About data provision

In the course of operation, the application uses data that requires the permission of the Kaspersky Web Traffic Security administrator to be transmitted or processed.

You can view the list of data and the terms on which it is used as well as give consent to data processing in the following agreements between your organization and Kaspersky:

In the End User License Agreement.
According to the terms of the End User License Agreement that you have accepted, you consent to automatically send Kaspersky the information required to enhance the protection of the corporate IT infrastructure. This information is enumerated in the End User License Agreement in the Data Processing Terms:
- Application ID
- Application version number
- Unique application installation ID
- License ID
- Update session ID
- Unique ID of the motherboard
If Kaspersky Web Traffic Security was installed from an ISO file, you can view the text of the End User License Agreement at any time in the /opt/kaspersky/kwts-appliance-addon/share/htdocs/<language code>/eula directory in Technical Support Mode.

If Kaspersky Web Traffic Security is installed from an RPM or DEB package, you can view the text of the End User License Agreement at any time in the /opt/kaspersky/kwts/share/htdocs/<language code>/eula directory.
In the Privacy Policy.
In the Kaspersky Security Network Statement and the Supplementary Kaspersky Security Network Statement.
In the course of participation in the Kaspersky Security Network and submission of KSN statistics to Kaspersky, information can be transmitted that was obtained as a result of the application operation. The list of data that is transmitted is provided in the Kaspersky Security Network Statement and the Supplementary Kaspersky Security Network Statement.
- IP address of the user's computer.
- Information about the application and the computer: unique ID of the computer on which the application is installed; unique ID of the application installation; full version of the installed application; ID of the application type; type, version, edition, bitness, and operating mode settings of the operating system; information about the installed update packages.
- Information about scans of URLs by the Anti-Virus and Anti-Phishing modules: URL of the web resource in which a threat was detected; URL of the original page or the page from which the user was redirected to the specific URL; application database release date and time; name of the organization and web resource that was attacked; scan result (trust level, weight, and status of the decision); time of the event.
- Information about scanned files: name, size, MD5- or SHA256 hash of the scanned file; IDs of the file type and format; name of the detected threat according to the Kaspersky classification; IDs of anti-virus databases and the records in anti-virus databases that were used to scan the file; anti-virus database release date and time; URL from which the scanned file was downloaded; name of the process file that downloaded the scanned object, message, or link; certificate fingerprint and SHA256 hash of the public certificate key for signed files.
- Information about errors in application operation: ID of the application component that experienced the error; ID of the error type; excerpts from component activity reports.
- Information about updates of application components and databases: version of the component whose databases are updated; database update error code if errors occur; application status after database update; number of unsuccessful attempts to update databases; number of crashes of the component that is updated.
- Information about the Updater component: version of the Updater component; result of an update for the Updater component; type and ID of the error when updating the Updater component if errors occur; update task completion code for the Updater component; number of crashes of the Updater component during update tasks; number of unsuccessful attempts to update the Updater component.

Kaspersky protects any information received in this way as prescribed by law and applicable rules of Kaspersky. Data is transmitted through encrypted data channels.

The memory of Kaspersky Web Traffic Security may contain any data of application users that is being processed. The Kaspersky Web Traffic Security administrator must independently ensure the security of such data.

By default, access to personal data of users is granted only to the root user of the operating systems, the Kaspersky Web Traffic Security Local Administrator, and the kluser system user for running application components. The application itself does not provide the tools to restrict the privileges of administrators and other users of operating systems in which the application is installed. The administrator is advised to use any system resources at their own discretion to control access to the personal data of other users.

The following table contains the complete list of user data that can be stored by Kaspersky Web Traffic Security.

User data that can be stored in Kaspersky Web Traffic Security

Data type	Where data is used	Storage location	Storage duration

Basic functionality of the application
Account names of application administrator and users. Access permissions of user accounts of the application. Hash of the local administrator password. IP addresses of users. User account name and password that the application uses to connect to the proxy server. Keytab files used for connecting to the LDAP server. Names of user accounts in LDAP and other LDAP attributes.	Application configuration	/var/opt/kaspersky	Indefinite.
Names of user accounts in LDAP and other LDAP attributes. IP addresses of users. Comments.	Traffic processing rules	/var/opt/kaspersky	Indefinite.
Information from requests to access web resources: IP addresses of users. User account names and domains of users. URLs of requested web resources.	Application statistics	/var/opt/kaspersky	Indefinite.
Information from requests to access web resources: User Agent and IP addresses of users. User account names and domains of users. URLs of requested web resources. Names of downloaded files. Information about the LDAP attributes of users: Names of user accounts in LDAP and other LDAP attributes.	Traffic processing event log	/var/opt/kaspersky Syslog event log (configured by the administrator)	In accordance with settings specified by the user of the application. By default, the storage term is 3 days or the maximum size of the log is 1 GB. When this limit is reached, the older records are deleted.
Name of the user account that initiated the event. IP addresses used for downloading updates. IP addresses of update sources. Information about downloaded files and the download speed.	System events log	/var/opt/kaspersky Syslog event log (configured by the administrator)	In accordance with settings specified by the user of the application. 100 thousand records are stored by default. When this limit is reached, the older records are deleted.
Information from requests to access web resources: IP addresses of users. User account names and domains of users. URLs of requested web resources. Names of downloaded files. Data on application updates: IP addresses used for downloading updates. IP addresses of update sources. Information about downloaded files and the download speed. Information about user accounts: Names of users that signed in to the application web interface. Names of user accounts in LDAP and other LDAP attributes.	Trace files	/var/log/kaspersky	Indefinite. When 150 GB is reached for each trace stream, the oldest records are deleted.
	Trace files	/var/log/kaspersky/extra	Indefinite. When 400 GB is reached for each trace stream, the oldest records are deleted.
Information from requests to access web resources: IP addresses of users. User account names and domains of users. URLs of requested web resources. Bodies of HTTP messages containing cookies, and downloaded files.	Temporary files	/tmp/kwtstmp	Until the application is restarted.
Integration with Kaspersky Anti Targeted Attack Platform (KATA)
Users' files	Sending files to the KATA server	/tmp/kwtstmp	Until the application is restarted. The maximum allowed size of the queue is 5 thousand files. When this limit is reached, files are no longer placed in queue.
Information from KATA alerts: MD5- or SHA256 hash of the file. URLs.	Receiving objects detected by KATA	/var/opt/kaspersky/kwts/detects.cache	Specified by the user in the Cache storage period (hours) setting. The default value is 48 hours.
Active Directory® integration
User DN record. User CN record. sAMAccountName. UPN suffix. objectSID.	Traffic processing rules. Single Sign-On authentication. Autocompletion of user accounts when managing the roles and privileges of users, and when configuring traffic processing rules.	/var/opt/kaspersky/kwts/ldap/cache.dbm	Indefinite. Data is regularly updated. When integration with Active Directory is disabled, the data is deleted.
Use of Kaspersky Security Network (KSN)
MD5- or SHA256 hash of the scanned file. IDs of the type and format of the scanned file. Name of the detected threat according to the Kaspersky classification. IDs of anti-virus databases and records in anti-virus databases that were used to scan the file. Anti-virus database release date and time. URL from which the scanned file was downloaded. Name of the process file that downloaded the scanned object, message, or link. Normalized URLs of requested web resources containing the protocol type and port number. Certificate fingerprint and SHA256 hash of the public certificate key for signed files.	Transmission of KSN requests	/var/opt/kaspersky	Indefinite. The maximum number of stored records is 360 thousand. When this limit is reached, the records that have not been requested for the longest time are deleted.
User IP address. Information about the application and the computer: Unique ID of the computer on which the software is installed. Unique application installation ID. Full version of the installed application. ID of the application type. Type, version, edition, bit rate, and operating mode settings of the operating system. Information about the installed update packages. Information about scans of URLs by the Anti-Virus and Anti-Phishing modules. URL of the web resource in which a threat was detected. URL of the original page or the page from which the user was redirected to the specific URL. Application database release date and time. Name of the organization and the web resource that was attacked. Scan result (trust level, weight, and status of the decision). Event time. Information about scanned files: Name, size, MD5- or SHA256 hash of the scanned file. IDs of the file type and format. Name of the detected threat according to the Kaspersky classification. IDs of anti-virus databases and records in anti-virus databases that were used to scan the file. Anti-virus database release date and time. URL from which the scanned file was downloaded. Name of the process file that downloaded the scanned object, message, or link. Information about errors of the application: ID of the application component that encountered an error. ID of the error type. Excerpts from component operation reports. Information about updates of application components and databases: Version of the component whose databases are updated. Database update error code, if an error occurs. Application status after database update. Number of unsuccessful attempts to update the databases. Number of crashes of the component that is updated. Information on the Updater component: Version of the Updater component. Result of the update for the Updater component. Type and ID of the error when updating the Updater component, if an error occurs. Update task completion code for the Updater component. Number of crashes of the Updater component during update tasks. Number of unsuccessful attempts to update the Updater component.	KSN statistics	/var/opt/kaspersky	Until the statistics are sent to KSN. After disabling the sending of KSN statistics in application settings, the data is deleted when the next attempt to send them occurs.
Functionality available only when the application is deployed from an ISO image.
Decryption of TLS/SSL connections: SSL Bumping certificates. Common name and Organization fields from a Certificate Signing Request (CSR). SHA1- or SHA256 fingerprints of trusted certificates. Files of private certificate keys. Files can be accessed only over the SSH protocol after an SSH public key is uploaded through the application web interface. Kerberos authentication settings: Keytab files. Tokens (hash strings) of users. Domain identifiers (SID) of users. Names of user accounts. NTLM authentication settings: Active Directory server address. Active Directory server certificate.	Built-in proxy server settings.	/etc/squid/ /var/opt/kaspersky/	Indefinite. Data is deleted when the corresponding settings are deleted in the web interface of the application. Certificate files may be overwritten when the certificate is replaced.
Information from requests to access web resources: URLs of requested web resources. IP addresses and DNS names of web servers. IP addresses of trusted load balancers. IP address of the ICAP server. IP addresses of users. HTTP headers of processed HTTP messages.	Proxy server event log	/var/log/squid/icap.log /var/log/squid/ssl.log /var/log/squid/squid.out /var/log/squid/access.log /var/log/squid/cache.log	Indefinite. When 3 GB is reached for each trace stream, the oldest records are deleted.
Kerberos authentication settings: Keytab files. Tokens (hash strings) of users. Domain identifiers (SID) of users. Names of user accounts.	Proxy server event log	/var/log/squid/cache.log	Indefinite. When 10 GB is reached for each trace stream, the oldest records are deleted.
NTLM authentication settings: Domain identifiers (SID) of users. Names of user accounts. Bodies of NTLM messages in Base64 encoding. Encoded LDAP messages.	Proxy server event log	/var/log/squid/cache.log	Indefinite. When 10 GB is reached for each trace stream, the oldest records are deleted.
Connection over the SSH protocol: User IP address. User account name. SSH key fingerprint. Connection through the web interface: User IP address. User account name.	Authorization event log	/var/log/secure	No more than 5 weeks. Files are rotated once a week.
Information from requests to access web resources: User Agent and IP addresses of users. User account names and domains of users. URLs of requested web resources. Names of downloaded files. Information about the LDAP attributes of users: Names of user accounts in LDAP and other LDAP attributes. Information about system events: Name of the user account that initiated the event. IP addresses used for downloading updates. IP addresses of update sources. Information about downloaded files and the download speed.	System events and traffic processing events log	/var/log/kwts-messages	No more than 5 weeks. Files are rotated once a week.

You can manage the dump settings if you use the superuser account to manage the application from the management console of the server on which the application is installed. A dump is generated whenever the application crashes and can be useful for analyzing the causes of the crash. The dump may include any data, including fragments of analyzed files.

By default, dump generation in Kaspersky Web Traffic Security is disabled.

Access to such data can be gained using the management console of the server on which the application is installed, using a user account with superuser privileges.

When sending diagnostic information to Kaspersky Technical Support, the Kaspersky Web Traffic Security administrator must independently ensure the security of dump files and trace files.

The administrator of Kaspersky Web Traffic Security is responsible for access to this information.

Page top