Monitoring the anti-virus protection status using information from the system registry
To monitor the anti-virus protection status on a client device using information logged by Network Agent, depending on the operating system of the device:
- On the devices running Windows:
- Open the system registry of the client device (for example, locally, using the regedit command in the Start → Run menu).
- Go to the following hive:
- For 32-bit systems:
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState
- For 64-bit systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState
The system registry displays information about the anti-virus protection status of the client device.
- For 32-bit systems:
- On the devices running Linux:
- Information is enclosed in separate text files, one for each type of data, located at /var/opt/kaspersky/klnagent/1103/1.0.0.0/Statistics/AVState/.
- On the devices running macOS:
- Information is enclosed in separate text files, one for each type of data, located at /Library/Application Support/Kaspersky Lab/klnagent/Data/1103/1.0.0.0/Statistics/AVState/.
The anti-virus protection status corresponds to the values of the keys described in the table below.
Registry keys and their possible values
Key (data type) | Value | Description |
---|---|---|
| DD-MM-YYYY HH-MM-SS | Date and time (in UTC format) of the last connection to the Administration Server |
| IP, DNS name, or NetBIOS name | Name of the Administration Server that manages the device |
| a.b.c.d | Build number of the Network Agent installed on the device |
| a.b.c.d (patch1; patch2; ...; patchN) | Full number of the Network Agent version (with patches) installed on the device |
| Device ID | ID of the device |
| 0 — no 1 — yes | The Network Agent is installed in the dynamic VDI mode |
| 0 — no 1 — yes | A security application is installed on the device |
| 0 — no 1 — yes | Real-time protection is enabled on the device |
| 0 — no 1 — yes | A real-time protection component is installed |
| Real-time protection status: | |
0 | Unknown | |
1 | Disabled | |
2 | Paused | |
3 | Starting | |
4 | Enabled | |
5 | Enabled with the high protection level (maximum protection) | |
6 | Enabled with the low protection level (maximum speed) | |
7 | Enabled with the default (recommended) settings | |
8 | Enabled with custom settings | |
9 | Operation failure | |
| DD-MM-YYYY HH-MM-SS | Date and time (in UTC format) of the last full scan |
| DD-MM-YYYY HH-MM-SS | Date and time (in UTC format) of the application databases release |