During their operation, Kaspersky Security solution components may save and send to other solution components and to other Kaspersky applications the following information that may contain personal and confidential data:
While deploying the SVM and editing SVM settings, the SVM Management Wizard or the Integration Server (also when using the Integration Server REST API) send the root and klconfig passwords configured by the user to the SVM.
To make the installation and operation of the solution possible, the SVM Management Wizard and the Integration Server (also when using the Integration Server REST API) receive information about the virtual infrastructure, save it, and transmit it between each other and to the Protection Server. The transmitted data can contain names of the virtual machines, IP-addresses or names of the hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure.
The Protection Server sends the Kaspersky Security Center Administration Server a list of Light Agents connected to the SVM. The transmitted information may include the name of the protected virtual machine and the path to it in the virtual infrastructure.
The Integration Server Console sends the Integration Server the data necessary for configuring the solution's operating settings. The transmitted data can contain addresses of hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure. If the solution is installed in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, the address and settings of the accounts used to connect to VMware NSX Manager may also be sent.
Light Agent sends the following data to the Protection Server:
To activate the Light Agent: the validity term of the license key status confirmation; the ID (BIOS ID) of the protected virtual machine; information about the license that the Light Agent needs to work.
To update the Light Agent databases: software identifier obtained from the license; full version of the software; software license identifier; software installation identifier (PCID); processed web address; license type; identifier of the update start.
To provide protection, while scan tasks are running: information that is necessary for scanning objects. The transmitted information may include the names of files and paths to them in the file system, the checksums of files, web addresses, and the scanned objects or their fragments.
To obtain statistics: OS version of the protected virtual machine; localization of the Light Agent; names of the active Light Agent components; ID (BIOS ID) of the protected virtual machine.
To get information that is used when selecting an SVM for connection, the Light Agent sends the identifier of the protected virtual machine to the Integration Server and the Protection Server.
In an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, Light Agents and the Protection Server may send the Integration Server information about security tags that are assigned to a protected virtual machine upon detection of viruses, malware, or activity that is typical of network attacks. The IDs of protected virtual machines are also sent.
The Protection Server and Light Agent receive the operating settings specified using policies from the Kaspersky Security Center Administration Server. The transmitted information may include the paths to files and registry keys, web addresses, IP addresses of the Integration Server and SVMs, settings for connecting SVMs and Light Agents to the Integration Server, public and private keys of SVMs, and the public key of the Integration Server.
When using the solution in multitenancy mode, the Integration Server receives information about tenants and their virtual machines via the Integration Server REST API and stores it in the database. The following data may be sent: tenant name, identifier, and description, and other information about the tenant specified by the service provider's administrator; identifier of a tenant's virtual machine; account settings for connecting to a virtual Kaspersky Security Center Administration Server configured for the tenant; identifier of virtual Kaspersky Security Center Administration Server. The Integration Server may send information stored in the database about tenants and tenant virtual machines to the Integration Server Console for display or upon request to the Integration Server REST API.
When using the solution in multitenancy mode, the information necessary for generating tenant protection reports may be sent to the Protection Server from Light Agents, and from the Protection Server to the Integration Server. The following data may be sent: identifiers of SVMs and the protected virtual machine, type and version of the guest operating system installed on the protected virtual machine, time intervals when the Light Agent was connected to SVMs.
When using the application in multitenancy mode, the Integration Server sends to Kaspersky Security Center Administration Server the information required to create a tenant protection infrastructure: tenant name, account settings for connecting to the virtual Kaspersky Security Center Administration Server, and operating settings specified using policies, including IP addresses of the Integration Server and SVMs.
During the execution of tasks, the Protection Server and Light Agent send information about the task settings and results to the Kaspersky Security Center Administration Server. The transmitted information may include the user name and password indicated in the task settings for the user account used to run the task.
To generate reports and events, the Protection Server and Light Agents send information about the operation of the solution to Kaspersky Security Center Administration Server. The transmitted information may include user names, names of processed files and paths to them in the file system, and processed web addresses.
While activating the solution, the Protection Server receives from the Kaspersky Security Center Administration Server and saves license information, including information about the client to which the license was issued, and the number of the license specified in the license certificate. After activation, the Protection Server sends to the Kaspersky Security Center Administration Server information about the license that was used to activate the solution; this is done to keep track of license limits and generate a report about license key usage. The Protection Server also sends information about the license that was used to activate the solution to the Light Agent, this is done to activate the Light Agent.
For more details on data that Kaspersky Endpoint Security for Linux used in Light Agent mode may send to other Kaspersky applications, see the Kaspersky Endpoint Security for Linux Help.
The specified information is transmitted over encrypted data channels (except for the information necessary for scanning objects, and the information that is used when selecting SVMs). The connection between Light Agents and Protection Servers is not encrypted by default. You can enable encryption of the data channel between the Light Agents and the Protection Servers in the solution settings.