About data provision

The License Agreement for Kaspersky Security for Windows Server, specifically the section entitled "Terms of data processing", specifies the terms, liability, and procedure for sending and processing the data indicated in this Guide. Before accepting the License Agreement, carefully review its terms as well as all documents linked to by the License Agreement.

The data Kaspersky receives from you when you use the application is protected and processed in accordance with the Privacy Policy available at www.kaspersky.com/Products-and-Services-Privacy-Policy.

The terms of the License Agreement and Privacy Policy are available during the Kaspersky Security for Windows Server installation, as a part of distribution kit, and from the Start menu (All programs > Kaspersky Security for Windows Server > EULA and Privacy Policy) after the installation.

During the Kaspersky Security for Windows Server uninstallation, all the data stored by Kaspersky Security for Windows Server on the protected device is deleted.

By accepting the terms of the License Agreement, you agree to automatically send the following data to Kaspersky:

To support the mechanism for receiving updates – information about the installed application and its activation: identifier of the application being installed and its full version, including build number, type, and license identifier, installation identifier, update task identifier.
To use the ability to navigate to Knowledge Base articles when application errors occur (Redirector service) – information about the application and link type: the name, locale, and full version number of the application, type of redirecting link, and error identifier.
To manage confirmations for data processing – information about the status of acceptance of license agreements and other documents, that stipulate data transferring terms: identifier and version of the License Agreement or other document, as a part of which the data processing terms are accepted or declined; an attribute, signifying the user's action (confirmation or recall of the terms acceptance); date and time of status changes of the data processing terms acceptance.

Local data processing

While executing the application's primary functions described in this Guide, Kaspersky Security for Windows Server locally processes and stores a sequence of data on the protected computer.

The table below contains information about local processing and storing by Kaspersky Security for Windows Server of data contained in reports.

Processing and storing of data contained in reports

Functional area	Event registration
Type of use	Kaspersky Security for Windows Server stores the data locally and sends the data to the Administration Server. The Administration Server's database stores information about application events that occur on the managed protected devices.
Storage	%ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Security for Windows Server\<application version>\Reports %SystemRoot%\System32\Winevt\Logs\Kaspersky Security.evtx Administration Server's database
Security measures	Access-control list.
Storage period	Kaspersky Security for Windows Server stores the data until the uninstallation of Kaspersky Security for Windows Server. During the Kaspersky Security for Windows Server uninstallation, all the data stored by Kaspersky Security for Windows Server on the protected device is deleted.
Purpose	Providing primary functionality.

Kaspersky Security for Windows Server does not delete events in the Windows Event Log including during the Kaspersky Security for Windows Server uninstallation.

In order to provide event registration functionality, Kaspersky Security for Windows Server locally processes the following data:

Names, checksums (MD5, SHA-256) and attributes of processed files and full paths to them on the scanned media.
Actions taken on scanned files by Kaspersky Security for Windows Server.
User actions taken on scanned files on the protected computer.
Information about accounts of users performing any actions on the protected network or protected device.
Device Instance Path values for devices added to the Device Control rules.
Information about processes and scripts running on the system: checksums (MD5, SHA-256) and full paths to executable files, information about digital certificates.
Windows Firewall settings.
Windows Event Log entries.
Names of user accounts taking actions on scanned files on the protected computer.
Instances of executable files being started, and the types, names, checksums, and attributes of these files.
Information about network activity:
- The IP addresses of blocked external devices.
- Identifiers of compromised logon sessions from which access to protected shared resources was performed.
- Processed web addresses.
- Processed IP addresses.
- Names, checksums (MD5, SHA-256) and attributes of processed downloaded files.
Information about the Windows USN Journal status.
Information about processed emails:
- Name of detected threat.
- Data from email messages' fields ("To", "From", "Subject").
- Email timestamp.
- Metadata of the messages' bodies and attachments (type, size, name of the attachment).
- Checksums (MD5, SHA-256) of processed file.

The following table contains information about the service data processed by the Kaspersky Security for Windows Server. The service data includes: program parameters, quarantined and backup files, information in the program's service databases, license data.

The table below contains information about local processing and storing by Kaspersky Security for Windows Server of data about parameters specified by a user.

Processing and storing of data about parameters specified by a user

Functional area	All Kaspersky Security for Windows Server functionality
Type of use	Kaspersky Security for Windows Server stores the data locally and sends the data to the Administration Server. The data is stored in Administration Server's database. The data processed by the application locally is not automatically sent to Kaspersky or other third-party systems.
Storage	%ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Security for Windows Server\<application version>\ Administration Server's database
Security measures	Access-control list.
Processing period	Kaspersky Security for Windows Server stores the data until the uninstallation of Kaspersky Security for Windows Server. During the Kaspersky Security for Windows Server uninstallation, all the data stored by Kaspersky Security for Windows Server on the protected device is deleted. Kaspersky Security for Windows Server does not delete the data about parameters exported into configuration file. Kaspersky Security for Windows Server does not delete Quarantine objects and Backup objects if the Export quarantine objects and Export Backup objects check boxes are selected in the Setup Wizard.
Purpose	Providing primary functionality.

For specified purposes, Kaspersky Security for Windows Server locally processes the following data:

Objects placed in Quarantine or Backup.
Information about user accounts (user name and password) under which Kaspersky Security for Windows Server runs tasks.
Kaspersky Security for Windows Server password.
Settings used for connection to the proxy server: network port number, web address, information about user account (login and password).
The addresses of network folders or folders on the HTTP or FTP servers used as user-defined update sources.
IP addresses and identifiers of blocked logon sessions.
Windows Firewall settings and Windows Firewall rules settings.
Checksums (MD5, SHA-256) and paths to executable files added to the Application Launch Control task rules.
Device Instance Path values for devices added to the Device Control rules.
Information about files and folders included in scopes of Kaspersky Security for Windows Server tasks.
IP addresses, categories of web resources and web addresses included or excluded from the protection scope.
Full paths to executable files of programs whose activity is intercepted by the Kaspersky Security for Windows Server during the execution of protection and scan tasks.
ICAP service connection settings: network port and service identifier.
Settings used for connection to protected network attached storages or clusters: network port, service identifier, IP address, host name, server name, FPolicy name.
Account settings (user name and password), used for access to the protected network storage or cluster.
Information about events in the Windows Event Log.
Information about detections with the use of iSwift or iChecker technology.
Checksums (MD5, SHA-256), full paths and masks specified in exclusions settings.
Information about processes added to the Trusted Zone.
Information about added license keys.
Information about digital certificates.
Files unpacked from an archive or other composite object during the scan.

Kaspersky Security for Windows Server processes and stores data as part of the application's basic functionality, including to log application events and receive diagnostic data. Locally processed data is protected in accordance with the configured and applied application settings.

Kaspersky Security for Windows Server lets you configure the level of protection for data processed locally (Managing access permissions for Kaspersky Security for Windows Server functions, Event registration. Kaspersky Security for Windows Server logs): you can change user privileges to access process data, change data retention periods for such data, entirely or partially disable functionality that involves data logging, and change the path and attributes of the folder where the data is logged.

The data processed by the application locally is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application during operation is removed after Kaspersky Security for Windows Server removal from the protected device.

Exception applies to files with diagnostics information (trace and dump files), the application events in the Windows Event Log, and files with exported Kaspersky Security for Windows Server settings - it is recommended to manually remove these files.

You can find the detailed information about working with files containing diagnostic data of the application in the corresponding sections of this Guide.

You can delete Windows Event Log files containing the program events of Kaspersky Security for Windows Server via standard means of the operating system.

Local data processing by means of the application auxiliary components

The Kaspersky Security for Windows Server installation package comprises the application auxiliary components, which can be installed on your device even if Kaspersky Security for Windows Server is not installed on it. Such auxiliary components are:

The Application Console. This component is included in the Kaspersky Security for Windows Server Administration Tools set and is represented by a Microsoft Management Console snap-in.
Add-in for Microsoft Outlook email client. The component provides email virus scan.
The Administration Plug-in. This component provides a full integration with Kaspersky Security Center application.

While performing the main functions of the application described in this Guide, the application auxiliary components locally process and store a set of data on the protected device where they are installed, even if they are installed separately from Kaspersky Security for Windows Server.

The application components locally process and store the following data:

The Application Console: the name of the protected device with installed Kaspersky Security for Windows Server (IP address or domain name) to which the Application Console last connected remotely; display parameters configured in the Microsoft Management Console snap-in; data about the last folder in which the user selected objects via the Application Console (by means of system dialog opened by clicking the Browse button). The Application Console trace files can also contain the following data: the name of the protected device with installed Kaspersky Security for Windows Server application to which the remote connection was established, the name of the user account under which the remote connection was established.
The Add-in for Microsoft Outlook email client stores data only in trace files. The trace files of the Add-in for Microsoft Outlook email client may contain the following information: data from email messages' fields ("To", "From", "Subject"), metadata of the messages' bodies and attachments (type, size, name of the attachment).
The Administration Plug-in can process and temporarily store data processed by Kaspersky Security for Windows Server; for example, configured parameters of the application tasks and components, parameters of Kaspersky Security Center policies, data sent in network lists.

The table below contains information about local processing and storing by Kaspersky Security for Windows Server of data written in dump and trace files.

Kaspersky Security for Windows Server locally processes and stores the following data written in dump and trace files:

Information about actions performed by Kaspersky Security for Windows Server on the protected device.
Information about objects processed by Kaspersky Security for Windows Server.
Information about activity on the protected device processed by Kaspersky Security for Windows Server.
Information about errors that occurred during the running of Kaspersky Security for Windows Server.

The data processed by the auxiliary components is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application auxiliary components during the operation is deleted after removal of these components.

The exceptions are trace files of the application auxiliary components, it is recommended to delete this files manually.

Data in trace and dump files

Kaspersky Security for Windows Server can, in accordance with the settings, write debug information to trace files for the purposes of technical support during the operation of Kaspersky Security for Windows Server.

Kaspersky Security for Windows Server dump files are generated by the operating system during application crashes and are overwritten by the next crash.

Trace and dump files can include any personal data of a user or confidential data of your organization.

Do not use Kaspersky Security for Windows Server on devices for which data submission is prohibited by the policy of your organization.

By default, Kaspersky Security for Windows Server does not record debug information.

Trace and dump files are not automatically submitted beyond the host on which they were generated. The content of trace files can be viewed using standard text file viewers. Trace and dump files are kept indefinitely and are not deleted on uninstalling Kaspersky Security for Windows Server.

Debug information can be useful for Technical Support.

No special mechanisms are provided for limiting access to trace and dump files. The administrator can configure this data to be written to a protected folder.

The path to the trace and dump file folder is not configured by default. To use the trace and dump folder, the administrator must specify it.

Data in trace and dump files can contain:

Actions performed by Kaspersky Security for Windows Server on the host.

Information about objects processed by Kaspersky Endpoint Agent.

Errors arising during the operation of Kaspersky Endpoint Agent.

Page top