Data transferred when using the application in Light Agent mode
January 23, 2024
ID 266696
If Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments as part of Kaspersky Security for Virtualization Light Agent, the application saves the following information, which may contain personal and confidential data, and sends it to other solution components during operation of the application.
- To carry out the activation process, Kaspersky Endpoint Security sends the following data to the Protection Server: OS type of the protected virtual machine, ticket validity period; ticket request time (in UTC format); identifier (BIOS ID) of the protected virtual machine.
- To update the Light Agent databases, Kaspersky Endpoint Security sends the following data to the Protection Server: software identifier obtained from the license; full version of the software; software license identifier; software installation identifier (PCID); processed web address; type of installed license; identifier of the update start.
- To provide protection, Kaspersky Endpoint Security sends the Protection Server the information that is necessary for scanning objects while scan tasks are running. The transmitted information may include the names of files and paths to them in the file system, the checksums of files, web addresses, and the scanned objects or their fragments.
- In an infrastructure managed by a VMware vCenter Server and VMware NSX Manager, Kaspersky Endpoint Security may send the Integration Server information about security tags that are assigned to a protected virtual machine upon detection of viruses, malware, or activity that is typical of network attacks. The IDs of protected virtual machines are also sent.
- To get information that is used when selecting an SVM for connection, Kaspersky Endpoint Security sends the identifier of the protected virtual machine to the Integration Server and Protection Server.
- When using the Kaspersky Security for Virtualization Light Agent solution in multitenancy mode, the information necessary for generating tenant protection reports may be sent to SVMs from the Kaspersky Endpoint Security Protection Server. The following data may be sent: identifier of the protected virtual machine; type and version of the guest operating system installed on the protected virtual machine; time intervals when Kaspersky Endpoint Security was connected to SVMs.
- To obtain statistics, Kaspersky Endpoint Security sends the following information to the Protection Server: information about the OS version of the protected virtual machine; localization of Kaspersky Endpoint Security; names of active Kaspersky Endpoint Security components; identifier (BIOS ID) of the protected virtual machine.
The specified information is transmitted over encrypted data channels (except for the information necessary for scanning objects, and the information that is used when selecting SVMs). The connection between Kaspersky Endpoint Security and the Protection Servers is not encrypted by default. You can enable encryption of the data channel between the Light Agents and the Protection Servers in the Kaspersky Endpoint Security settings.
