Data in requests to Kaspersky Industrial CyberSecurity for Networks server

During integration with Kaspersky Industrial CyberSecurity for Networks, the following data can be stored locally on the device with Kaspersky Endpoint Agent in the %ProgramData%\Kaspersky Lab\Endpoint Agent\4.1\Data\Cache\Queue\Kics folder.

All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is uninstalled.

Data sent by Kaspersky Endpoint Agent to the Kaspersky Industrial CyberSecurity for Networks server:

• Network interface data:
  • Network interface description
  • Domain
  • MAC address
  • Metric number
  • List of IP addresses that consists of a set of entries in the following format: IP address / subnet mask / gateway address
• Patch lists
  • Patch number
  • Patch installation date
• Lists of installed EPP applications:
  • EPP application name
  • Application version
  • Application database version
  • Date of the last application update
  • List of license keys (number, type, expiration date, key status)
• Data on established network connections:
  • Local IP address
  • Local MAC address
  • Remote IP address
  • Remote MAC address
  • Gateway IP-address
  • Protocol type (according to IANA)
• Depending on the component, Kaspersky Endpoint Agent sends the following data to the Kaspersky Industrial CyberSecurity for Networks server:
  • Object type.
  • Object name.
  • Command line to run the object.
  • Hash of the object image on disk.
  • Identifier of the object process.
• Application and user data:
  • Process start and process termination events.
  • Outbound network connection establishment event.
  • Login events with different user accounts.
  • Open ports event.
• Reports on task execution results:
  • Task execution errors and return codes.
  • Statuses with which the tasks were completed.
  • Task completion time.
  • Version of the settings used for execution of the tasks.
  • Information about the objects submitted to the server, quarantined objects, and objects restored from quarantine: paths to objects, checksums of objects, identifiers of quarantined objects.