encrypted form.
All data processed locally can be transferred to Kaspersky only through dump files, trace files, or log files of Kaspersky Security Center Linux components, including log files created by installers and utilities.
The dump files, trace files, or log files of Kaspersky Security Center Linux components contain arbitrary data of Administration Server, Network Agent, and Kaspersky Security Center Web Console. The files may contain personal or confidential data. The dump files, trace files, or log files are stored on the devices in an unencrypted form. The dump files, trace files, or log files are not transferred to Kaspersky automatically, but an administrator may transfer those files to Kaspersky manually by request from Technical Support to resolve issues related to Kaspersky Security Center Linux performance.
Kaspersky protects any information received in accordance with law and applicable Kaspersky rules. Data is transmitted over a secure channel.
Following the links in Kaspersky Security Center Web Console, the User agrees to the automatic transfer of the following data:
- Kaspersky Security Center Linux code
- Kaspersky Security Center Linux version
- Kaspersky Security Center Linux localization
- License ID
- License type
- Whether the license was purchased through a partner
The list of data provided via each link depends on the purpose and location of the link.
Kaspersky uses the received data in anonymized form and for general statistics only. Summary statistics are generated automatically from the originally received information and do not contain any personal or confidential data. As soon as new data is accumulated, the previous data is wiped (once a year). Summary statistics are stored indefinitely.
Page top