Data sent to Kaspersky Security Center

During operation, Kaspersky Endpoint Security saves and submits to Kaspersky Security Center the following information, which may contain personal and confidential data:

• Information about the databases used by the application:
  • List of the database categories required by the application
  • Date and time when the databases were released and loaded into the application
  • Date when the downloaded application database updates were released
  • Time of the last application database update
• Application license information:
  • License serial number and type
  • License validity period in days
  • Number of devices covered by the license
  • Start and end dates of license term
  • License key status
  • Date and time of the last successful synchronization with activation servers if the application was activated using an activation code
  • Identifier of the application for which the license is intended
  • Functionality available under the license
  • Name of the organization for which the license is provided
  • Additional information if the application is used under subscription (subscription flag, subscription expiration date and the number of days available for renewing the subscription, subscription provider web address, current subscription status and the reason for this status), date and time when the application was activated on the device
  • Expiration date and time of the application license on the device
• Information about the application updates:
  • List of updates to be installed or removed
  • Update release date and the sign of the Critical status
  • Name, version, and short description of the update
  • Link to the detailed description of the update
  • Identifier and text of the End User License Agreement and the Privacy Policy for the application updates
  • Identifier and text of Kaspersky Security Network Statement for the application updates
  • Indicator showing if the update can be removed
  • Versions of the application policy and administration plug-in
  • Web address for downloading the application administration plug-in
  • Names, version, and installation dates of the installed application updates
  • Error code and description if the update installation or removal completed with an error
  • Sign and reason for the device or application restart necessity because of the application update
• User agreement or disagreement with the terms and conditions of Kaspersky Security Network Statement, End User License Agreement and Privacy Policy
• List of tags assigned to the device
• List of device statuses and reasons they are assigned.
• General application status and the status of all its components; policy compliance information, real-time protection status of the device.
• Date and time of the last device scan; number of scanned objects; number of detected malicious objects; number of blocked, deleted and disinfected objects; number of objects that cannot be disinfected; number of scan errors; number of detected network attacks
• Data on the currently applied values of the application settings
• The current status and execution results of the group and local tasks and the values of their settings
• Information about external devices connected to the client device (ID, name, class, manufacturer, description, serial number, VID/PID)
• Information about backup file copies in Storage (name, path, size and type of the object, description of the object, name of the detected threat, version of the application database which is used to detect the threat, date and time when the object was moved to Storage), actions on the objects in Storage (removed, restored), and the files by administrator request.
• Information about the operation of each application component and about the execution of each task represented as events:
  • Date and time of event
  • Name and type of event
  • Event severity level
  • Name of the task or the application component running when the event occurred
  • Information about the application that triggered the event: application name, path to the file on the disk, process identifier, setting values​ (if the application launch or settings modification event is triggered)
  • User ID
  • Name of the initiator (task scheduler, application, Kaspersky Security Center, or a user) whose actions triggered the event
  • Name and identifier of the user who initiated access to the file
  • Object or action processing result (description, type, name, threat level and accuracy, file name and type of operation on the device, application decision on the operation)
  • Information about the object (object name and type, path to the object on the disk, object version, size, information about the performed action, event trigger description, description of the reason for not processing and skipping the object)
  • Device information (manufacturer name, device name, path, device type, bus type, identifier, VID/PID, system device flag, name of the device access rule schedule)
  • Information about blocking and unblocking the device; information about blocked connections (name, description, device name, protocol, remote address and port, local address and port, packet rules, actions)
  • Information about requested web address
  • Information about detected objects
  • Detection type and method
  • Information about the performed action
  • Information about the application databases (date when the downloaded database updates are released, information on the database usage, database usage errors, information on canceling the installed database updates)
  • Information about encryption detection (ransomware name; name of the device where encryption was detected; information about blocking and unblocking the device)
  • Application settings and network settings
  • Information about the triggered Application Control rule (name and type) and the result of its application
  • Information about containers and container images (names of containers or container images, paths to containers or container images, repository URL)
  • Information about active and blocked connections (name, description, and type)
  • Information about blocking and unblocking access to untrusted devices
  • Information about the use of KSN (KSN state, KSN infrastructure, identifier of the KSN Statement in extended mode, acceptance of the KSN Statement in extended mode, identifier of the KSN Statement, acceptance of the KSN Statement)
  • Information about certificates (domain name, subject name, issuer name, expiration date, certificate status, certificate type, date certificate was added, issue date, serial number, SHA-256 thumbprint)
  • Information about external systems that are part of corporate software solutions (integration server address)
• Information about operation of the system integrity scan task (name, type, path) and information about the system baseline
• Information about network activity, packet rules, and network attacks
• User role information:
  • Name and identifier of the user who initiated changing the user role
  • User role
  • Name of the user who has been assigned or revoked the role
• Information about executable files detected on the client device (name, path, type, and hash of the file; list of categories to which the application belongs; time of the first file launch; name, identifier, and version of the application; name of the application vendor; information about the certificate used to sign the application: serial number, thumbprint, issuer, subject, release date, expiration date, and public key).