Kaspersky Security Network Statement in Kaspersky Endpoint Security 10 for Windows SP1 MR1
Kaspersky Security Network Statement
A. INTRODUCTION
Please read this document thoroughly. It provides important information that you should be acquainted with before continuing to use our services or software. We reserve the right to modify this Statement at any time by making changes to this page.
Kaspersky Lab ZAO (further Kaspersky Lab) has created this Statement in order to inform and disclose its data gathering and dissemination practices for Kaspersky Endpoint Security 10 for Windows.
Kaspersky Lab has a strong commitment to providing superior service to all of our customers and particularly respecting your concerns about Data Processing.
This Statement contains numerous general and technical details describing the steps we take to respect your Data Processing concerns. Meeting your needs and expectations forms the foundation of everything we do - including protecting your Data.
The Kaspersky Security Network service allows users of Kaspersky Lab security products from around the world to help facilitate identification and reduce the time it takes to provide protection against new ("in the wild") and complex security threats and their sources, intrusion threats, as well as increasing the protection level of information stored and processed by the computer's user. This information contains no personally identifiable information about the user and is utilized by Kaspersky Lab for no other purposes but to enhance its security products and to further advance solutions against malicious threats and viruses.
By participating in Kaspersky Security Network, you and the other users of Kaspersky Lab security products from around the world contribute significantly to a safer Internet environment.
Legal Issues (if applicable)
Kaspersky Security Network may be subject to the laws of several jurisdictions because its services may be used in different jurisdictions, including the United States of America. Kaspersky Lab shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Kaspersky Lab guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Kaspersky Security Network may vary by country.
Kaspersky Security Network shall duly inform the users concerned when initially processing the above-mentioned information of any sharing of such information and shall allow these Internet users to opt in (in the EU Member States and other countries requiring opt-in procedures) or opt out (for all other countries) online from the commercial use of this data and/or the transmission of this data to third parties.
Kaspersky Lab may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate documentation. Kaspersky Lab may also provide information to law enforcement to protect its property and the health and safety of individuals as permitted by statute.
B. RECEIVED INFORMATION
In order to detect new data security threats and increase the protection of the data stored and processed by the user with a computer, the User agrees to provide the following information:
- date of software installation and activation, the full software version, including information about installed updates and the software's locale;
- information about the software installed on the computer, including the version of the operating system and installed updates, kernel objects, drivers, services, Microsoft Internet Explorer extensions, printing system extension, Windows Explorer extensions, downloaded objects, Active Setup elements, control panel applets, entries in the hosts file and system registry, versions of browsers and mail clients;
- information about the computer's hardware, including a checksum of the HDD's serial number;
- data about software tools used to fix problems in software installed on the User's computer, or to change its functionality, and the return codes received after the installation of each piece of software;
- information about the state of the computer's anti-virus protection, including the versions and release dates and times of the anti-virus databases being used, statistics about updates and connections with Kaspersky Lab services, job identifier and the identifier of the software component performing scanning;
- information about files being downloaded by the User, including the URL and IP addresses of the download and the download pages, the status of the URLs as malicious or not, file attributes and size; information about the process that downloaded the file (creation/build date and time, autoplay status, attributes, names of packers, information about signatures, executable file flag, format identifier, and entropy), the file's digital signature, the URL where detection occurred, the script's number on the page that appears to be suspicious or harmful, information about HTTP requests generated and the response to them.
- information about the running applications and their modules, including checksums (MD5) of running files, size, attributes, creation date, and PE-file header information, names of packers (if the file was packed), code of the account under which the process has been started, command line parameters used to start the process, names of files and their modules;
- information about all potentially malicious objects and actions, including the name of the detected object and the full path to the object on the computer, checksums (MD5) of the files being processed, detection date and time, names and size of downloaded files and paths to them, code of the path template, names of packers (if the file was packed), file type code, file format identifier, list of the activities of malicious applications and associated decisions made by the software and the User, identifiers for the anti-virus databases the software used to make a decision, name of the detected threat according to Kaspersky Lab's classification, danger level and detection status, reason for including a file in the analyzed context and the file's serial number in, checksum (MD5), name and attributes of the executable file for the application that passed the infected message, anonymized IP address (IPv4 and IPv6) of the blocked object's host, the file's entropy, autoplay status, time of the file's first detection in the system, number of times the file has been run since the last time statistics were sent, information about the name, checksum (MD5) and size of the mail client used to receive the malicious object, identifier of the entry in the anti-virus databases used to arrive at a verdict, job identifier of the software that performed the scan, reputation verification flag or file signature flag, result of processing the file;
- information about scanned objects, including the assigned trust group to which and/or from which the file has been placed, the reason the file was placed in that category, category identifier, information about the source of the categories and the version of the category database, the file's trusted certificate flag, name of the file's vendor, file version, name and version of the software product which includes the file;
- information about vulnerabilities detected, including the vulnerability ID in the database of vulnerabilities, the vulnerability danger class, and the status of detection;
- information about emulation of the executable file, including the version of the emulation component, emulation depth, scan type, statistical data and an array of properties obtained during the emulation of the trusted objected, real and virtual size of the trusted section of an object and the number of sections, sizes of emulation patterns and their checksums, number of unique logical blocks in the emulation pattern and the frequency of repetitions of these blocks, checksum of the logical blocks, number and frequency of repetitions of logical blocks in a file, number of functions within logical blocks and within patterns, root- or unpacked object flag, flag for sending data about patterns and logical blocks, data from the executable file's PE headers, the file's sections' entropy and statistical information, hashes (Minwise and Cosin) calculated using the emulation results;
- information about network attacks, including the IP address of the attacking computer (IPv4 and IPv6), the number of the port on the User's computer that the network attack is directed at, identifier of the protocol of the IP packet containing the attack, the attack's target (organization name, website), identifier of the packets being sent and received, flag for the reaction to the attack, the attack's weight, trust level;
- information about attacks associated with spoofed network resources, including the DNS and IP addresses (IPv4 and IPv6) of visited websites, number of IP address assignments for the domain name, checksum (MD5) of the detected object;
- information about the rolling back of malware's activities, including data about the file whose activities are being rolled back (file name, full path to the file, its size and checksum (MD5)), data about successful and unsuccessful actions to delete, rename, and copy files and restore values in the registry (names of registry keys and their values), information about system files changed by malware, before and after the roll back;
- service information about the software's operation, including the compiler version, silent-detect flag (a special type of verdict for the scanned object), version of the set of statistics being sent, information about the availability and validity of these statistics, identifier of the mode for generating the statistics being sent, flag indicating whether the software is operating in interactive mode;
- information about the WebToolBar component, including user-made decisions about the quality/danger of domains, the checksums (MD5) of the scanned domain's URL and Referrer, the WebToolBar component's identifier.
Additionally, to prevent incidents and investigate those that do occur, the User agrees to provide trusted executable and non-executable files, application activity reports, URLs, portions of the computer's RAM, and the operating system's boot sectors.
In order to promptly detect and fix errors associated with installation, uninstallation, and updating of the product, and to record the number of users, the User agrees to provide information about the date of installation and activation of the software on the computer, the full version of the installed software (including the version of the installed software update), the software's locale language, name and type of software, type of installed license and its expiration date, identifier of the partner from whom the license was purchased, serial number of license, type of software installation on the computer (initial installation, updating, etc.) and an installation success flag or the installation error number, a unique identifier for the installation of the software on the computer, type and identifier of the application that is being updated, identifier of the update job, and a flag for the User's participation in KSN.
In order to increase the level of support and monitoring of the defined level of software protection, the User agrees to provide the following information about the results of testing software operability after applying of updates:
- information about the set of all installed updates, and the set of most recently installed/removed updates;
- the type of event that caused the update information to be sent;
- Duration since the installation of last update;
- Information about any currently installed anti-virus databases;
- CPU usage data;
- The number of active streams and streams in standby state;
- Memory usage data (Private Bytes, Non-Paged Pool);
- Number of software dumps and system dumps (BSOD) since the software was installed and since the time of the last update, including the identifier and version of the software module that crashed, the memory stack in the product's process, and information about the anti-virus databases at the time of the crash;
- The version of the installed software, including the version of the Nagent component;
- The set of installed software components, including the version of the installed encryption module and the status of each component;
- The operating system version, including the installed system updates.
To improve product performance, the User agrees to submit the following information to Kaspersky Lab:
- Information about software installed on the computer, including the operating system version and service packs installed;
- Information on the status of computer protection, including the protection status code;
- Version of the Updater component, number of crashes of the Updater component while running update tasks over the lifetime of the component;
- ID of the update task type, number of failed Updater attempts to complete update tasks.
Securing the Transmission and Storage of Data
Kaspersky Lab is committed to protecting the security of the information it processes. The information processed is stored on computer servers with limited and controlled access. Kaspersky Lab operates secure data networks protected by industry-standard firewall and password protection systems. Kaspersky Lab uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Kaspersky Lab takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our products or services, including without limitation Kaspersky Security Network, and you use all these services at your own risk.
We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Kaspersky Lab employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Any stored data will not be associated with any personally identifiable information. Kaspersky Lab does not combine the data stored by Kaspersky Security Network with any data, contact lists, or subscription information that is processed by Kaspersky Lab for promotional or other purposes.
C. USE OF THE PROCESSED DATA
Kaspersky Lab processes the data in order to analyze and identify the source of potential security risks, and to improve the ability of Kaspersky Lab's products to detect malicious behavior, fraudulent websites, crimeware, and other types of Internet security threats to provide the best possible level of protection to Kaspersky Lab customers in the future.
Disclosure of Information to Third Parties
Kaspersky Lab may disclose any of the information processed if asked to do so by a law enforcement official as required or permitted by law, in response to a subpoena or other legal process or if we believe in good faith that we are required to do so in order to comply with applicable law, regulation, subpoena, or other legal process or enforceable government request. Kaspersky Lab may also disclose information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating this Statement, the terms of your agreements with the Kaspersky Lab or to protect the safety of our users and the public or under confidentiality and licensing agreements with certain third parties which assist us in developing, operating and maintaining the Kaspersky Security Network. In order to promote awareness, detection and prevention of Internet security risks, Kaspersky Lab may share certain information with research organizations and other security software vendors. Kaspersky Lab may also make use of statistics derived from the information processed to track and publish reports on security risk trends.
D. DATA PROCESSING - RELATED INQUIRIES AND COMPLAINTS
Kaspersky Lab takes and addresses its users' Data Processing concerns with utmost respect and attention. If you believe that there was an instance of non-compliance with this Statement with regard to your information or data, or you have other related inquiries or concerns, you may write or contact Kaspersky Lab by email: support@kaspersky.com.
In your message, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry or complaint promptly.
CHOICES AVAILABLE TO YOU
In case of refusal to participate in KSN the above data is not transmitted. The data is processed and stored in a restricted and protected partition on the user's computer. This data cannot be restored after uninstallation. If you agree to participate in KSN, the data is transferred to Kaspersky Lab for the above purposes.
The resulting information is protected by Kaspersky Lab in accordance with statutory requirements and applicable rules of Kaspersky Lab.
Kaspersky Lab uses the information only in anonymous form and in the form of aggregate statistics data. These general statistics are generated automatically from the source of the information and do not contain personal data and other confidential information. Initial information received is stored in an encrypted form and is destroyed upon accumulation (twice a year). General statistics are kept indefinitely.
Participation in Kaspersky Security Network is optional. You can activate and deactivate the Kaspersky Security Network service at any time by altering the Feedback settings on your Kaspersky Lab product's option's tab. Please note, however, if you choose to deactivate the Kaspersky Security Network service, we may not be able to provide you with some of the services dependent upon the processing of this data.
We also reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.
Kaspersky Lab is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare.
(c) 2014 Kaspersky Lab ZAO. All Rights Reserved.
