Data on files that are blocked from starting
6 September 2024
ID 194537
Data on files that are blocked from starting is stored in open non-encrypted form in the folder C:\ProgramData\Kaspersky Lab\Endpoint Agent\protected\kata.
By default, only users with System and Administrator permissions have read-access to files when Self-Defense is enabled. When Self-Defense is disabled, users with System and Administrator permissions can also delete the files, modify their contents, and modify the access rights to them. The Kaspersky Endpoint Agent application does not manage access permissions to this folder or any files in it. It is the system administrator who determines access permissions.
Data on files that are blocked from starting may contain the following information:
- Full path to the blocked file.
- MD5 hash of the file.
- SHA256 hash of the file.
- Process start command.