Data transferred between solution components

During their operation, Kaspersky Security solution components may save and send to other solution components and to other Kaspersky applications the following information that may contain personal and confidential data:

• While deploying the SVM and editing SVM settings, the SVM Management Wizard or the Integration Server (also when using the Integration Server REST API) send the SVM settings to the SVM. This may include passwords for the root and klconfig user accounts set by the user. After deployment or reconfiguration, the SVM sends its own settings and ID (BIOS ID) to the SVM Management Wizard for display or to the Integration Server.
• During SVM deployment or SVM reconfiguration, the Integration Server Web Console and the Integration Server transfer the SVM configuration settings between each other. Information thus transmitted may include the root and klconfig account passwords, as well as the paths to the SVM image description file and the Network Agent distribution package specified by the user. After deployment or reconfiguration of an SVM, the Integration Server sends the SVM settings and BIOS ID to the Integration Server Web Console for display.
• To make the installation and operation of the solution possible, the SVM Management Wizard and the Integration Server (also when using the Integration Server REST API) receive information about the virtual infrastructure, save it, and transmit it between each other and to the Protection Server. The transmitted data can contain IDs (BIOS ID) and names of the virtual machines, IP-addresses or names of the hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure.
• To make the installation and operation of the solution possible, the Integration Server Web Console and the Integration Server transfer information about the virtual infrastructure between each other. The transmitted data can contain IDs (BIOS ID) and names of the virtual machines, IP-addresses or names of the hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure.
• The Protection Server sends the Kaspersky Security Center Administration Server a list of Light Agents connected to the SVM. The transmitted data may include IDs (BIOS ID), names, and paths of protected virtual machines in the virtual infrastructure.
• The Integration Server management console that you are using (the Integration Server Console or the Integration Server Web Console) and the Integration Server exchange data necessary for managing the settings of the solution. The transmitted data may include addresses of hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, as well as account settings for connecting to virtual infrastructure, the Integration Server, and the Kaspersky Security Center Administration Server. If the solution is installed in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, the address and settings of the accounts used to connect to VMware NSX Manager may also be sent.
• Light Agent sends the following data to the Protection Server:
  • To activate the Light Agent: the validity term of the license key status confirmation; the ID (BIOS ID) of the protected virtual machine; information about the license that the Light Agent needs to work.
  • To update the Light Agent databases: software identifier obtained from the license; full version of the software; software license identifier; software installation identifier (PCID); processed web address; license type; identifier of the update start.
  • To provide protection, while scan tasks are running: information that is necessary for scanning objects. The transmitted information may include IDs (BIOS OD) of protected virtual machines, the names of files and paths to them in the file system, the checksums of files, web addresses, and the scanned objects or their fragments.
  • To obtain statistics: OS version of the protected virtual machine; localization of the Light Agent; names of the active Light Agent components; ID (BIOS ID) of the protected virtual machine.
• To update the databases and modules of the solution, the Protection Server transmits information about the needed updates to the Kaspersky Security Center Administration Server and receives updates from it. The transmitted data includes the software installation ID (PCID) and the license number specified in the License certificate.
• To receive information that is used when selecting an SVM to connect to, Light Agents send the ID of the protected virtual machine to the Integration Server and the Protection Server.
• In an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, Light Agents and the Protection Server may send the Integration Server information about security tags that are assigned to a protected virtual machine upon detection of viruses, malware, or activity that is typical of network attacks. The IDs of protected virtual machines are also sent.
• The Protection Server and Light Agent receive the operating settings specified using policies from the Kaspersky Security Center Administration Server. The transmitted information may include the paths to files and registry keys, web addresses, IP addresses of the Integration Server and SVMs, settings for connecting SVMs and Light Agents to the Integration Server, private keys of SVMs and the Integration Server.
• When using the solution in multitenancy mode, the Integration Server receives information about tenants and their virtual machines via the Integration Server REST API and stores it in the database. The following data may be sent: tenant name, identifier, and description, and other information about the tenant specified by the service provider's administrator; identifier of a tenant's virtual machine; account settings for connecting to a virtual Kaspersky Security Center Administration Server configured for the tenant; identifier of virtual Kaspersky Security Center Administration Server. The Integration Server can send information about tenants and virtual machines of tenants kept in the database for display in the Integration Server management console that you are using (Integration Server Console or Integration Server Web Console) or when responding to an Integration Server REST API request.
• When using the solution in multitenancy mode, the information necessary for generating tenant protection reports may be sent to the Protection Server from Light Agents, and from the Protection Server to the Integration Server. The following may be transmitted: IDs of the SVM and the protected virtual machine, time periods when the Light Agent was connected to the SVM.
• When using the application in multitenancy mode, the Integration Server sends to Kaspersky Security Center Administration Server the information required to create a tenant protection infrastructure: tenant name, account settings for connecting to the virtual Kaspersky Security Center Administration Server, and operating settings specified using policies, including IP addresses of the Integration Server and SVMs.
• During the execution of tasks, the Protection Server and Light Agent send information about the task settings and results to the Kaspersky Security Center Administration Server. The transmitted information may include the user name and password indicated in the task settings for the user account used to run the task.
• To generate reports and events, the Integration Server, Protection Server, and Light Agents send information about the operation of the solution to Kaspersky Security Center Administration Server. The Integration Server can also send the names of SVMs, addresses of hypervisors, virtual infrastructure administration servers, or cloud infrastructure microservices, the address of VMware NSX Manager, the names of accounts for connecting the Integration Server to the virtual infrastructure and VMware NSX Manager, and the address of the reserve Integration Server. The information transmitted by the Protection Server and the Light Agent may include user names, names of processed files and paths to them in the file system, and processed web addresses.
• While activating the solution, the Protection Server receives from the Kaspersky Security Center Administration Server and saves license information, including information about the client to which the license was issued, and the number of the license specified in the license certificate. After activation, the Protection Server sends to the Kaspersky Security Center Administration Server information about the license that was used to activate the solution; this is done to keep track of license limits and generate a report about license key usage. The Protection Server also transmits license information to the Light Agent (for activating the Light Agent) and the Integration Server. The Integration Server sends this information to the Integration Server management console that you are using (Integration Server Console or Integration Server Web Console) for display.
• To remove duplicate virtual machines from the list of managed devices in Kaspersky Security Center, the Integration Server and the Kaspersky Security Center Administration Server transfer information about the devices. The transmitted information may include device IDs.
• If a high-availability cluster of Integration Servers is deployed in your infrastructure, the primary and reserve Integration Servers transmit the connection settings of the virtual infrastructures and the Integration Server, as well as information about SVMs. The transmitted information may include the addresses of hypervisors, virtual infrastructure management servers, or cloud infrastructure microservices, account settings for connecting to the virtual infrastructure and the Integration Server, IDs (BIOS ID) and addresses of SVMs, private keys of the Integration Server and SVMs.

  If the solution is installed in an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, the address and settings of the accounts used to connect to VMware NSX Manager may also be sent.

For a description of the data that applications running in Light Agent mode can transmit to other Kaspersky applications, see the Help for the relevant application.

The specified information is transmitted over encrypted data channels (except for the information necessary for scanning objects, and the information that is used when selecting SVMs). The connection between Light Agents and Protection Servers is not encrypted by default. You can enable encryption of the data channel between the Light Agents and the Protection Servers in the solution settings.

Page top