Kaspersky Security Center 14

Monitoring the anti-virus protection status using information from the system registry

February 19, 2024

ID 3644

To monitor the anti-virus protection status on a client device using information logged by Network Agent, depending on the operating system of the device:

  • On the devices running Windows:
    1. Open the system registry of the client device (for example, locally, using the regedit command in the Start → Run menu).
    2. Go to the following hive:
      • For 32-bit systems:

        HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState

      • For 64-bit systems:

        HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState

      The system registry displays information about the anti-virus protection status of the client device.

  • On the devices running Linux:
    • Information is enclosed in separate text files, one for each type of data, located at /var/opt/kaspersky/klnagent/1103/1.0.0.0/Statistics/AVState/.
  • On the devices running macOS:
    • Information is enclosed in separate text files, one for each type of data, located at /Library/Application Support/Kaspersky Lab/klnagent/Data/1103/1.0.0.0/Statistics/AVState/.

The anti-virus protection status corresponds to the values of the keys described in the table below.

Registry keys and their possible values

Key (data type)

Value

Description

Protection_LastConnected (REG_SZ)

DD-MM-YYYY HH-MM-SS

Date and time (in UTC format) of the last connection to the Administration Server

Protection_AdmServer (REG_SZ)

IP, DNS name, or NetBIOS name

Name of the Administration Server that manages the device

Protection_NagentVersion (REG_SZ)

a.b.c.d

Build number of the Network Agent installed on the device

Protection_NagentFullVersion (REG_SZ)

a.b.c.d (patch1; patch2; ...; patchN)

Full number of the Network Agent version (with patches) installed on the device

Protection_HostId (REG_SZ)

Device ID

ID of the device

Protection_DynamicVM (REG_DWORD)

0 — no

1 — yes

The Network Agent is installed in the dynamic VDI mode

Protection_AvInstalled (REG_DWORD)

0 — no

1 — yes

A security application is installed on the device

Protection_AvRunning (REG_DWORD)

0 — no

1 — yes

Real-time protection is enabled on the device

Protection_HasRtp (REG_DWORD)

0 — no

1 — yes

A real-time protection component is installed

Protection_RtpState (REG_DWORD)

Real-time protection status:

0

Unknown

1

Disabled

2

Paused

3

Starting

4

Enabled

5

Enabled with the high protection level (maximum protection)

6

Enabled with the low protection level (maximum speed)

7

Enabled with the default (recommended) settings

8

Enabled with custom settings

9

Operation failure

Protection_LastFscan (REG_SZ)

DD-MM-YYYY HH-MM-SS

Date and time (in UTC format) of the last full scan

Protection_BasesDate (REG_SZ)

DD-MM-YYYY HH-MM-SS

Date and time (in UTC format) of the application databases release

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.