Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Data provision

Data of Kaspersky Endpoint Agent for Windows

Data received from the Central Node component

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Data received from the Central Node component

8 November 2023

ID 194532

Kaspersky Endpoint Agent saves the values of settings received from the Central Node component on the hard disk of the computer. Data is saved in open non-encrypted form in the folder C:\ProgramData\Kaspersky Lab\Endpoint Agent\protected\data.

By default, only users with System and Administrator permissions have read-access to files when Self-Defense is enabled. When Self-Defense is disabled, users with System and Administrator permissions can also delete the files, modify their contents, and modify the access rights to them. The Kaspersky Endpoint Agent application does not manage access permissions to this folder or any files in it. It is the system administrator who determines access permissions.

The data is deleted when Kaspersky Endpoint Agent is removed.

Data received from the Central Node component may contain the following information:

  • Data on network connections.
  • Data on the operating system that is installed on the server with the Central Node component.
  • Data on operating system user accounts.
  • Data on user sessions in the operating system.
  • Data on Windows event log.
  • About a RT_VERSION resource.
  • About the contents of a PE file.
  • About operating system services.
  • Certificate of the server with the Central Node component.
  • URL- and IP addresses of visited websites.
  • HTTP protocol headers.
  • Computer name.
  • MD5 hashes of files.
  • Unique ID of the computer with Kaspersky Endpoint Agent.
  • Names and values of Windows registry keys.
  • Paths to Windows registry keys.
  • Names of Windows registry variables.
  • Name of the local DNS cache entry.
  • Address from the local DNS cache entry in IPv4 format.
  • IP address or name of the requested host from the local DNS cache.
  • Host of the local DNS cache element.
  • Domain name of the local DNS cache element.
  • Address of the ARP cache element in IPv4 format.
  • Physical address of the ARP cache element.
  • Serial number of the logical drive.
  • Home folder of the local user.
  • Name of the user account that started the process.
  • Path to the script that is run when the user logs in to the system.
  • Name of the user account under which the event occurred.
  • Name of the computer where the event occurred.
  • Full paths to files on computers with Kaspersky Endpoint Agent.
  • Names of files on computers with Kaspersky Endpoint Agent.
  • Masks of files on computers with Kaspersky Endpoint Agent.
  • Full names of folders on computers with Kaspersky Endpoint Agent.
  • Comments of the file publisher.
  • Mask of the process file image.
  • Path to the process file image that opened the port.
  • Name of the process that opened the port.
  • Local IP address of the port.
  • Trusted public key of the digital signature of executable modules.
  • Process name.
  • Process segment name.
  • Command-line parameters.

See also

Data in alerts and events

Data contained in task completion reports

Data contained in an install log

Data on files that are blocked from starting

Data related to the performance of tasks

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.