Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Data provision

Data of Kaspersky Endpoint Agent for Linux

Data in Kaspersky Endpoint Agent for Linux requests to Kaspersky Anti Targeted Attack Platform

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Data in Kaspersky Endpoint Agent for Linux requests to Kaspersky Anti Targeted Attack Platform

8 November 2023

ID 247482

When integrated with the Central Node component, the following data is stored locally on the device with Kaspersky Endpoint Agent for Linux installed.

All data that is stored locally on the device, except for trace and dump files, is deleted from the device when the application is removed.

  1. In the synchronization requests:
    • Unique ID of Kaspersky Endpoint Agent for Linux.
    • Device name.
    • Local time on the device.
    • Name and version of the operating system that is installed on the device.
    • Version of Kaspersky Endpoint Agent for Linux.
    • Versions of application settings and task settings.
    • Task statuses in Kaspersky Endpoint Agent for Linux: identifiers of running tasks, execution statuses, execution error codes.
  2. Data on running processes:
    • Information about the executable file of the process. For the scope of data about the file, see below.
    • Process autorun settings.
    • Values of environment variables.
    • Process ID.
    • Parent process ID.
    • Logon session code.
    • Logon session name.
    • IDs of users and groups that started the process.
    • Date and time when the process started.
    • Information about stopped processes:
      • Process ID.
      • Date and time when the process was stopped.
    • Data on files:
      • Path to the file.
      • File name.
      • File size.
      • File attributes.
      • File creation date and time.
      • Date and time of the last modification of the file.
      • Names and unique IDs of the user and group that own the file.
      • Access rights of the file.
      • Unique identifier of the file.
    • Information about file modifications:
      • Unique identifier of the file.
      • Type of operation performed on the file (writing, reading, attribute modification, renaming, deletion).
    • Information about the logon session:
      • Date and time when the logon session began.
      • Type of the session.
      • Name of the user that initiated the session.
      • Type of the user that initiated the session.
      • Remote computer IP address.
    • Data about detections on the computer with Kaspersky Endpoint Agent for Linux.
      • Type of detected object.
      • Name of the object and full path to the object.
      • Name of the alert.
      • MD5 hash of the object.
      • URL from which the object was downloaded.
      • Remote computer IP address.
      • IP address of the local computer.
      • Alert processing result.

    Before it is sent, data is stored in the /var/opt/kaspersky/epagent/data/cache/queue directory in plain unencrypted form. By default, only users with root permissions have access to the files.

  3. Settings of tasks received by Kaspersky Endpoint Agent for Linux from the Central Node:
    • Task types.
    • Task schedule settings.
    • Names and passwords of the accounts under which the tasks can be run.
    • Versions of settings.
    • Paths to objects.
    • MD5 and SHA256 hashes of objects.
    • Command line to start the process together with the arguments.
    • Information about the individual task is stored on the device until Kaspersky Endpoint Agent receives a deletion request from the Central Node or until Kaspersky Endpoint Agent itself is removed from the device.

    Task data is stored in the /var/opt/kaspersky/epagent/tasks directory in plain unencrypted form. By default, only users with root permissions have access to the files.

  4. In the reports on task execution results sent by Kaspersky Endpoint Agent for Linux to the Central Node:
    • Task execution errors and return codes.
    • Task completion statuses.
    • Task completion time.
    • Versions of settings used for task execution.
    • Information about objects sent to the server (paths to objects, MD5 and SHA256 hashes of objects).
    • Files requested by the server.
    • Content of the process standard output.
    • Content of the process standard error stream.
    • Kaspersky Endpoint Agent for Linux sends task execution result reports to the Central Node.

    Task execution result data is stored in the /var/opt/kaspersky/epagent/tasks directory in plain unencrypted form. By default, only users with root permissions have access to the files.

    Information with the task execution report is deleted after the information is sent to the Central Node.

See also

Service data of Kaspersky Endpoint Agent for Linux

Data contained in Kaspersky Endpoint Agent for Linux trace files and dumps

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.