Kaspersky Internet Security for Mac

About data provided (EU, UK, USA, Brazil)

14 February 2022

ID 171488

View information about the data provided to Kaspersky while using previous versions of the application

Kaspersky protects any information received in accordance with law and applicable Kaspersky rules. Data is transmitted over a secure channel.

End User License Agreement

The personal data provided under the End User License Agreement (License Agreement) is listed in the corresponding legal document. You can view the License Agreement by reading the license.txt document in the application installation folder.

Non-personal data provided for the purpose of providing you with the core functionality of the acquired Software:

  • Localization, rebranding code, application type, application version, application hotfix, OS version, reason for certificate invalidation, link name and target, region, OS type, list of content IDs read by user, hash of scanned object (MD5, SHA256), web resource domain, web server IP address, SHA1 hash of the certificate, certificate type, certificate content, detect name, database record revision, database record identifier, database record type.
  • KSN config identifier, result of the file's validation by KSN, product identifier in KSN.

Kaspersky Security Network Statement

Use of the KSN may increase the Software's speed of reaction to information and network security threats. It is achieved by:

  • Determining the reputation of scanned objects
  • Identifying information security threats that are new and challenging to detect, and their sources
  • Reducing the likelihood of false positives
  • Increasing the efficiency of Software components
  • Investigating of infection of a user's computer
  • Improving the performance of the Rightholder's Software
  • Receiving reference information about the number of objects with known reputation
  • Improving the quality of Rightholder's Software

Certain data which is processed under this Statement could be considered personal data according to laws of some countries. With Your consent, the following data will be automatically sent on a regular basis to the Rightholder under this Statement:

  • Information about the operating system (OS) installed on the Computer: versions of the operating system and installed updates, current and default OS language settings, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode, information about the last unsuccessful OS restart, the number of unsuccessful restarts.
  • Information about the Rightholder's installed Software and the anti-virus protection status: the full version of the Software, the unique Software identifiers on the Computer, the type identifier of the installed Software, information about updates.
  • Information about updates of the installed Software and anti-virus databases: the type of the update task, the completion status of the update task, the type of error that may occur during an update, the number of unsuccessful updates, the identifier of the Software component that performs updates, and the database version and date of creation.
  • Information about all detected objects (including silent detect) and actions: the name of the detected object, the date and time of the detection, the URL and Referrer from which it was downloaded, the names and size of the detected files and their paths, the date and time of file creation, the file's entropy, the file's type, the file type code, identifier and format, the URL from which the object was downloaded, the object's checksum (MD5), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate), number of starts of the object since statistics were last sent, ID of the Software scanning task, technical parameters of the applicable detection technologies.

    For executable files: sign of sending service information, reputation verification flag or file signature flag, name, type, ID, type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, a sign of the Autorun list, date of entry, the list of attributes, name of the Packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format. If the file was packed: the name of the packer, size of the packer, size of the archived object.

  • If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Rightholder's classification, the checksum (MD5, SHA2-256, SHA1) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the identifier of the type of traffic on which the threat was detected, the vulnerability identifier and its threat level, the URL of the web page where the vulnerability was detected, the intermediate results of object analysis, and the flag for the silent detection of the object.
  • Information about scanned objects: file type, file checksums (MD5, SHA256, SHA2), file size, file image size, PE-file header subsystem, PE-file header characteristics, number of sections, bit mask from DataDirectory, overlay size, number of found strings, number of found non random strings, vector of DataDirectory objects sorted by RVA, vector of DataDirectory objects sorted by section numbers, cosine hash of the received data, minwise hash of the received data, identifier indicating whether the data sent in force mode, scan type, emulation depth, emulation version, compiler version, object hash, file entropy, frequency of 0s, frequency of numbers, 4-byte DWT vector, virtual section size, real section size.
  • Information about the running applications and their modules: checksums (MD5, SHA256) of running files, size, attributes, creation date, and PE-file header information, names of packers (if the file was packed), code of the account under which the process has been started, command line parameters used to start the process, names of files and their modules, the checksums of the files (SHA256), running of the executable file, the identifier conditions for the formation of statistics based on the information provided, an identifier of the existence and validity of the data provided in the statistics.
  • Information about application and command that started the process running on the system: process ID (PID), process name, information about the account the process was started from, the full path to the process's files, and the starting command line, an indication whether the process's file has autorun status, a description of the product that the process belongs to: the name of the product and information about the publisher, as well as digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature, and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), IP addresses (IPv4 or IPv6) of visited websites, the domain name, the method for determining the domain name, the sign indicating the domain name has entered the list, the name of the file of the process that opened the website, the size and checksums (MD5, SHA2-256) of the process's file, the path to the process's file and the template code of the file path, the result of the file's certificate validation, the User Agent string, the storage duration of this information prior to being sent to KSN, the result of the file's validation by KSN.
  • Information about network attacks: the IP address of the attacking computer and the port number at which the network attack is directed on the User's Computer, the identifier of the protocol used to carry out the attack, the name and type of attack, and information about the record in the anti-virus database.
  • The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier and weight of the rule used to reach scanning results, the objective of the attack.
  • Information about changes made by the User in the list of websites protected by the Safe Money component: the URL of the website, a flag indicating that a website has been added, modified or deleted, information about whether the website was added in the Software window or via a browser, URL from which the User opened the website (if the website was added from a browser), information about whether the User chose to remember the change for the website (if the website was added from the browser), information about the mode in which Safe Money runs for the website.
  • Information about the use of Kaspersky Security Network (KSN): KSN identifier, software identifier, full version of the application, depersonalized IP address of the user's device, indicators of the quality of fulfillment of KSN requests, indicators of the quality of the processing of KSN packets, indicators of the number of KSN requests and information about the types of KSN requests, date and time when statistics started being sent, date and time when statistics stopped being sent, KSN protocol version.
  • Information about the Website tracking blocking component: the Referrer from the http tracking request, the name of the service or organization which provides tracking services, the category of the tracking service in accordance with the Rightholder's categorization, ID and the version of the browser, which opened the URL.
  • If a potentially malicious object is detected, information is provided about data in the processes' memory, data in EFI memory.
  • Information about events in the systems logs: the event's timestamp, the name of the log in which the event was found, type and category of the event, name of the event's source and the event's description.
  • Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process's file and its digital signature, local and remote IP addresses, numbers of local and remote connection ports, connection state, timestamp of the port's opening.
  • Information about the software installed on the Computer: the name of the software and the name of its publisher, information about software components files: checksums (MD5, SHA2-256, SHA1), name of a file, its path on the computer, size, version and digital signature.
  • Information about hardware installed on the Computer: type, name, model name, firmware version, parameters of built-in and connected devices.
  • Information about the wireless network connection being used by the Computer: the name of the wireless network, the checksum (MD5 and SHA256) of the MAC address of the access point, information about the wireless network's security and signal quality, flag indicating whether the Computer is running on battery power or a stationary power supply, DNS flag, the type of the Computer, information about wireless network type and security; the unique identifiers, made using a unique identifier of the Computer, unique identifier of the Software installation; information about the available wireless networks; flag for use of the VPN connection, the category of the wireless network specified in the Software, DHCP settings, the checksum (SHA256) of the IP address (IPv4 and IPv6) of the Computer, the domain name and the checksum (SHA256) of the path from the URL address of the captive portal; WPS settings of the access points: the checksums of the name and serial number of the wireless device, the number and name of the wireless device model, the name of its manufacturer; local time at the start and end of the wireless connection session, the list of available wireless access points and their parameter; hash(MachineID+PCID+BSSID), hash(MachineID+PCID+SSID), hash(MachineID+PCID+SSID+BSSID).
  • Information about the operation of the Parental Control component: component version, categorization reason, additional information about categorization reason, categorized URL, host IP address of blocked/categorized object.

The Kaspersky Security Network service may process and submit whole files, for example, objects detected through malicious links which might be used by criminals to harm your computer and/or their parts, to Kaspersky for additional examination.

Also, in order to achieve the declared purpose of increasing the effectiveness of protection provided by the Software, the Rightholder may receive objects that could be exploited by intruders to harm the Computer and create information security threats. Such objects are:

  • Executable or non-executable files or parts thereof
  • Computer's RAM areas
  • Sectors involved in the OS boot process
  • Network traffic data packages
  • Web pages and emails containing suspicious or malicious objects
  • Description of classes and class instances for the WMI storage
  • Application activity reports

Such application activity reports contain the following information about the files and processes:

  • Name, size, and version of the file being sent, it's description and checksums (MD5, SHA2-256, SHA1), format ID, its manufacturer's name, the name of the application the file belongs to, the fully qualified path to the file on the Computer and the path template code, date and time of file creation and update
  • Certificate validity start and end dates and times if the file being sent has a digital signature, date and time when the certificate was signed, name of the certificate issuer, information about the certificate holder, impression and public key of the certificate and algorithms used to calculate them, certificate serial number
  • Name of the account that had run the process
  • Checksums (MD5, SHA2-256, SHA1) for the name of the Computer that is running the process
  • Process' windows headers
  • ID for the anti-virus databases, name of the identified threat according to the Rightholder's classification
  • Information about the license used for the application, license ID, it's type and expiry date
  • Computer's local time at the moment the information was provided
  • The names and paths of the files that were accessed by the process
  • URL- and IP addresses that were accessed by the process
  • URL- and IP addresses from which the running file was downloaded

Files (or their parts) that may be exploited by intruders to harm the computer or data may be also sent to Kaspersky to be examined additionally.

Read the Kaspersky Security Network Statement and revoke your acceptance

Statement regarding data processing for marketing purposes ("Marketing Statement")

The Rightholder processes data for marketing purposes in accordance with this Marketing Statement in order:

  • To improve the quality, appearance, and performance of the Rightholder's Software, products, services, and infrastructure by analyzing users' experience, interactions, and level of satisfaction with the Software.
  • To offer You security solutions that best match Your needs.
  • To provide You with the relevant content and advertisement.
  • To create categories of groups of users based on certain parameters in order to provide relevant information to these groups about maintaining security level, marketing offers, and promotional materials.

Certain data which is processed under this Marketing Statement could be considered personal data according to laws of some countries. With Your consent, the following data will be automatically sent on a regular basis to the Rightholder under this Marketing Statement:

  • Information about the application: full version and ID of the full version of the application, type and type ID of the application, ID of the license key seller, application hotfix, application locale ID, locale script ID, region ID, rebranding code, flag indicating whether the User participates in Kaspersky Security Network, application ID, build ID, ID of the license agreement, version of the license agreement, flag indicating whether the license agreement was accepted, time of the change of the license agreement acceptance status, installation date, rebranding code, installation type, installation error, customization ID, trial period reset state, state of connection to My Kaspersky, My Kaspersky user ID.
  • Information about the User's device: ID of the User's device, hash of the identifier of the User's Computer, date and time on the User's Computer, information about the Windows partition on the User's Computer.
  • Information about the license: license type, license term, number of days before license expiration, license ticket sequence ID, license status, license ID, license activation date, license expiration date, order number, ID of the price-list position, partner name, partner order number, partner country, additional license information, customer name, subscription state, subscription state reason, subscription type, subscription expiration date, ID of the subscription provider's schema, additional information about the subscription provider.
  • Information about the operating system: type of the OS, full version of the OS, version of the OS service pack, edition of the OS, architecture (bit version) of the OS, current OS language settings, OS product type.
  • Information about the use of the application user interface: information about the opening of the interface's windows (identifiers and names of windows and used control elements) and switching between windows, information that determines the reason for opening a window, the date and time the interface was started and the stages of interface's startup, the time and type of the User's interaction with the interface, information about changes to settings and application parameters (the name of the setting or parameter, and the old and new values), the ID of the application in interactive mode.
  • Information about User opinion about the Software: software rating value, Software localization, Software region, day of survey, User comment.
  • Information about the content delivered by the application: content ID, list of content IDs, ID of the pressed button, action from the pressed button, event area type.
  • Status of the User's acceptance of the terms of the agreement, type of agreement, version of the agreement, agreement acceptance state.
  • ID of the website from which the User uploaded the Software executable.
  • My Kaspersky user identifier.

Read the Marketing Statement and disable sending data

Statement regarding data processing for Web Control ("Statement")

With the help of the Web Control component, You can limit time spent on the Internet, restrict access to websites of certain categories, and restrict social network correspondences and messaging. The Rightholder processes data to ensure the operation of the Web Control component in accordance with this Statement.

The following data will be automatically sent on a regular basis to the Rightholder under this Statement:

  • URL used for information request
  • Protocol type
  • Parent URL (from which the URL was received)
  • Port number

If you don't want Kaspersky to receive this data, you can revoke your acceptance of the Statement by turning off Web Control.

Turn off Web Control

Statement regarding data processing for purpose of using Web-Portal (Web-Portal Statement)

The Web-Portal helps You remotely manage Your acquired licenses and the protection of your Computer. During Your use of this functionality, the Rightholder receives from Your Computer and processes information about the Software, the acquired license, information about the Computer in accordance with this Statement.

The following data will be automatically sent on a regular basis to the Rightholder under this Statement:

  • User email address
  • User password
  • Authorization parameters
  • Authorization context
  • CAPTCHA identifier
  • CAPTCHA type
  • User's reply to CAPTCHA
  • Application localization and localization of third-party software
  • One-time password for two-step verification
  • Unique user identifier on My Kaspersky
  • User account identifier on My Kaspersky
  • Region
  • Flag indicating whether the user agrees to provide his/her email address to receive personalized marketing offers
  • One-time password to register the device on My Kaspersky
  • One-time password to automatically connect the application downloaded from My Kaspersky
  • Version of the protocol used
  • XMPP message identifier
  • Current time and its difference from UTC
  • General information about the user's device: unique device identifier, unique device identifier on My Kaspersky, temporary device identifier on My Kaspersky, device's network name, device type, operating system type, version of the operating system and installed service packs, device type image, name of the computer on the network (the domain name), hash sum of the device MAC address and user identifier on My Kaspersky, technology used to determine the device parameters, version of device enumeration engine, device name, name and value of device parameters, vendor of the device
  • General information about licenses used in the application: license identifier, activation code, license type, current license status, service information about license, activation errors, current license expiration date and time, license header, information about additional licenses added
  • Operating system regional settings: information about the time zone, default keyboard layout, locale
  • Device token type
  • Service ID
  • Unique ID of user-device binding on My Kaspersky
  • Reason of disconnecting from My Kaspersky
  • Data to receive an authentication token for the session
  • Partner's rebranding code
  • My Kaspersky account identifier
  • Information about the application: application ID, unique ID of the application installation on the computer, full version of the application, application ID on My Kaspersky, application type, version of the application status, aggregated application status, application operating mode, license status, application protection level, protection components status, scan status, database status, database update status, versions of the used anti-virus databases and the time of their last update, list of detected security problems, list of recommendations and available actions

If you don't want Kaspersky to receive this data, you can revoke your acceptance of the Web-Portal Statement by signing out of My Kaspersky.

Sign out of My Kaspersky

If you don't want Kaspersky to process this data, you need to delete your My Kaspersky account. For more information about deleting a My Kaspersky account, see the My Kaspersky help.

Information provision

You agree to submit the following information for the purpose of application identification during database and module updates:

  • Software ID (AppID)
  • Active license ID
  • Unique Software installation ID (InstallationID)
  • Unique Update task launch ID (SessionID)
  • Version of Software (BuildInfo)
  • Information about updating the Updater component: unsuccessful update tasks, the number of failed starts after the upgrade, the version of the component, the error code, the ID of the type of update task, the status code of the software after the update, the date and time the statistics is sent

The application also processes and stores the following personal data displayed in the application interface:

  • Email address used to connect to My Kaspersky
  • Website addresses that were added to the exclusions (displayed in the Web Anti-Virus, Website tracking, Safe Money preferences, and in the Reports window)
  • License data

This data is stored locally in a non-modified form and can be viewed under any user account on the computer.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.