Application licensing

This section provides information about the main concepts related to licensing of the application.

About the End User License Agreement

The End User License Agreement is a binding agreement between you and AO Kaspersky Lab, stipulating the terms on which you may use the application.

Carefully review the terms of the End User License Agreement before you start using the application.

You can review the terms of the End User License Agreement in the following ways:

• During the Kaspersky Security for Windows Server installation
• By reading the file license.txt. This document is included in the application's distribution kit

By confirming that you agree with the End User License Agreement when installing the application, you signify your acceptance of the terms of the End User License Agreement. If you do not accept the terms of the End User License Agreement, you must abort application installation and must not use the application.

About the license

A license is a time-limited right to use the application, granted to you under the End User License Agreement.

A valid license entitles you to receive the following services:

• Use of the application in accordance with the terms of the End User License Agreement
• Technical support

A commercial license is a paid license granted upon purchase of the application. When a commercial license expires, the application continues to run but some of its features become unavailable (for example, the application databases cannot be updated). To continue using all the features of Kaspersky Security for Windows Server, you must renew your commercial license.

Application functionality available under the commercial license depends on the choice of product. The selected product is indicated in the License Certificate. Information on available products may be found at the Kaspersky website.

To ensure maximum protection of your device against security threats, we recommend renewing the license before it expires.

Make sure the additional key that you add has a later expiration date than the active one.

You cannot use a subscription as an additional key.

About license certificate

A license certificate is a document that you receive along with a key file or an activation code (if applicable).

A license certificate contains the following information about the license provided:

• Order number
• Information about the user who has been granted the license
• Information about the application that can be activated under the license provided
• Limit of the number of licensing units (e.g., devices on which the application can be used under the license provided)
• License validity start date
• License expiration date or license term
• License type

About the key

A key is a sequence of bits with which you can activate and subsequently use the application in accordance with the terms of the End User License Agreement. A key is generated by Kaspersky.

You can add a key to the application by using a key file. After you add a key to the application, the key is displayed in the application interface as a unique alphanumeric sequence.

Kaspersky can black-list a key over violations of the License Agreement. If your key is blocked, a different key must be added in order for the application to work.

A key may be an "active key" or an "additional key".

An active key is the key that the application currently uses to function. A key for a commercial or trial license may be added as the active key. The application can have no more than one active key.

An additional key is a key that confirms the right to use the application but is not currently in use. An additional key automatically becomes active when the license associated with the current active key expires. An additional key may be added only if there is an active key.

About the key file

A key file is a file with the .key extension provided to you by Kaspersky. Key files are designed to activate the application by adding a license key.

You receive a key file at the email address that you provided when you bought Kaspersky Security for Windows Server or ordered the trial version of Kaspersky Security for Windows Server.

You do not need to connect to Kaspersky activation servers in order to activate the application with a key file.

You can restore a key file if it has been accidentally deleted. You may need a key file to register a Kaspersky CompanyAccount, for example.

To restore your key file, perform any of the following actions:

• Contact the license seller.
• Receive a key file through Kaspersky website by using your available activation code.

About activation code

An activation code is a unique sequence of 20 letters and numbers. You have to enter an activation code in order to add a key for activating Kaspersky Security for Windows Server. You receive the activation code at the email address that you provided when you bought Kaspersky Security for Windows Server or ordered the trial version of Kaspersky Security for Windows Server.

To activate the application with an activation code, you need Internet access in order to connect to Kaspersky activation servers.

If you have lost your activation code after installing the application, it can be recovered. You may need the activation code to register a Kaspersky CompanyAccount, for example. To recover your activation code, contact Kaspersky Technical Support.

About subscription

A subscription is a purchase order for the application with specific parameters (such as the subscription expiry date and number of devices protected). It provides the right to use the application within selected parameters (subscription end date, number of protected devices). A Kaspersky Security for Windows Server subscription can be registered with the service provider (for example, your ISP). You can renew a subscription manually or automatically, or cancel it. You can also suspend and then resume a subscription. Subscription management is available through the service provider; you cannot manage a subscription independently.

The subscription management options depend on the service provider. The service provider may offer a grace period for renewing a subscription.

A grace period is a time interval during which application functionality remains unchanged between the end of a subscription and its renewal.

A subscription can be limited or unlimited.

A limited subscription offers a limited license term and is not automatically renewed.

An unlimited subscription is automatically renewed without your involvement if payment is made on time, and does not have a fixed expiration date.

The status of a subscription is displayed in the details pane of the Kaspersky Security node and is updated automatically every hour. You cannot manually update the status of a subscription.

Activation codes obtained by subscription cannot be used to activate Kaspersky Security for Windows Server versions earlier than 10.0.

About data provision

The License Agreement for Kaspersky Security for Windows Server, specifically the section entitled "Terms of data processing", specifies the terms, liability, and procedure for sending and processing the data indicated in this Guide. Before accepting the License Agreement, carefully review its terms as well as all documents linked to by the License Agreement.

The data Kaspersky receives from you when you use the application is protected and processed in accordance with the Privacy Policy available at www.kaspersky.com/Products-and-Services-Privacy-Policy.

The terms of the License Agreement and Privacy Policy are available during the Kaspersky Security for Windows Server installation, as a part of distribution kit, and from the Start menu (All programs > Kaspersky Security for Windows Server > EULA and Privacy Policy) after the installation.

During the Kaspersky Security for Windows Server uninstallation, all the data stored by Kaspersky Security for Windows Server on the protected device is deleted.

By accepting the terms of the License Agreement, you agree to automatically send the following data to Kaspersky:

• To support the mechanism for receiving updates – information about the installed application and its activation: identifier of the application being installed and its full version, including build number, type, and license identifier, installation identifier, update task identifier.
• To use the ability to navigate to Knowledge Base articles when application errors occur (Redirector service) – information about the application and link type: the name, locale, and full version number of the application, type of redirecting link, and error identifier.
• To manage confirmations for data processing – information about the status of acceptance of license agreements and other documents, that stipulate data transferring terms: identifier and version of the License Agreement or other document, as a part of which the data processing terms are accepted or declined; an attribute, signifying the user’s action (confirmation or recall of the terms acceptance); date and time of status changes of the data processing terms acceptance.

Local data processing

While executing the application's primary functions described in this Guide, Kaspersky Security for Windows Server locally processes and stores a sequence of data on the protected computer.

The table below contains information about local processing and storing by Kaspersky Security for Windows Server of data contained in reports.

Processing and storing of data contained in reports

Kaspersky Security for Windows Server does not delete events in the Windows Event Log including during the Kaspersky Security for Windows Server uninstallation.

In order to provide event registration functionality, Kaspersky Security for Windows Server locally processes the following data:

• Names, checksums (MD5, SHA-256) and attributes of processed files and full paths to them on the scanned media.
• Actions taken on scanned files by Kaspersky Security for Windows Server.
• User actions taken on scanned files on the protected computer.
• Information about accounts of users performing any actions on the protected network or protected device.
• Device Instance Path values for devices added to the Device Control rules.
• Information about processes and scripts running on the system: checksums (MD5, SHA-256) and full paths to executable files, information about digital certificates.
• Windows Firewall settings.
• Windows Event Log entries.
• Names of user accounts taking actions on scanned files on the protected computer.
• Instances of executable files being started, and the types, names, checksums, and attributes of these files.
• Information about network activity:
  • The IP addresses of blocked external devices.
  • Identifiers of compromised logon sessions from which access to protected shared resources was performed.
  • Processed web addresses.
  • Processed IP addresses.
  • Names, checksums (MD5, SHA-256) and attributes of processed downloaded files.
• Information about the Windows USN Journal status.
• Information about processed emails:
  • Name of detected threat.
  • Data from email messages' fields ("To", "From", "Subject").
  • Email timestamp.
  • Metadata of the messages' bodies and attachments (type, size, name of the attachment).
  • Checksums (MD5, SHA-256) of processed file.

The following table contains information about the service data processed by the Kaspersky Security for Windows Server. The service data includes: program parameters, quarantined and backup files, information in the program's service databases, license data.

The table below contains information about local processing and storing by Kaspersky Security for Windows Server of data about parameters specified by a user.

Processing and storing of data about parameters specified by a user

For specified purposes, Kaspersky Security for Windows Server locally processes the following data:

• Objects placed in Quarantine or Backup.
• Information about user accounts (username and password) under which Kaspersky Security for Windows Server runs tasks.
• Kaspersky Security for Windows Server password.
• Settings used for connection to the proxy server: network port number, web address, information about user account (login and password).
• The addresses of network folders or folders on the HTTP or FTP servers used as user-defined update sources.
• IP addresses and identifiers of blocked logon sessions.
• Windows Firewall settings and Windows Firewall rules settings.
• Checksums (MD5, SHA-256) and paths to executable files added to the Application Launch Control task rules.
• Device Instance Path values for devices added to the Device Control rules.
• Information about files and folders included in scopes of Kaspersky Security for Windows Server tasks.
• IP addresses, categories of web resources and web addresses included or excluded from the protection scope.
• Full paths to executable files of programs whose activity is intercepted by the Kaspersky Security for Windows Server during the execution of protection and scan tasks.
• ICAP service connection settings: network port and service identifier.
• Settings used for connection to protected network attached storages or clusters: network port, service identifier, IP address, host name, server name, FPolicy name.
• Account settings (username and password), used for access to the protected network storage or cluster.
• Information about events in the Windows Event Log.
• Information about detections with the use of iSwift or iChecker technology.
• Checksums (MD5, SHA-256), full paths and masks specified in exclusions settings.
• Information about processes added to the Trusted Zone.
• Information about added license keys.
• Information about digital certificates.
• Files unpacked from an archive or other composite object during the scan.

Kaspersky Security for Windows Server processes and stores data as part of the application's basic functionality, including to log application events and receive diagnostic data. Locally processed data is protected in accordance with the configured and applied application settings.

Kaspersky Security for Windows Server lets you configure the level of protection for data processed locally (Managing access permissions for Kaspersky Security for Windows Server functions, Event registration. Kaspersky Security for Windows Server logs): you can change user privileges to access process data, change data retention periods for such data, entirely or partially disable functionality that involves data logging, and change the path and attributes of the folder where the data is logged.

The data processed by the application locally is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application during operation is removed after Kaspersky Security for Windows Server removal from the protected device.

Exception applies to files with diagnostics information (trace and dump files), the application events in the Windows Event Log, and files with exported Kaspersky Security for Windows Server settings - it is recommended to manually remove these files.

You can find the detailed information about working with files containing diagnostic data of the application in the corresponding sections of this Guide.

You can delete Windows Event Log files containing the program events of Kaspersky Security for Windows Server via standard means of the operating system.

Local data processing by means of the application auxiliary components

The Kaspersky Security for Windows Server installation package comprises the application auxiliary components, which can be installed on your device even if Kaspersky Security for Windows Server is not installed on it. Such auxiliary components are:

• The Application Console. This component is included in the Kaspersky Security for Windows Server Administration Tools set and is represented by a Microsoft Management Console snap-in.
• Add-in for Microsoft Outlook email client. The component provides email anti-virus scan.
• The Administration Plug-in. This component provides a full integration with Kaspersky Security Center application.

While performing the main functions of the application described in this Guide, the application auxiliary components locally process and store a set of data on the protected device where they are installed, even if they are installed separately from Kaspersky Security for Windows Server.

The application components locally process and store the following data:

• The Application Console: the name of the protected device with installed Kaspersky Security for Windows Server (IP address or domain name) to which the Application Console last connected remotely; display parameters configured in the Microsoft Management Console snap-in; data about the last folder in which the user selected objects via the Application Console (by means of system dialog opened by clicking the Browse button). The Application Console trace files can also contain the following data: the name of the protected device with installed Kaspersky Security for Windows Server application to which the remote connection was established, the name of the user account under which the remote connection was established.
• The Add-in for Microsoft Outlook email client stores data only in trace files. The trace files of the Add-in for Microsoft Outlook email client may contain the following information: data from email messages' fields ("To", "From", "Subject"), metadata of the messages' bodies and attachments (type, size, name of the attachment).
• The Administration Plug-in can process and temporarily store data processed by Kaspersky Security for Windows Server; for example, configured parameters of the application tasks and components, parameters of Kaspersky Security Center policies, data sent in network lists.

The table below contains information about local processing and storing by Kaspersky Security for Windows Server of data written in dump and trace files.

Kaspersky Security for Windows Server locally processes and stores the following data written in dump and trace files:

• Information about actions performed by Kaspersky Security for Windows Server on the protected device.
• Information about objects processed by Kaspersky Security for Windows Server.
• Information about activity on the protected device processed by Kaspersky Security for Windows Server.
• Information about errors that occurred during the running of Kaspersky Security for Windows Server.

The data processed by the auxiliary components is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application auxiliary components during the operation is deleted after removal of these components.

The exceptions are trace files of the application auxiliary components, it is recommended to delete this files manually.

Data in trace and dump files

Kaspersky Security for Windows Server can, in accordance with the settings, write debug information to trace files for the purposes of technical support during the operation of Kaspersky Security for Windows Server.

Kaspersky Security for Windows Server dump files are generated by the operating system during application crashes and are overwritten by the next crash.

Trace and dump files can include any personal data of a user or confidential data of your organization.

Do not use Kaspersky Security for Windows Server on devices for which data submission is prohibited by the policy of your organization.

By default, Kaspersky Security for Windows Server does not record debug information.

Trace and dump files are not automatically submitted beyond the host on which they were generated. The content of trace files can be viewed using standard text file viewers. Trace and dump files are kept indefinitely and are not deleted on uninstalling Kaspersky Security for Windows Server.

Debug information can be useful for Technical Support.

No special mechanisms are provided for limiting access to trace and dump files. The administrator can configure this data to be written to a protected folder.

The path to the trace and dump file folder is not configured by default. To use the trace and dump folder, the administrator must specify it.

Data in trace and dump files can contain:

Actions performed by Kaspersky Security for Windows Server on the host.

Information about objects processed by Kaspersky Endpoint Agent.

Errors arising during the operation of Kaspersky Endpoint Agent.

About activating the application through Cloud Console

You can activate the application remotely through Kaspersky Security Center Cloud Console by distributing a key stored on the Kaspersky Security Center Administration Server to the protected devices.

This method lets you automatically add a key to the protected devices that are already connected to Kaspersky Security Center Cloud Console, and to new protected devices. To use this method, you need to first add the key to the Kaspersky Security Center Administration Server. For more details about adding keys to the Kaspersky Security Center Administration Server, please refer to Kaspersky Security Center Cloud Console Help.

A trial version is provided for Kaspersky Security Center Cloud Console. The trial version is a special version of Kaspersky Security Center Cloud Console designed to familiarize a user with the features of the application. In this version, you can perform actions in a workspace for a period of 30 days. All managed applications are automatically run under a trial license for Kaspersky Security Center Cloud Console, including Kaspersky Security for Windows Server. However, you cannot activate Kaspersky Security for Windows Server using its own trial license when the trial license for Kaspersky Security Center Cloud Console expires. For detailed information about Kaspersky Security Center licensing, please refer to the Kaspersky Security Center Cloud Console Help.

The trial version of Kaspersky Security Center Cloud Console does not allow you to subsequently switch to a commercial version. Any trial workspace will be automatically deleted with all its contents after the 30-day period expires.

Activating the application with a key file

You can activate Kaspersky Security for Windows Server by applying a key file.

If an active key has already been added to Kaspersky Security for Windows Server and you add another key as the active key, the new key replaces the previously added key. The previously added key is removed.

If an additional key has already been added to Kaspersky Security for Windows Server and you add another key as an additional key, the new key replaces the previously added key. The previously added additional key is removed.

If an active key and an additional key have already been added to Kaspersky Security for Windows Server and you add a new key as the active key, the new key replaces the previously added active key; the additional key is not removed.

To activate Kaspersky Security for Windows Server using a key file:

1. In the Application Console tree, expand the Licensing node.
2. In the details pane of the Licensing node, click the Add key link.
3. In the window that opens, click the Browse button.
4. Select a key file with the .key extension.

   You can also add a key as an additional key. To add a key as an additional key, select the Use as additional key check box.

5. Click OK.

The selected key file will be applied. Information about the added key will be available on the Licensing node.

Activating the application with an activation code

To activate the application using an activation code, the protected device must be connected to the Internet.

You can activate Kaspersky Security for Windows Server by using an activation code.

When activating the application with this method, Kaspersky Security for Windows Server sends data to the activation server to verify the entered code:

• If the activation code verification is successful, the application is activated.
• If the activation code verification fails, the corresponding notification is displayed. In this case, you must contact the software vendor from whom you purchased your Kaspersky Security for Windows Server license.
• If the number of activations with the activation code is exceeded, the corresponding notification is displayed. The application activation procedure is interrupted, and the application suggests that you contact Kaspersky Technical Support.

To activate Kaspersky Security for Windows Server using an activation code:

1. In the Application Console tree, expand the Licensing node.
2. In the details pane of the Licensing node, click the Add activation code link.
3. In the window that opens, enter the activation code in the Activation code field.
   • If you want to use the activation code as an additional key, enable Use as additional key check box.
   • If you want to view the license information, click the Show license information button; it will be displayed in the License information group box.
4. Click OK.

   Kaspersky Security for Windows Server sends information about the applied activation code to the activation server.

Viewing information about the current license

Viewing licensing information

Information about the current license is displayed in the details pane of the Kaspersky Security node of the Application Console. A key can have the following statuses:

• Checking the key status – Kaspersky Security for Windows Server is checking the applied key file or activation code and waiting for a response about the current key status.
• License expiration date – Kaspersky Security for Windows Server has been activated until the specified date and time. The key status is highlighted in yellow in the following cases:
  • The license will expire in 14 days and no additional key has been applied.
  • The added key has been blacklisted and is about to be blocked.
• Application not activated – Kaspersky Security for Windows Server is not activated because a key file or an activation code has not been applied. The status is highlighted in red.
• License has expired – Kaspersky Security for Windows Server is not activated because the license has expired. The status is highlighted in red.
• End User License Agreement has been violated – Kaspersky Security for Windows Server is not activated because the terms of the End User License Agreement have been violated. The status is highlighted in red.
• Key is blacklisted – The added key has been blocked and blacklisted by Kaspersky, for example, if the key has been used by third parties to activate the application illegally. The status is highlighted in red.
• Subscription suspended – The subscription has been suspended temporarily. The status is highlighted in red. You can renew the subscription at any time.

Viewing information about the current license

To view information about the current license,

in the Application Console tree, expand the Licensing node.

General information about the current license is displayed in the details pane of the Licensing node (see the table below).

General information about the license in the Licensing node

To view detailed information about the license,

on the Licensing node, open the context menu on the line with license data that you want to expand and select Properties.

In the Key properties window, the General tab displays detailed information about the current license, and the Advanced tab displays information about the customer and the contact details of Kaspersky or the retailer from whom you purchased Kaspersky Security for Windows Server (see the table below).

Detailed license information in the Properties: <Activation code status or key status> window

Functional limitations when the license expires

When the current license expires, the following limitations are applied to the functional components:

• All tasks are stopped, except the Real-Time File Protection, On-Demand Scan and Application Integrity Control tasks.
• You cannot start any tasks except the Real-Time File Protection, On-Demand Scan and Application Integrity Control. These tasks continue to run using the old anti-virus databases.
• Exploit Prevention functionality is limited:
  • Processes are protected until they are restarted.
  • New processes cannot be added to the protection scope.

Other functions (repositories, logs, diagnostic information) are still available.

Renewing the license

By default, when the license has 14 days remaining before expiration, Kaspersky Security for Windows Server notifies you about the approaching expiration. In this case, the License expiration date status is highlighted in yellow in the details pane of the Kaspersky Security node.

You can renew the license before the expiration date using an additional key. This ensures that your device remains protected after expiration of the current license and before you activate the application with a new license.

To renew a license:

1. Obtain a new activation code or a key file.
2. In the Application Console tree, open the Licensing node.
3. Perform one of the following actions in the details pane of the Licensing node:
   • If you want to renew a license using a key file:
     1. Click the Add key link.
     2. In the window that opens, click the Browse button.
     3. Select a new key file with the .key extension.
     4. Select the Use as additional key check box.
   • If you want to renew a license using an activation code:
     1. Click the Add activation code link.
     2. Enter the purchased activation code in the window that opens.
     3. Select the Use as additional key check box.

   An Internet connection is required to apply an activation code.

4. Click OK.

The additional key will be added and automatically applied upon expiration of the current Kaspersky Security for Windows Server license.

Deleting the key

You can remove the added key.

If an additional key has been added to Kaspersky Security for Windows Server and you remove the active key, the additional key automatically becomes the active key.

If you delete an added key, you can restore it by re-applying the key file.

To remove a key that has been added:

1. In the Application Console tree, select the Licensing node.
2. In the details pane of the Licensing node in the table containing information on added keys, select the key that you want to remove.
3. In the context menu of the line containing information on the selected key, select Remove.
4. Click the Yes button in the confirmation window to confirm that you want to delete the key.

The selected key will be removed.