During their operation, Kaspersky Security components may save and send to other application components and to other Kaspersky applications the following information that may contain personal and confidential data:
In support of protection and while scan tasks are running, Light Agents send the Protection Server the information necessary for scanning objects. The transmitted information may include the names of files and paths to them in the file system, the checksums of files, web addresses, and the scanned objects or their fragments.
To generate reports and events, the Protection Server and Light Agents send information about application operation to the Kaspersky Security Center Administration Server. The transmitted information may include user names, names of processed files and paths to them in the file system, and processed web addresses.
To ensure the capability to work with Backup objects and the list of unprocessed objects in Kaspersky Security Center, Light Agents send the Kaspersky Security Center Administration Server information about objects that have been placed in Backup on protected virtual machines, and information about objects that have been added to the list of unprocessed objects. The transmitted information may include user names, the object name and path to it in the file system. If requested by the administrator, Kaspersky Security Center may be sent information about the objects placed in Backup or the list of unprocessed objects.
To support the operation of control components, Light Agent for Windows sends information about executable files to the Kaspersky Security Center Administration Server. The transmitted information may include the file name, path to it in the file system, and the checksum of the file. If requested by the administrator, the executable file itself may be sent to Kaspersky Security Center.
While tasks are running on SVMs and protected virtual machines, the Protection Server and Light Agents send information about task settings and results to the Kaspersky Security Center Administration Server. The transmitted information may include the user name and password indicated in the task settings for the user account used to run the task.
In an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, Light Agents and the Protection Server may send the Integration Server information about security tags that are assigned to the protected virtual machine upon detection of viruses, malware, or activity that is typical of network attacks. The IDs of protected virtual machines are also sent.
The Protection Server transmits the list of Light Agents connected to this SVM to Kaspersky Security Center Administration Server. The transmitted information may include the name of the protected virtual machine and the path to it in the virtual infrastructure. The list of connected Light Agents is displayed in the Kaspersky Security Center Administration Console and in the Web Console.
During the operation of the Device Control component, Light Agent for Windows sends the Kaspersky Security Center Administration Server information about the devices running on a protected virtual machine. The transmitted information may include the device ID, device name, and device description.
The Protection Server and Light Agents receive the policy-defined operating settings from the Kaspersky Security Center Administration Server. The transmitted information may include the paths to files and registry keys, web addresses, IP addresses of the Integration Server and SVMs, settings for connecting SVMs and Light Agents to the Integration Server, public and private keys of SVMs, and the public key of the Integration Server.
During installation of the application and when reconfiguring SVMs, the SVM Management Wizard sends the user-defined passwords of the root and klconfig accounts to the SVMs.
To support the installation and operation of the application, the Integration Server and SVM Management Wizard receive information from the virtual infrastructure, save that information, and share it with each other and the Integration Server. The transmitted data can contain names of the virtual machines, IP-addresses or names of the hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure.
To receive information that is used when selecting an SVM to connect to, Light Agents send the ID of the protected virtual machine to the Integration Server and SVMs.
The Integration Server Console sends the Integration Server the data necessary for configuring the application operating settings. The transmitted data can contain addresses of hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure. If the application is installed in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, the address and settings of the accounts used to connect to VMware NSX Manager may also be sent.
When using the application in multitenancy mode, Integration Server receives the Integration Server API through REST and stores information about the tenants and their virtual machines in the database. The following data can be transmitted: tenant name, identifier, description, and other information about the tenant specified by the provider’s administrator; tenant virtual machine identifier; account settings for connecting to Kaspersky Security Center virtual Administration Server configured for the tenant; identifier of Kaspersky Security Center virtual Administration Server. Integration Server can transfer information stored in the database about the tenants and tenant virtual machines to the Integration Server Console for display or upon request to the Integration Server REST API.
When using the application in multitenancy mode, the information necessary for generating tenant protection reports can be transmitted to the Integration Server from SVM Light Agents and from SVMs. The following data can be transmitted: identifiers of both SVM and the protected virtual machine, type and version of the guest operating system installed on the protected virtual machine, time intervals when the Light Agent was connected to the SVM.
When using the application in multitenancy mode, the Integration Server transmits to the Kaspersky Security Center Administration Server information required to create a tenant protection infrastructure: tenant name, account settings for connecting to the Kaspersky Security Center virtual Administration Server, operation settings specified using policies, including IP addresses of the Integration Server and SVM.
When Kaspersky Endpoint Agent is used in together with Light Agent for Windows, Light Agent can transmit data to Kaspersky Endpoint Agent and to the Windows tracing service (Event Tracing for Windows), from where it is taken by Kaspersky Endpoint Agent. For information on processing and transmitting data to Kaspersky Endpoint Agent, refer to the help of that Kaspersky solution for interacting with which you use Kaspersky Endpoint Agent, for example, Kaspersky Anti Targeted Attack Platform or Kaspersky Endpoint Detection and Response Optimum.
The specified information is transmitted over encrypted data channels (except for the information necessary for scanning objects, and the information that is used when selecting SVMs). The connection between Light Agents and SVMs is not encrypted by default. You can enable encryption of the data channel between Light Agents and SVMs in the application settings.