Data provided when using Kaspersky Anti Targeted Attack Platform

When integrating Kaspersky Endpoint Security with Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Security stores and send to Kaspersky Security Center the following information, which may contain personal and confidential data:

• Service data:
  • KATA server addresses
  • public key of the server certificate for integration with the EDR (KATA) component
  • cryptocontainer with the client certificate for integration with EDR (KATA) component
  • credentials for authenticating on the proxy server
  • settings for the frequency of synchronization with the KATA server and settings for sending data to the KATA server
  • status of the connection with the KATA server and information about client certificate and server certificate errors.

When integrating Kaspersky Endpoint Security with Kaspersky Anti Targeted Attack Platform, Kaspersky Endpoint Security stores the following information on devices:

• Information for synchronization requests to the EDR (KATA) component:
  • Unique identifier
  • Base part of the server address
  • Device name
  • IP address of the device
  • MAC address of the device
  • Local time on the device
  • Name and version of the operating system installed on the device
  • Version of Kaspersky Endpoint Security
  • Version of the application settings and task settings
  • Task status (task identifiers, statuses, error codes)
• Information from requests to the EDR (KATA) component in task execution reports:
  • IP address of the device
  • Task execution errors and return codes
  • Task completion statuses
  • Task completion time
  • Versions of task settings used
  • Information about processes started or stopped on the device at the server's request: PID and UniquePID, error code, MD5 and SHA-256 checksums of objects
  • Files requested by the server
  • Telemetry packets
  • Information about running processes:
    • executable file name, including the full path and extension
    • process launch settings
    • process identifier
    • system logon session code
    • system logon session name
    • process launch date and time
    • Checksums (MD5 and SHA-256)
  • Information about files:
    • File path
    • File name
    • File size
    • File attributes
    • Date and time of file creation
    • Date and time of last file modification
    • Checksums (MD5 and SHA-256)
  • Information about errors that occur while getting information about objects:
    • Full name of the object being processed when the error occurred
    • Error code
• Information from requests from the KATA server to the built-in agent of Kaspersky Endpoint Security (task settings):
  • Task types
  • Task start schedule settings
  • Names and passwords of accounts used to start tasks
  • Versions of settings
  • Paths to objects
  • Checksums (MD5 and SHA-256) of objects
  • Command line (including arguments) used to start the process
  • Description of services
  • Type of service start
• Parameters of the responses sent by the KATA server to the built-in agent of Kaspersky Endpoint Security:
  • Get_file:
    • Full path to the file or directory
    • Hashing algorithm Possible values: MD5 and/or SHA-256
    • Checksums (MD5 and SHA-256) of the file
  • Run_process:
    • Full path to the executable file used to start the process
    • Command line of the process
    • Full path to the working directory of the process