Local data storage in Kaspersky Rescue Disk 18

Do you want to prevent infections? Install Kaspersky for Windows

After exiting Kaspersky Rescue Disk, the folder KRD2018_Data is saved on the hard drive (it is usually located in C:\KRD2018_Data). The user is personally responsible for ensuring the safety of the data collected, and in particular for monitoring and restricting access to the collected data stored on the computer. The folder KRD2018_Data contains the following data:

• Files that have been moved to Quarantine. The files are stored in an encrypted form with the name format krt*.klq and can be accessed by all users. Quarantined files are stored in the folder KRD2018_Data/Quarantine.
• Report files containing the results of scan tasks. The files are stored in an encrypted form with the name format report_<date>.klr.enc1 and can be accessed by all users. The files are stored in the folder KRD2018_Data/Report. Report files can contain the following user data:
  • Paths to files scanned using Kaspersky Rescue Tool.
  • Paths to registry keys edited by Kaspersky Rescue Tool.
  • Microsoft Windows username.
  • Website addresses detected as part of scanned objects (for example, web addresses specified as values for parameters in the system registry).
• Trace files created during the application’s operation. Files are stored in an encrypted form with the name format KRT.<date>.log.enc1 and can be accessed by all users. The files are stored in the root of the KRD2018_Data folder. Trace files can contain the following general data:
  • Event time
  • Number of the thread of execution
  • Application component that caused the event
  • Degree of event severity (informational event, warning, critical event, error)
  • A description of the event involving command execution by an application component and the result of its execution.
  In addition to general data, trace files can contain the following user data:
  • Personal data, including the user’s first, middle and last names, if this data is part of a path to files on the local computer.
  • Microsoft Windows account name, if the account name name is part of a file name.
  • Email address or web address with the account name and password if they are contained in the name of a detected object.
  • Addresses of web pages contained in detected objects (for example, web addresses specified as a key for a parameter in the system registry).
  • Remote IP addresses to which your computer established connections.
  • Proxy server address, computer name, port, IP address.
  • Username used to sign in to the proxy server. 
  This data is recorded in trace files if the application uses a proxy server.
• Files containing information about the computer’s hardware created as a result of selecting the Hardware Info command in the system menu. The files are stored in an unencrypted form and can be accessed by all users. The files are stored in the root of the KRD2018_Data folder and have name krd2018_hwinfo_*.tgz. 
• Anti-virus bases downloaded from Kaspersky Lab’s update servers. The files are stored in the KRD2018_Data/Bases folder and can be accessed by all users. The files are stored in the SRM format.
• Dump files created during the application’s operation. The files are stored in an encrypted form with the name format *.dmp.enc1 and can be accessed by all users. The files are stored in the root of the KRD2018_Data folder. The dump files contain information about the working memory of processes at the time of the process crash. 

The KRD2018_Data folder can be deleted. For instructions, see this article.