Kaspersky Embedded Systems Security 3.x

About data provision

October 25, 2023

ID 147908

The License Agreement for Kaspersky Embedded Systems Security for Windows, specifically the section entitled "Terms of data processing", specifies the terms, liability, and procedure for sending and processing the data indicated in this Guide. Before accepting the License Agreement, carefully review its terms as well as all documents linked to by the License Agreement.

The data Kaspersky receives from you when you use the application is protected and processed in accordance with the Privacy Policy available at www.kaspersky.com/Products-and-Services-Privacy-Policy.

The terms of the License Agreement and Privacy Policy are available during installation of Kaspersky Embedded Systems Security for Windows as a part of distribution kit and from the Start menu (All programs > Kaspersky Embedded Systems Security for Windows > EULA and Privacy Policy) after the installation.

During the Kaspersky Embedded Systems Security for Windows uninstallation, all the data stored by Kaspersky Embedded Systems Security for Windows on the protected device is deleted.

By accepting the terms of the End User License Agreement, you agree to automatically send the following data to Kaspersky:

  • To support the mechanism for receiving updates – information about the installed application and its activation: identifier of the application being installed and its full version, including build number, type, and license identifier, installation identifier, update task identifier.
  • To use the ability to navigate to Knowledge Base articles when application errors occur (Redirector service) – information about the application and link type: the name, locale, and full version number of the application, type of redirecting link, and error identifier.
  • To manage confirmations for data processing – information about the status of acceptance of license agreements and other documents, that stipulate data transferring terms: identifier and version of the License Agreement or other document, as a part of which the data processing terms are accepted or declined; an attribute, signifying the user’s action (confirmation or recall of the terms acceptance); date and time of status changes of the data processing terms acceptance.

Local data processing

While executing the application's primary functions described in this Guide, Kaspersky Embedded Systems Security for Windows locally processes and stores a set of data on the protected device.

The table below contains information about local processing and storing by Kaspersky Embedded Systems Security for Windows of data contained in reports.

Processing and storing of data contained in reports

Functional area

Event registration

Type of use

Kaspersky Embedded Systems Security for Windows stores the data locally and sends the data to the Administration Server. The Administration Server database stores information about application events that occur on the managed protected devices.

Storage

  • %ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Embedded Systems Security for Windows\<product version>\Reports
  • %SystemRoot%\System32\Winevt\Logs\Kaspersky Security.evtx
  • Administration Server's database

Security measures

Access-control list.

Storage period

Kaspersky Embedded Systems Security for Windows stores the data until the uninstallation of Kaspersky Embedded Systems Security for Windows.

During the Kaspersky Embedded Systems Security for Windows uninstallation, all the data stored by Kaspersky Embedded Systems Security for Windows on the protected device is deleted.

Purpose

Providing primary functionality.

Kaspersky Embedded Systems Security for Windows does not delete events in the Windows Event Log including events that occur when uninstalling Kaspersky Embedded Systems Security for Windows.

In order to provide event registration functionality, Kaspersky Embedded Systems Security for Windows processes the following data locally:

  • Names, checksums (MD5, SHA-256) and attributes of processed files and full paths to them on the scanned media.
  • Actions taken on scanned files by Kaspersky Embedded Systems Security for Windows.
  • User actions taken on scanned files on the protected device.
  • Information about accounts of users performing any actions on the protected network or protected device.
  • Device Instance Path values for devices added to the Device Control rules.
  • Information about processes and scripts running on the system: checksums (MD5, SHA-256) and full paths to executable files, information about digital certificates.
  • Windows Firewall settings.
  • Windows Event Log entries.
  • Names of user accounts taking actions on scanned files on the protected device.
  • Instances of executable files being started, and the types, names, checksums, and attributes of these files.
  • Information about network activity:
    • The IP addresses of blocked external devices.
    • Processed IP addresses.
  • Information about the Windows USN Journal status.

The following table contains information about the service data processed by the Kaspersky Embedded Systems Security for Windows. The service data includes: program parameters, quarantined and backup files, information in the program’s service databases, license data.

The table below contains information about local processing and storing by Kaspersky Embedded Systems Security for Windows of data about parameters specified by a user.

Processing and storing of data about parameters specified by a user

Functional area

All Kaspersky Embedded Systems Security for Windows functionality

Type of use

Kaspersky Embedded Systems Security for Windows stores the data locally and sends the data to the Administration Server. The data is stored in Administration Server database.

The data processed by the application locally is not automatically sent to Kaspersky or other third-party systems.

Storage

  • %ALLUSERSPROFILE%\Kaspersky Lab\Kaspersky Embedded Systems Security for Windows\<product version>\
  • Administration Server's database

Security measures

Access-control list.

Processing period

Kaspersky Embedded Systems Security for Windows stores the data until the uninstallation of Kaspersky Embedded Systems Security for Windows.

During the Kaspersky Embedded Systems Security for Windows uninstallation, all the data stored by Kaspersky Embedded Systems Security for Windows on the protected device is deleted.

Kaspersky Embedded Systems Security for Windows does not delete the data about parameters exported into configuration file.

Kaspersky Embedded Systems Security for Windows does not delete Quarantine objects and Backup objects if the Export quarantine objects and Export Backup objects check boxes are selected in the Setup Wizard.

Purpose

Providing primary functionality.

For the specified purposes, Kaspersky Embedded Systems Security for Windows processes the following data locally:

  • Objects placed in Quarantine or Backup.
  • Information about user accounts (usernames and passwords) under which Kaspersky Embedded Systems Security for Windows runs tasks.
  • Kaspersky Embedded Systems Security for Windows password.
  • IP addresses and identifiers of blocked logon sessions.
  • Windows Firewall settings and Windows Firewall rules settings.
  • Checksums (MD5, SHA-256) and paths to executable files added to the Application Launch Control task rules.
  • Device Instance Path values for devices added to the Device Control rules.
  • Information about files and folders included in scopes of Kaspersky Embedded Systems Security for Windows tasks.
  • IP addresses included or excluded from the protection scope.
  • Information about events in the Windows Event Log.
  • Information about detections with the use of iSwift or iChecker technology.
  • Checksums (MD5, SHA-256), full paths and masks specified in exclusions settings.
  • Information about processes added to the Trusted Zone.
  • Information about added license keys.
  • Information about digital certificates.
  • Files unpacked from an archive or other composite object during the scan.

Kaspersky Embedded Systems Security for Windows processes and stores data as part of the application's basic functionality, including to log application events and receive diagnostic data. Locally processed data is protected in accordance with the configured and applied application settings.

Kaspersky Embedded Systems Security for Windows lets you configure the level of protection for data processed locally (Managing access permissions for Kaspersky Embedded Systems Security for Windows functions, Event registration. Kaspersky Embedded Systems Security for Windows logs). You can change user privileges to access processed data, change data retention periods for such data, entirely or partially disable functionality that involves data logging, and change the path and attributes of the folder on the drive where data is logged.

The data processed by the application locally is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application during operation is removed after Kaspersky Embedded Systems Security for Windows is uninstalled from the protected device.

Files with diagnostic information (trace and dump files), application events in the Windows Event Log, and files with exported Kaspersky Embedded Systems Security for Windows settings are an exception. We recommend that you delete these files manually.

You can find the detailed information about working with files containing diagnostic data of the application in the corresponding sections of this Guide.

You can delete Windows Event Log files containing Kaspersky Embedded Systems Security for Windows application events using standard operating system tools.

Local data processing by means of the application auxiliary components

The Kaspersky Embedded Systems Security for Windows installation package comprises the application auxiliary components, which can be installed on your device even if Kaspersky Embedded Systems Security for Windows is not installed on it. Such auxiliary components are:

  • The Application Console. This component is included as part of Kaspersky Embedded Systems Security for Windows Administration Tools and is a Microsoft Management Console snap-in.
  • The Administration Plug-in. This component provides a full integration with Kaspersky Security Center application.

While performing the main functions of the application described in this Guide, the application auxiliary components locally process and store a set of data on the protected device where they are installed, even if they are installed separately from Kaspersky Embedded Systems Security for Windows.

The application components locally process and store the following data:

  • The Application Console: the name of the protected device with Kaspersky Embedded Systems Security for Windows installed (IP address or domain name) to which the Application Console last connected remotely; display parameters configured in the Microsoft Management Console snap-in; data about the last folder in which the user selected objects via the Application Console (using a system dialog opened by clicking the Browse button). The Application Console trace files can also contain the following data: the name of the protected device with Kaspersky Embedded Systems Security for Windows installed to which the remote connection was established, the name of the user account under which the remote connection was established.
  • The Administration Plug-in can process and temporarily store data processed by Kaspersky Embedded Systems Security for Windows; for example, configured settings of application tasks and components, settings of Kaspersky Security Center policies, data sent in network lists.

The table below contains information about local processing and storing by Kaspersky Embedded Systems Security for Windows of data written in dump and trace files.

Kaspersky Embedded Systems Security for Windows locally processes and stores the following data written in dump and trace files:

  • Information about actions performed by Kaspersky Embedded Systems Security for Windows on the protected device.
  • Information about objects processed by Kaspersky Embedded Systems Security for Windows.
  • Information about activity on the protected device that is processed by Kaspersky Embedded Systems Security for Windows.
  • Information about errors that occurred during the running of Kaspersky Embedded Systems Security for Windows.

The data processed by the auxiliary components is not automatically sent to Kaspersky or other third-party systems.

By default, all data locally processed by the application auxiliary components during the operation is deleted after removal of these components.

The exception is trace files of auxiliary application components. We recommend that you delete these files manually.

Data in trace and dump files

Kaspersky Embedded Systems Security for Windows can, in accordance with the settings, write debug information to trace files for the purposes of technical support during the operation of Kaspersky Embedded Systems Security for Windows.

Kaspersky Embedded Systems Security for Windows dump files are generated by the operating system during application crashes and are overwritten by the next crash.

Trace and dump files can include any personal data of a user or confidential data of your organization.

Do not use Kaspersky Embedded Systems Security for Windows on devices for which data submission is prohibited by the policy of your organization.

By default, Kaspersky Embedded Systems Security for Windows does not record debug information.

Trace and dump files are not automatically submitted beyond the host on which they were generated. The content of trace files can be viewed using standard text file viewers. Trace and dump files are kept indefinitely and are not deleted when uninstalling Kaspersky Embedded Systems Security for Windows.

Debug information can be useful for Technical Support.

No special mechanisms are provided for limiting access to trace and dump files. The administrator can configure this data to be written to a protected folder.

The path to the trace and dump file folder is not configured by default. To use the trace and dump folder, the administrator must specify it.

Data in trace and dump files can contain:

  • Information about actions performed by Kaspersky Embedded Systems Security for Windows on the protected device.
  • Information about objects processed by Kaspersky Endpoint Agent.
  • Errors arising during the operation of Kaspersky Endpoint Agent.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.