About providing and processing data

Data provided when using an activation code

If the application is activated using an activation code, in order to verify if the application is legally used and to obtain statistical information on distribution and use of the application, you agree to provide the following information in automatic mode:

• ID of a regional activation center
• list of agreements presented to the user by the application
• data compression type
• Operating system family
• checksum type for the object being processed
• type of the license used to activate the application
• application ID derived from the license
• full version of the application
• unique device ID
• application ID
• application license expiration date and time
• application license ID
• application license key creation date and time
• current status of the application license key
• application license header
• ID of the information model used to provide the application license
• set of IDs of applications that can be activated on the user's device
• type of application license used
• application localization
• application installation ID (PCID)
• application rebranding ID
• size of the content of the request to Rightholder infrastructure
• format of the data in the request to Rightholder infrastructure
• type of legal agreement accepted by the user while using the application
• version of the legal agreement accepted by the user while using the application
• protocol ID
• Accessed IPv4 address of the web service

Data provided when downloading updates from Kaspersky update servers

If you use Kaspersky update servers to download updates, in order to increase efficiency of the update procedure and to obtain statistical information on distribution and use of the application, you agree to provide the following information in automatic mode:

• application ID derived from the license
• full version of the application
• application license ID
• type of application license used
• application installation ID (PCID)
• ID of the application update start
• web address being processed

Data provided when following links in the application interface

When clicking the links in Kaspersky Industrial CyberSecurity for Linux Nodes interface, you agree to provide the following information in automatic mode:

• full version of the application
• application localization
• application group
• link name

Data provided when using Kaspersky Security Network

If you participate in Kaspersky Security Network and use Extended KSN, you agree to automatically submit to Kaspersky all data listed in Kaspersky Security Network Statement. This includes sending files (or parts of them) which may be used by intruders to harm the computer and the data stored in the operating system to Kaspersky for scan.

Kaspersky protects any information thus received in accordance with law and the applicable rules of Kaspersky. Data is transmitted over encrypted channels.

For more information on statistical data obtained while using Kaspersky Security Network that is sent to Kaspersky, as well as about storing and destroying this information, refer to the End User License Agreement, Kaspersky Security Network Statement, and Privacy Policy on the Kaspersky website. The license.<language ID> and ksn_license.<language ID> files containing the End User License Agreement and Kaspersky Security Network Statement are included in the application distribution package.

Data sent to Kaspersky Security Center

During operation, Kaspersky Industrial CyberSecurity for Linux Nodes saves and submits to Kaspersky Security Center the following information, which may contain personal and confidential data:

• Information about the bases used by the application:
  • list of database categories required by the application
  • date and time when the databases were released and loaded into the application
  • release date of the downloaded application database updates
  • time of last application database update
• Application license information:
  • license serial number and type
  • License validity period in days
  • Number of devices covered by the license
  • Start and end dates of license term
  • License key status
  • date and time of the last successful synchronization with activation servers if the application was activated using an activation code
  • identifier of the application for which the license is provided
  • functionality available under the license
  • Name of the organization for which the license is provided
  • additional information if the application is used under a subscription (subscription flag, subscription expiration date and the number of days available for renewing the subscription, subscription provider web address, current subscription status and the reason for this status)
  • date and time the application was activated on the device
  • expiration date and time of the application license on the device
• Information about application updates:
  • list of updates to be installed or removed
  • update release date and the sign of the Critical status
  • Name, version, and short description of the update
  • link to the detailed description of the update
  • identifier and text of the End User License Agreement and Privacy Policy for the application updates
  • identifier and text of Kaspersky Security Network Statement for the application updates
  • indicator showing if the update can be removed
  • application policy and administration plug-in versions
  • web address for downloading the application administration plug-in
  • names, version and installation dates of the installed application updates
  • error code and description if the update installation or removal completed with an error
  • sign and reason for the device or application restart necessity because of the application update
• User agreement or disagreement with the terms and conditions of Kaspersky Security Network Statement, End User License Agreement and Privacy Policy.
• List of tags assigned to the device
• List of device statuses and their reasons.
• General application status and the status of all its components; policy compliance information, real-time protection status of the device.
• Date and time of the last device scan; number of scanned objects; number of detected malicious objects; number of blocked, deleted and disinfected objects; number of objects that cannot be disinfected; number of scan errors; number of detected network attacks.
• Data on the currently applied values ​​of the application settings.
• The current status and execution results of the group and local tasks and the values ​​of their settings.
• Information about external devices connected to the client device (ID, name, class, manufacturer, description, serial number, VID/PID)
• Information about backup file copies in Storage (name, path, size and type of the object, description of the object, name of the detected threat, version of the application database which is used to detect the threat, date and time when the object was moved to Storage), actions on the objects in Storage (removed, restored), and the files by administrator request.
• Information about operation of each application component and execution of each task represented as events:
  • date and time of event
  • Name and type of event
  • Event severity level
  • name of the task or the application component running when the event occurred
  • information about the application that triggered the event: application name, path to the file on the disk, process identifier, setting values ​if the event on the application launch or settings modification is triggered
  • user ID
  • name of the initiator (task scheduler, application, Kaspersky Security Center, or a user) whose actions triggered the event
  • name and identifier of the user who initiated access to the file
  • object or action processing result (description, type, name, threat level and accuracy, file name and type of operation on the device, application decision on the operation)
  • information about the object (object name and type, path to the object on the disk, object version, size, information about the performed action, event trigger description, description of the reason for not processing and skipping the object)
  • Device information (manufacturer name, device name, path, device type, bus type, identifier, VID/PID)
  • Information about blocking and unblocking the device; information about blocked connections (name, description, device name, protocol, remote address and port, local address and port, packet rules, actions)
  • Information about requested web address
  • Information about detected objects
  • Detection type and method
  • information about the performed action
  • information about the application databases (date when the downloaded database updates are released, information on the database usage, database usage errors, information on canceling the installed database updates)
  • information about encryption detection (ransomware name; name of the device where encryption was detected; information about blocking and unblocking the device)
  • application settings and network settings
  • information about the triggered Application Control rule (name and type) and the result of its application
  • Information about containers and container images, repository URL
  • information about active and blocked connections (name, description and type)
  • information about blocking and unblocking access to untrusted computers
  • information about KSN (accepted agreements, operating modes, errors)
  • Information about certificates (domain name, subject name, issuer name, expiration date, certificate status, certificate type, date certificate was added)
• Information about operation of the system integrity scan task (name, type, path) and information about the system baseline
• Information about network activity, packet rules, and network attacks
• User role information:
  • Name and identifier of the user who initiated changing the user role
  • User role
  • Name of the user who has been assigned or revoked the role
• Information about executable files detected on the computer (name, path, type and hash of the file; list of categories to which the application belongs; time of first launch of the application; name and version of the application; name of the application vendor; information about the certificate used to sign the application: serial number, fingerprint, issuer, subject, release date, expiration date, and public key).
• Container information (names of containers or container images, paths to containers or container images, repository URL)

Data sent to Kaspersky Industrial CyberSecurity for Networks

If Kaspersky Industrial CyberSecurity for Linux Nodes integration with Kaspersky Industrial CyberSecurity for Networks is enabled, Kaspersky Industrial CyberSecurity for Linux Nodes submits to Kaspersky Industrial CyberSecurity for Networks integration server the following information, which may contain personal and confidential data:

• Device and user data:
  • Device name and time.
  • Family, name, and version of the operating system.
  • Information about network interfaces (description, IPv4 address, list of IP addresses with subnet mask, MAC address, metric number, DNS domain name).
  • Device internal unique ID.
  • User name and ID.
  • User group name and ID.
• Information about Kaspersky Industrial CyberSecurity for Linux Nodes installed:
  • Application name and version.
  • The date of the last application update.
  • Information about license keys (serial number, type, license validity period, key status).
  • Application database version.
  • List of supported API versions.
• Information about established network connections:
  • Local IP address, port and MAC address.
  • Remote IP address, port and MAC address
  • Gateway IP address
  • Protocol type (according to IANA), protocol number and EtherType
  • Number of received and sent packages
• Information about processed files:
  • File name and unique ID
  • File type and size
  • Full path to the file image
  • File system attribute mask
  • The time when the file was created and modified.
  • Checksums (MD5 and SHA-256).
  • File privileges, including inherited and effective.
• Information about running processes:
  • Process UID and PID.
  • Session ID.
  • Executed command
  • Environment variables
• Information about detected and processed threats:
  • Detected threat name and detection technology name according to Kaspersky classification.
  • Application database version.
  • Web address from which the infected object was downloaded.
  • Threat processing status
  • The reason why the threat cannot be eliminated.

The transmitted data can be stored on a device with Kaspersky Industrial CyberSecurity for Linux Nodes. When the application is uninstalled, all saved data is deleted from the device.

Page top