Kaspersky Security Center 13.2

Monitoring the anti-virus protection status using information from the system registry

To monitor the anti-virus protection status on a client device using information logged by Network Agent, depending on the operating system of the device:

  • On the devices running Windows:
    1. Open the system registry of the client device (for example, locally, using the regedit command in the Start → Run menu).
    2. Go to the following hive:
      • For 32-bit systems:

        HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState

      • For 64-bit systems:

        HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState

      The system registry displays information about the anti-virus protection status of the client device.

  • On the devices running Linux:
    • Information is enclosed in separate text files, one for each type of data, located at /var/opt/kaspersky/klnagent/1103/1.0.0.0/Statistics/AVState/.
  • On the devices running macOS:
    • Information is enclosed in separate text files, one for each type of data, located at /Library/Application Support/Kaspersky Lab/klnagent/Data/1103/1.0.0.0/Statistics/AVState/.

The anti-virus protection status corresponds to the values of the keys described in the table below.

Registry keys and their possible values

Key (data type)

Value

Description

Protection_LastConnected (REG_SZ)

DD-MM-YYYY HH-MM-SS

Date and time (in UTC format) of the last connection to the Administration Server

Protection_AdmServer (REG_SZ)

IP, DNS name, or NetBIOS name

Name of the Administration Server that manages the device

Protection_NagentVersion (REG_SZ)

a.b.c.d

Build number of the Network Agent installed on the device

Protection_NagentFullVersion (REG_SZ)

a.b.c.d (patch1; patch2; ...; patchN)

Full number of the Network Agent version (with patches) installed on the device

Protection_HostId (REG_SZ)

Device ID

ID of the device

Protection_DynamicVM (REG_DWORD)

0 — no

1 — yes

The Network Agent is installed in the dynamic VDI mode

Protection_AvInstalled (REG_DWORD)

0 — no

1 — yes

A security application is installed on the device

Protection_AvRunning (REG_DWORD)

0 — no

1 — yes

Real-time protection is enabled on the device

Protection_HasRtp (REG_DWORD)

0 — no

1 — yes

A real-time protection component is installed

Protection_RtpState (REG_DWORD)

Real-time protection status:

0

Unknown

1

Disabled

2

Paused

3

Starting

4

Enabled

5

Enabled with the high protection level (maximum protection)

6

Enabled with the low protection level (maximum speed)

7

Enabled with the default (recommended) settings

8

Enabled with custom settings

9

Operation failure

Protection_LastFscan (REG_SZ)

DD-MM-YYYY HH-MM-SS

Date and time (in UTC format) of the last full scan

Protection_BasesDate (REG_SZ)

DD-MM-YYYY HH-MM-SS

Date and time (in UTC format) of the application databases release