10.2
English
Kaspersky Endpoint Security licensing  >  About data provision

About data provision

End User License Agreement

When activating Kaspersky Endpoint Security by the activation code, in order to collect statistical information on the distribution and use of Kaspersky Lab products, you agree to automatically provide the following information during use of Kaspersky Endpoint Security:

  • The version of the installed software: the installed updates, installation ID and information about the current license.
  • The operating system version.
  • Identifiers of the Kaspersky Endpoint Security components that are active at the time of data provision.

Kaspersky Security Network statement

In order to identify new and challenging data security threats and their sources, as well as threats of intrusion, and to take prompt measures to increase the protection of the data stored and processed by the User with a computer, the User agrees to automatically provide the following information:

  • Information about the version of the operating system (OS) and service packs installed on the computer.
  • Information about the Right Holder's installed software and the anti-virus protection status, the unique user identifier in the KL services.
  • Information about all scanned objects and actions: the name of the scanned object, the date and time of the scan, the URL- and Referrer addresses from which it was downloaded, the size of scanned files and the paths to them, a sign of the archive, the date and time of file creation, the name, size and checksums (MD5, SHA2-256) of the packer (if the file was packed), the file's entropy, the file's type, the file type code, sign of executable file, identifier and format, the object's checksum (MD5, SHA2-256), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate) , number of starts of the object since the last statistics sending the task identifier of the software that performed the scan, and the means of receiving information about the object's reputation, the value of the TARGET filter, technical parameters of the applicable detection technologies.
  • For executable files: the entropy of the file sections, reputation verification flag or file signature flag, name, type, ID, type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, a sign of the Autorun list, date of entry, the list of attributes, name of the packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format, file build date and time.
  • Information about the running applications and their modules: checksums (MD5, SHA2-256) of running files, size, attributes, creation date, names of packers (if the file was packed), names of files, information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, a description of the product that the process belongs to (the name of the product and information about the publisher), as well as digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature), and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), information about the availability and validity of these statistics, identifier of the mode for generating the statistics being sent.
  • If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Right Holder's classification, the date and time of the last update of the anti-virus database, executable file name, the checksum (MD5) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the vulnerability identifier and its threat level, the URL and Referrer of the web page where the vulnerability was detected.
  • If a potentially malicious object is detected, information is provided about data in the processes’ memory.
  • Information about network attacks: the IP address of the attacking computer and the user's computer's port number at which the network attack is directed, the identifier of the protocol used to carry out the attack, and the name and type of attack.
  • Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process’s file and its digital signature, local and remote IP-addresses, numbers of local and remote connection ports, connection state, timestamp of the port’s opening.
  • The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier, weight and degree of the rule used to reach a verdict, the objective of the attack.
  • Information about updates of the installed product and anti-virus databases: the completion status of the update task, the type of an error that may occur during an update, the number of unsuccessful updates, the identifier of the product component that performs updates.
  • Aggregated data from the results of scanning using the local and cloud KSN databases: the version of the local KSN database on the computer at the time the statistics are sent, the software's database settings identifier, information about successful/unsuccessful requests to KSN, the duration of sessions with KSN, the amount of data sent and received, the times at which the collection of information to be sent to KSN was started and stopped.
  • Information about events in the systems logs: the event’s timestamp, the name of the log in which the event was found, type and category of the event, name of the event’s source and the event’s description.
  • Information to determine the reputation of files and URL-addresses: the URL-address at which the reputation is being requested and the Referrer, the connection’s protocol type, the internal identifier of the Software type, the number of the port being used, the User identifier, checksum of the scanned file (MD5), type of the detected threat, information about the record used to detect a threat (record identifier for the anti-virus databases, the record timestamp and type).

For additional examination the User agrees to provide files, their parts and checksums that could be exploited by intruders to harm the User’s computer.

Additionally, to prevent incidents and investigate those that do occur, the User agrees to provide trusted executable and non-executable files, reports about applications activity, portions of the computer’s RAM, and the operating system’s boot sectors, as well as the following information about files and processes:

  • The names and paths of the files that were accessed by the process.
  • URL- and IP-addresses that were accessed by the process.
  • URL- and IP-addresses from which the running file was downloaded.

To obtain data on the territorial distribution of software, you agree to automatically provide the right holder with the following information:

  • Software installation date and activation date.
  • Identifier of the partner who provided the license for software activation.
  • The software identifier, and the identifier of the software language localization.
  • Serial number of the license, installed in the software.
  • Sign of participation in KSN.

In order to promptly detect and fix errors associated with installation, uninstallation, and updating of the product, and to record the number of users, the User agrees to provide the following information:

  • Information about the Rightholder’s Software installed on the computer: the Software identifier, the identifier of the Software settings version.
  • Information about the versions of the operating system and installed updates: the word size, edition and parameters of the OS run mode.
  • Information about the license installed: the license type and its term, the number of days till the license expiration, identifier of the partner from whom the license was purchased.
  • Type of the Software installation on the computer (initial installation, updating, etc.) and the installation success flag or the installation error number, the type identifier of the computer and its model name.
  • Identifiers of 3rd party applications, which offer to install their application together with the Software, as well as identifiers of the 3rd party applications which were installed with the Software.

To improve performance of Kaspersky Lab’s products, the User agrees to submit the following information:

  • Information about computer: operating system and service packs installed, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode.
  • Information about the software installed on the computer: the name of the software and the name of its publisher, information about software components files: checksums (MD5, SHA2-256, SHA1), name of a file, its path on the computer, size, version and digital signature.
  • Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
  • Information about the last unsuccessful OS restart: the number of unsuccessful restarts.

When participating in KSN, you agree to provide the following information for all purposes mentioned above:

  • The unique software installation identifier.
  • The full version of the installed software.
  • The type identifier of the installed software.
  • The unique identifier of the computer with the installed software.

Read Kaspersky Security Network Statement

You agree to submit the following information for the purpose of Software identification during database and module updates:

  • Software ID (AppID)
  • Active license ID
  • Unique Software installation ID (InstallationID)
  • Unique Update task launch ID (SessionID)
  • Version of Software (BuildInfo)
  • Information about updating the Updater component, including unsuccessful update tasks, the number of failed starts after the upgrade, the version of the component, the error code, the ID of the type of update task, the status code of the software after the update, the date and time the statistics is sent.

To check the legitimacy of the Software use, the Rightholder reserves the right to verify that you have a licensed copy of Kaspersky Endpoint Security.

Kaspersky Endpoint Security can transmit the following license information needed to verify the legitimacy of the application use to the Kaspersky Lab:

  • Identifier of regional activation center.
  • Hashsum of activation code.
  • Time and date of ticket creation.
  • License information identifier.
  • License ticket identifier.
  • License ticket sequence identifier.
  • Unique identifier of user's computer HDD.
  • Date of from which the license ticket is valid.
  • The current state of license.
  • License version.
  • Ticket header ID.
  • Application ID of the currently used application.
  • List of application IDs of applications that are compatible with the currently used application.
  • Localization ID.
  • Application version.
  • Installation ID.
  • Application build ID.

Kaspersky Endpoint Security saves the following information in a Trace file:

  • Information about the anti-virus protection status of the Computer, as well as all detected objects and actions (including the name of the detected object, date and time of detection, the web address from which it was downloaded, the names and sizes of infected files and paths to them, the IP address of the attacking computer and the number of the Computer port targeted by the network attack, list of malware activity, and unwanted web addresses) and the decisions taken by the Software and the user on them
  • Information about applications downloaded by the user (web address, attributes, file size, and information about the process that downloaded the file)
  • Information about the applications launched and their modules (size, attributes, creation date, PE header details, region, name, location, and packers)
  • Information about interface errors and usage of the interface of the installed Kaspersky Lab Software
  • Information about network connections, including the IP address of the remote computer and the user's Computer, the numbers of ports through which the connection was established, and the network protocol of the connection
  • Information about network packets received and sent by the Computer over IT and telecom networks
  • Information about email and instant messages sent and received
  • Information about web addresses visited, including when the connection was established using an open protocol, data on the website access login and password, and the content of cookies
  • Server public certificate

Files (or their parts) that may be exploited by intruders to harm the Computer or data may be also sent to Kaspersky Lab to be examined additionally.

Kaspersky Lab protects any information thus received in accordance with law and applicable Kaspersky Lab rules.

Kaspersky Lab uses any received information in anonymized form and as general statistics only. Aggregate statistics are automatically generated from the source information received, and do not contain any personal or other confidential data. The original information received is destroyed as new information is accumulated (once a year). Aggregate statistics are stored indefinitely.

Participation in Kaspersky Security Network is voluntary. The decision to participate is made when you install Kaspersky Endpoint Security. However, you can change your decision later at any time.

Article ID: kes70562, Last review: Feb 8, 2022
Page top