Kaspersky Endpoint Agent

Data in YARA Scan results

13 September 2022

ID 225774

Kaspersky Endpoint Agent automatically transfers YARA scan results to Kaspersky Anti Targeted Attack Platform to build a threat development chain.

The data is temporarily stored locally in the queue for sending task execution results to Kaspersky Anti Targeted Attack Platform server. After sending, the data is deleted.

YARA scan results contain the following data:

  • MD5 hash of the file
  • SHA256 hash of the file
  • Full name of the file
  • File path
  • File size
  • Process name
  • Process arguments
  • Path to the process file
  • Windows identifier (PID) of the process
  • Windows identifier (PID) of the parent process
  • User account that started the process
  • Date and time when the process was started

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.