About data provision

End User License Agreement

When activating Kaspersky Endpoint Security by the activation code, in order to verify legitimate use of the application and to provide statistical information on the distribution and use of Kaspersky products, you agree to automatically provide the following information during use of Kaspersky Endpoint Security:

• The type, version and localization of the installed Software.
• The versions of the installed updates.
• The identifier of the computer and the identifier of the Software installation on the computer.
• The activation code and unique activation identifier for the current license.
• The type, version and word size of the operating system.
• The name of the virtual environment when the Software is installed in a virtual environment.
• The identifiers of the Software components that are active at the time the information is provided.
• The supported data source.
• Timeout.
• Date and time on the user's computer.
• Protocol version.
• Protocol content type.
• Protocol content length.
• The type of data compression used.
• The type of signature on the activation ticket.
• Regional Activation Center identifier.
• Activation code hash calculated using the SHA1 algorithm.
• Ticket body hash calculated using the SHA1 algorithm.
• License ticket creation date and time.
• License activation identifier.
• Current license ticket identifier.
• License ticket sequence identifier.
• Date and time of license activation.
• Date and time of license expiration.
• License status.
• License version.
• The unique identifier of the user's computer.
• License ticket header version.
• Application name.
• Transferred data type.
• Transferred data scheme version.
• The full version of the operating system.
• Description of the used virtual machine.
• List of IDs for compatible applications.

When you use Kaspersky update servers to download the updates, in order to increase the efficiency of the update procedure, you agree to periodically provide the following information for the application identification during database and module updates:

• Software ID (AppID).
• Active license ID.
• Unique software installation ID (InstallationID).
• Unique update task launch ID (SessionID).
• Version of application (BuildInfo).

Kaspersky Security Network (KSN) Statement

Use of the KSN may increase the Software's speed of reaction to information and network security threats. The declared purpose is achieved by:

• Determining the reputation of scanned objects.
• Identifying information security threats that are new and challenging to detect, and their sources.
• Taking prompt measures to increase the protection of the data stored and processed by a user with the computer.
• Reducing the likelihood of false positives.
• Increasing the efficiency of application components.
• Investigating an infection of a user's computer.
• Improving the performance of the Kaspersky products.
• Receiving reference information about the number of objects with known reputation.
• Promptly identifying and correcting errors related to the installation, removal, and updating of the product.

During use of the KSN, Kaspersky will automatically receive and process data. The data transmitted by the user depends on the type of license installed and the Kaspersky Security Network use settings specified.

If you use a license for 1-4 nodes, Kaspersky will automatically receive and process the following data during use of the Kaspersky Security Network:

• Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
• Full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service's decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer); public key of the certificate; digital certificate thumbprint of the scanned object and hashing algorithm.

If you use a license for 5 or more nodes, Kaspersky will automatically receive and process the following data during use of the Kaspersky Security Network:

• Information about the version of the operating system (OS) and service packs installed on the computer, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode.
• Information about the failed last OS reboot: number of failed reboots.
• Information about the Kaspersky installed application and the anti-virus protection status: unique identifier of the instance of application installation on the computer, application type, ID of application type, the full version of the application installed, the identifier of the application settings version, the identifier of the computer type, the unique identifier of the computer on which the application is installed, the unique User identifier in the Kaspersky services, locale language and operation state, version of the installed Software components and their operation state, version of the protocol used to connect with the Kaspersky services.
• Full version of installed Software; type of installed Software; Software update ID; ID of reputation service; protocol type ID; ID of a regional activation center; version of list of revoked Software service`s decisions; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; Unique ID of the instance of application installation on the computer; license activation date; license expiration date; license identifier; status of the license used by the Software; checksum type for the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; checksum of the object being processed; checksum of the Software activation code; full version of the Software; unique device ID; Software ID; checksum of the Software key file; ID of the information model used to provide the Software license; identifier of the certificate used to sign the Software license ticket header; the Software license ticket create date and time; the Software license ticket checksum; the Software license ticket version; the Software activation code version; format of the data in the request to Rightholder infrastructure; current license ticket ID; the Software component ID; the result of the Software action; error code; accessed address of the web service (URL, IP); port number; web address of the source of the web service request (referrer).
• Information about all scanned objects and operations: the name of the scanned object, the date and time of the scan, the URL- and Referrer addresses from which it was downloaded, the size of scanned files and the paths to them, the archive sign, the date and time of the file's creation, the name, size and checksums (MD5, SHA2-256) of the packer (if the file was packed), the file's entropy, the file's type, the file type code, the executable file sign, ID and format, the object's checksum (MD5, SHA2-256), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate): data on the certificate's publisher, number of starts of the object since the last statistics delivery, ID of the application's scanning task, the means of receiving information about the object's reputation, the value of the target filter, technical parameters of the applicable detection technologies.

  For executable files: the entropy of the file sections, reputation verification flag or file signature flag, name, type, ID type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, an attribute indicating presence in the Autorun list, date of entry, the list of attributes, name of the packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format, file build date and time.

• Information about the applications launched and their modules: checksums (MD5, SHA2-256) of running files, size, attributes, creation date, name of the packer (if the file was packed), names of files, information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, a description of the application that the process belongs to (the name of the application and information about the publisher), as well as the digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature), and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), information about the availability and validity of these statistics, identifier of the mode for generating the statistics being sent.
• If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Kaspersky classification, the date and time of the last update of the anti-virus database, executable file name, the checksum (MD5) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the vulnerability identifier and its threat level, the URL and Referrer of the web page where the vulnerability was detected.
• If a potentially malicious object is detected, information is provided about data in the processes' memory.
• Network attack information: IP address of the attacking computer and number of the port on the user's computer targeted by the network attack, ID of the attack protocol, name and type of attack.
• Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process's file and its digital signature, local and remote IP addresses, numbers of local and remote connection ports, connection state, timestamp of the port's opening.
• The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier, weight and degree of the rule used to reach a verdict, the objective of the attack.
• Information about updates of the installed application and anti-virus databases: status of completion of the update task, type of error that may have occurred during the update process, the number of unsuccessful updates, the identifier of the application component that performs updates.
• Information about the use of Kaspersky Security Network (KSN): KSN identifier, application identifier, full version of the application, depersonalized IP address of the user's device, indicators of the quality of fulfillment of KSN requests, indicators of the quality of the processing of KSN packets, indicators of the number of KSN requests and information about the types of KSN requests, date and time when statistics began being sent, date and time when statistics finished being sent, information about KSN configuration updates: identifier of the active configuration, identifier of the configuration received, error code of the configuration update.
• Information about system log events: event time, name of the log where the event has been detected, type and category of event, name of the event source and event description.
• Information to determine the reputation of files and URL-addresses: the URL-address at which the reputation is being requested and the Referrer, the connection's protocol type, the internal identifier of the application type, the number of the port being used, the User identifier, checksum of the scanned file (MD5), type of the detected threat, information about the record used to detect a threat (record identifier for the anti-virus databases, the record timestamp and type); public key of the certificate; digital certificate thumbprint of the scanned object and hashing algorithm.
• Data on the application territorial distribution: date of the application installation and activation, ID of the partner providing the license for the application activation, application ID, application language localization ID, license serial number for the application activation, KSN participation sign.
• Information about the license used: the type and validity period of the license, number of days till license expiration, identifier of the partner from whom the license was purchased, Regional Activation Center identifier, checksum of the activation code, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, license information identifier, license ticket identifier, license ticket sequence identifier, unique identifier of the user's computer, date from which the license ticket is valid, date to which the license ticket is valid, license ticket current state, ticket header version, license version, ticket header signature certificate identifier, checksum of the key file, ticket header signer serial number, authentication token.
• Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
• Information about the operation of the Web Control component: component version, categorization reason, additional information about categorization reason, categorized URL, host IP address of blocked/categorized object.

In addition, in order to achieve the declared purpose of increasing the effectiveness of protection provided by the application, Kaspersky may receive objects that could be exploited by intruders to harm the computer and create information security threats. Such objects are:

• Executable or non-executable files or parts thereof
• Computer's RAM areas
• Sectors involved in the OS boot process
• Network traffic data packages
• Web pages and emails containing suspicious or malicious objects
• Description of classes and class instances for the WMI storage
• Application activity reports

Application activity reports contain the following information about the files and processes:

• Name, size, and version of the file being sent, it's description and checksums (MD5, SHA2-256, SHA1), format ID, its manufacturer's name, the name of the application the file belongs to, the fully qualified path to the file on the computer and the path template code, date and time of file creation and update.
• Certificate validity start and end dates and times if the file being sent has a digital signature, date and time when the certificate was signed, name of the certificate issuer, information about the certificate holder, impression and public key of the certificate and algorithms used to calculate them, certificate serial number.
• Name of the account that had run the process.
• Checksums (MD5, SHA2-256, SHA1) for the name of the computer that is running the process.
• Process' windows headers.
• ID for the anti-virus databases, name of the identified threat according to the Kaspersky classification.
• Information about the license used for the application, license ID, its type and expiry date.
• Computer's local time at the moment the information was provided.
• The names and paths of the files that were accessed by the process.
• URL- and IP addresses that were accessed by the process.
• URL- and IP addresses from which the running file was downloaded.

In addition, in order to achieve the declared purpose with respect to preventing false positives, the Rightholder may receive trusted executable and non-executable files or their parts.

Read Kaspersky Security Network Statement

Kaspersky Endpoint Security saves the following information in a Trace file:

• Information about the device and operating system (unique device ID, device type, MAC addresses of network devices, operating system type, operating system version).
• Information about the operation of the application and its modules.
• Information about the subscription (subscription type, region).
• Information about the language locale, application ID, application customization, application version, unique application installation ID, unique computer ID.
• Information about the anti-malware protection status of the computer, as well as all processed and detected objects (the name of the detected object, date and time of detection, the web address from which it was downloaded, the names and sizes of infected files and paths to them, the IP address of the attacking computer and the number of the computer port targeted by the network attack, list of malware activity, and unwanted web addresses), and the relevant actions and decisions taken by the application and the user.
• Information about applications downloaded by the user (web address, attributes, file size, and information about the process that downloaded the file).
• Information about the launched applications and application modules (size, attributes, creation date, PE header details, region, name, location, and packers).
• Information about interface errors and usage of the interface of the installed Kaspersky application.
• Information about network connections: the IP address of the remote computer and the user's computer, the numbers of ports used to establish the connection, and the network protocol of the connection.
• Information about network packets received and sent by the computer over IT and telecom networks.
• Information about email and instant messages sent and received.
• Information about web addresses visited: the time when the connection was established using an open protocol, data on the website login and password, and the content of cookies.
• Public certificate of the server.

Trace files contain only the information necessary to fix defects in the application. Kaspersky uses trace files to investigate incidents associated with errors in the operation of the Kaspersky Endpoint Security application.

By default, the creation of trace files is disabled. You can enable generation of trace files in the application settings.

Trace files can only be manually sent to Kaspersky. The application does not send trace files to Kaspersky automatically.

You can choose how trace files are sent to Kaspersky.

Before sending trace files to Kaspersky, please review the data they contain.

Important: Trace files may contain personal or sensitive information. By sending trace files to Kaspersky, you agree to provide to Kaspersky all data contained in the trace files you send and you consent to the method used to send them.

Files (or their parts) that may be exploited by intruders to harm the computer or data may be also sent to Kaspersky to be examined additionally.

Kaspersky protects any information received in accordance with law and applicable Kaspersky rules. Data is transmitted over a secure channel.

Participation in Kaspersky Security Network is voluntary. The decision to participate is made when you install the application. However, you can change your decision later at any time.