How to comply with GDPR requirements when using Kaspersky Endpoint Security for Windows
This article concerns:
- Kaspersky Endpoint Security 11.5.0 for Windows (version 11.5.0.590)
- Kaspersky Endpoint Security 11.4.0 for Windows (version 11.4.0.233)
- Kaspersky Endpoint Security 11.3.0 for Windows (version 11.3.0.773)
- Kaspersky Endpoint Security 11.2.0 for Windows (version 11.2.0.2254)
- Kaspersky Endpoint Security 11.1.1 (version 11.1.1.126)
- Kaspersky Endpoint Security 11.1.0 (version 11.1.0.15919)
- Kaspersky Endpoint Security 11.0.1 (version 11.0.1.90)
- Kaspersky Endpoint Security 11.0.0 (version 11.0.0.6499)
- Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 4 (version 10.3.3.304)
- Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 3 (version 10.3.3.275)
- Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 2 (version 10.3.0.6294)
- Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 1 (version 10.3.0.6294)
- Kaspersky Endpoint Security 10 Service Pack 2 (version 10.3.0.6294)
- Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 4 (version 10.2.6.3733)
For information concerning versions not listed above, please refer to a corresponding documentation section.
Kaspersky Endpoint Security may transmit data to Kaspersky Lab in the following scenarios:
- When you are using Kaspersky Security Network.
- If you activate the application with an activation code.
- When you download updates for anti-virus databases and application modules.
- When following links in the interface.
- When transmitting application dump files.
Irrespective of the data classification and territory from which the data is received, Kaspersky Lab adheres to the highest standards for data security and employs various legal, organizational and technical measures to protect the data of users, to guarantee its security and confidentiality, and also to ensure the fulfillment of users' rights as guaranteed by applicable legislation. For details, see this article about the privacy policy for Kaspersky Lab products and services.
In accordance with the requirements of the General Data Protection Regulation and according to the Kaspersky Lab classification for the B2B segment, personal information may be contained only in data that is transmitted to Kaspersky Lab during use of Kaspersky Security Network. Nevertheless, individual companies may also deem information transmitted in other traffic as sensitive data in accordance with their own internal classifications and standards.
For this reason, prior to beginning use of Kaspersky Endpoint Security for Windows, please carefully read the description of transmitted data presented below. If specific data transmitted from Kaspersky Endpoint Security for Windows under any of the scenarios described above may be classified as personal data according to your local legislation or other regulations, you must ensure that such data is processed legally and obtain the consent of end users for the collection and transmission of such data.
If you do not want to submit the data described below to Kaspersky Lab, follow our recommendations to disable the transmission of such data.
Data transmitted to Kaspersky Lab when using Kaspersky Security Network
The use of Kaspersky Security Network ensures faster responses by Kaspersky Endpoint Security to new threats, improves the performance of some protection components, and reduces the likelihood of false positives.
When using Kaspersky Security Network, the application will automatically send Kaspersky Lab the data described in the Kaspersky Security Network Statement. You can read the Statement in the following resources:
- In this article for Kaspersky Endpoint Security 10 for Windows.
- In this article for Kaspersky Endpoint Security 11 for Windows versions 11.0.0 and 11.0.1.
- In this article for Kaspersky Endpoint Security 11 for Windows versions 11.1.0–11.4.0.
- In the file named ksn_en.txt in the application distribution kit.
- In the application interface when the Kaspersky Security Network option is enabled.
A portion of the data transmitted from Kaspersky Endpoint Security for Windows to Kaspersky Security Network is classified as personal data according to the legislation of certain countries (as well as according to the General Data Protection Regulation for countries within the European Union). For more details about the General Data Protection Regulation, please visit this link.
For this reason, prior to enabling participation in Kaspersky Security Network, you must independently ensure that data is processed legally. This shall include data that may be classified as personal data in accordance with your local legislation. For this purpose, you must obtain the consent of end users prior to beginning use of the application.
If you do not want to provide Kaspersky Lab with the data described in the Kaspersky Security Network Statement, you can:
- Use a local reputation database of Kaspersky Private Security Network on your own network. Kaspersky Private Security Network can be installed and used in your data center under the complete control of your IT professionals. Your IT infrastructure and security operations center (SOC) will reap the full benefits of cloud technologies while your company maintains confidentiality and fulfills all the requirements of regulatory agencies. For details about this, please follow this link.
- Do not use Kaspersky Security Network in Kaspersky Endpoint Security for Windows.
Data transmitted to Kaspersky Lab when the application is activated
All supported versions of Kaspersky Endpoint Security for Windows let you activate the application using either an activation code or a key file.
If an activation code is used to activate the application, Kaspersky Endpoint Security will automatically send Kaspersky Lab the following information:
- Type, version, and localization of Kaspersky Endpoint Security
- Versions of installed updates for Kaspersky Endpoint Security
- ID of the computer and ID of the specific Kaspersky Endpoint Security installation on the computer
- Activation code and unique ID of the specific activation of the current license
- Type, version and bit rate of the operating system, and name of the virtual environment (if Kaspersky Endpoint Security is installed in a virtual environment)
- IDs of Kaspersky Endpoint Security components that are active when the information is transmitted
According to the Kaspersky Lab classification for the B2B segment, information that is transmitted as part of activation does not contain personal data.
Kaspersky Lab requires such information to verify that Kaspersky Endpoint Security is being legitimately used, and such information may also be used to generate statistical information on the dissemination and use of the software.
If you do not want to submit this information to Kaspersky Lab, please use a key file to activate the application.
Data transmitted to Kaspersky Lab when downloading anti-virus database updates and application updates
When updating from Kaspersky Lab servers, all supported versions of Kaspersky Endpoint Security will automatically transmit the following information:
- Version of Kaspersky Endpoint Security
- ID of the active license
- ID of Kaspersky Endpoint Security
- Serial number of the active license
- Unique ID of the upgrade task start
- Unique ID of the Kaspersky Endpoint Security installation
According to the Kaspersky Lab classification for the B2B segment, this information does not contain personal data.
Kaspersky Lab requires this information to verify that Kaspersky Endpoint Security is being legitimately used.
If you do not want to provide this information to Kaspersky Lab, use Kaspersky Security Center or the Kaspersky Update Utility to download updates.
Data transmitted to Kaspersky Lab when following links from the Kaspersky Endpoint Security interface
When following links from the user interface of Kaspersky Endpoint Security, the following information may be transmitted:
- Version of Kaspersky Endpoint Security
- Version of the operating system
- Kaspersky Endpoint Security activation date
- License expiration date
- Key creation date
- Kaspersky Endpoint Security installation date
- ID of Kaspersky Endpoint Security
- ID of the active license
- ID of the detected vulnerability in the operating system
- ID of the last update installed for Kaspersky Endpoint Security
- ID of the vulnerability found when scanning for vulnerable applications
- Hash of the detected threat, and the name of this threat according to the Kaspersky Lab classification
- Kaspersky Endpoint Security activation error category and code
- Error code
- Number of days until key expiration
- Number of days that have elapsed since the key was added
- Number of days that have elapsed since the license expired
- Number of computers on which the active license is applied
- Serial number of the active license
- Kaspersky Endpoint Security license term
- Current status of the license
- Type of active license
- Application type
- Unique ID of the upgrade task start
- Unique ID of the Kaspersky Endpoint Security installation
- Unique software installation ID on the computer
- Kaspersky Endpoint Security interface language
According to the Kaspersky Lab classification for the B2B segment, data transmitted in links is not personal data and is required by Kaspersky Lab to redirect the user to a public resource of Kaspersky Lab on which the user will be able to view requested information. The precise list of data transmitted in each specific link depends on where the link is located in the application interface and which problem it aims to resolve.
If you do not want to submit this information to Kaspersky Lab, you can:
- Use the simplified interface. This option is available beginning with Kaspersky Endpoint Security 11.
- Hide the user interface on workstations. This option is available in all supported versions of Kaspersky Endpoint Security for Windows.
Data transmitted to Kaspersky Lab when application dump files are sent
In some cases, conflicts between the application and other software installed on the computer or drivers of computer components may cause the application to crash. If such a crash occurs and the Enable dump writing option is enabled in the application settings, an application dump file will be written and this file will contain all information about the working memory of Kaspersky Endpoint Security processes at the moment when this file is created.
Kaspersky Lab requires this information to analyze and fix errors in application operation.
Versions preceding Kaspersky Endpoint Security 11 let you configure the transmission of dump files to Kaspersky Lab for analysis and resolution of errors. By default, transmission of dump files is disabled but the Send dump and trace files to Kaspersky Lab option can be enabled.
If the Send dump and trace files to Kaspersky Lab option is enabled, each time the application starts it checks whether there were malfunctions during its previous startup. If malfunctions occurred, the application prompts you to transmit dump files to Kaspersky Lab.
The terms and procedure for submitting information written to application dump files are described in the Regulation on data provisioning. The files will be transmitted to Kaspersky Lab only after you have clearly confirmed your consent to the terms of the Regulation.
If you do not want to send Kaspersky Lab the data described in the Regulation, you can disable any of the Enable dump writing or Send dump and trace files to Kaspersky Lab options.
Beginning with Kaspersky Endpoint Security 11, the Send dump and trace files to Kaspersky Lab option has been removed from the application, and there is no scenario for automatic transmission of dump files to Kaspersky Lab.