Kaspersky Security Center

About data provision

14 April 2024

ID 175956

Data transferred to third parties

When using the mobile device management functionality of the Software, for the purpose of timely delivery of commands to devices running the Android operating system through the push notification mechanism the Google Firebase Cloud Messaging service is used. If the User has configured the usage of the Google Firebase Cloud Messaging service, the User accepts to provide the following information to the Google Firebase Cloud Messaging service in automatic mode: installation IDs of the Kaspersky Endpoint Security for Android applications to which push notifications must be sent.

To block exchange of information with the Google Firebase Cloud Messaging service, the User must roll back the usage settings of the Google Firebase Cloud Messaging service to their factory values.

When using the mobile device management functionality of the Software, for the purpose of timely delivery of commands to devices running the iOS operating system through the push notification mechanism the Apple Push Notification Service (APNs) is used. If the User has installed an APNs certificate on an iOS MDM Server, created an iOS MDM profile with a collection of settings for connection of iOS mobile devices to the Software, and installed this profile on mobile devices, the User agrees to provide the following information to APNs in automatic mode:

  • Token—Push token of the device. The server uses this token when sending push notifications to the device.
  • PushMagic—String that must be included in the push notification. The string value is generated by the device.

Data processed locally

Kaspersky Security Center is designed for centralized execution of basic administration and maintenance tasks on an organization's network. Kaspersky Security Center provides the administrator with access to detailed information about the organization's network security level; Kaspersky Security Center lets the administrator configure all the components of protection based on Kaspersky applications. Kaspersky Security Center performs the following main functions:

  • Detecting devices and their users on the organization's network
  • Creating a hierarchy of administration groups for device management
  • Installing Kaspersky applications on devices
  • Managing the settings and tasks of installed applications
  • Managing the updates for Kaspersky and third-party applications, and finding and fixing vulnerabilities
  • Activating Kaspersky applications on devices
  • Managing user accounts
  • Viewing information about the operation of Kaspersky applications on devices
  • Viewing reports

To perform its main functions Kaspersky Security Center can receive, store, and process the following information:

  • Information about the devices on the organization's network received as a result of device discovery on the Active Directory network or Windows network, or through scanning of IP intervals. Administration Server gets data independently or receives data from Network Agent.
  • Information about the Active Directory organizational units, domains, users, and groups received as a result of device discovery on the Active Directory network. Administration Server gets data independently or receives data from Network Agent.
  • Details of managed devices. Network Agent transfers the data listed below from the device to Administration Server. The User enters the display name and description of the device in the Administration Console interface or Kaspersky Security Center Web Console interface:
    • Technical specifications of the managed device and its components required for device identification: device display name and description, Windows domain name and type, device name in Windows environment, DNS domain and DNS name, IPv4 address, IPv6 address, network location, MAC address, operating system type, whether the device is a virtual machine together with hypervisor type, and whether the device is a dynamic virtual machine as part of VDI.
    • Other specifications of managed devices and their components required for audit of managed devices and for making decisions about whether specific patches and updates are applicable: Windows Update Agent (WUA) status, operating system architecture, operating system vendor, operating system build number, operating system release ID, operating system location folder, if the device is a virtual machine—the virtual machine type; the name of the virtual Administration Server that manages the device; cloud device data (cloud region, VPC, cloud availability zone, cloud subnet, cloud placement zone).
    • Details of actions on managed devices: date and time of the last update, time the device was last visible on the network, restart waiting status, and time the device was turned on.
    • Details of device user accounts and their work sessions.
  • Distribution point operation statistics if the device is a distribution point. Network Agent transfers data from the device to Administration Server.
  • Distribution point settings entered by the User in the Administration Console or Kaspersky Security Center Web Console.
  • Data necessary for the connection of mobile devices to the Administration Server: certificate, mobile connection port, Administration Server connection address. The User enters the data in the Administration Console or in Kaspersky Security Center Web Console.
  • Details of mobile devices transferred by using the Exchange ActiveSync protocol. The data listed below are transferred from the mobile device to Administration Server:
    • Technical specifications of the mobile device and its components required for device identification: device name, model, operating system name, IMEI number, and phone number.
    • Specifications of the mobile device and its components: device management status, support of SMS, permission to send SMS messages, support of FCM, support of user commands, operating system storage folder, and device name.
    • Details of actions on mobile devices: device location (through the Locate command), time of last synchronization, time of last connection to the Administration Server, and synchronization support details.
  • Details of mobile devices transferred by using the iOS MDM protocol. The data listed below are transferred from the mobile device to Administration Server:
    • Technical specifications of the mobile device and its components required for device identification: device name, model, operating system name and build number, device model number, IMEI number, UDID, MEID, serial number, amount of memory, modem firmware version, Bluetooth MAC address, Wi-Fi MAC address, and SIM card details (ICCID as part of the SIM card ID).
    • Details of the mobile network used by the managed device: mobile network type, name of the currently used mobile network, name of the home mobile network, version of the mobile network operator settings, voice roaming and data roaming status, country code of the home network, residence country code, country code of the currently used network, and encryption level.
    • Security settings of the mobile device: use of a password and its compliance with the policy settings, list of configuration profiles and provisioning profiles used for installation of third-party applications.
    • Date of last synchronization with Administration Server and device management status.
  • Details of Kaspersky applications installed on the device. The managed application transfers data from the device to Administration Server through Network Agent:
    • Settings of Kaspersky applications installed on the managed device: Kaspersky application name and version, status, real-time protection status, last device scan date and time, number of threats detected, number of objects that failed to be disinfected, availability and status of the application components, time of last update and version of anti-virus databases, details of Kaspersky application settings and tasks, information about the active and reserve license keys, application installation date and ID.
    • Application operation statistics: events related to the changes in the status of Kaspersky application components on the managed device and to the performance of tasks initiated by the application components.
    • Device status defined by the Kaspersky application.
    • Tags assigned by the Kaspersky application.
    • Set of installed and applicable updates for the Kaspersky application.
  • Data contained in events from Kaspersky Security Center components and Kaspersky managed applications. Network Agent transfers data from the device to Administration Server.
  • Data necessary for the integration of Kaspersky Security Center with a SIEM system for event export. The User enters the data in the Administration Console or in Kaspersky Security Center Web Console.
  • Settings of Kaspersky Security Center components and Kaspersky managed applications presented in policies and policy profiles. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Task settings of Kaspersky Security Center components and Kaspersky managed applications. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Data processed by the Vulnerability and patch management feature. Network Agent transfers the data listed below from the device to Administration Server:
    • Details of applications and patches installed on managed devices (Applications registry).
    • Information about the hardware detected on managed devices (Hardware registry).
    • Details of vulnerabilities in third-party software detected on managed devices.
    • Details of updates available for third-party applications installed on managed devices.
    • Details of Microsoft updates found by the WSUS feature.
    • List of Microsoft updates found by the WSUS feature that must be installed on the device.
  • Data required to download updates on isolated Administration Server to fix third-party software vulnerabilities on managed devices. The User enters and transmits data by using the Administration Server klscflag utility.
  • Data necessary for work of Kaspersky Security Center with the cloud environments (Amazon Web Services, Microsoft Azure, Google Cloud, Yandex Cloud). The User enters the data in the Administration Console or in Kaspersky Security Center Web Console.
  • User categories of applications. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Details of executable files detected on managed devices by the Application Control feature. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface. A complete list of data is provided in the Help files of the corresponding application.
  • Details of files placed in Backup. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • Details of files placed in Quarantine. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • Details of files requested by Kaspersky specialists for detailed analysis. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • Details of the status and triggering of Adaptive Anomaly Control rules. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • Details of external devices (memory units, information transfer tools, information hardcopy tools, and connection buses) installed or connected to the managed device and detected by the Device Control feature. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • Information about encrypted devices and the encryption status. The managed application transfers data from the device to Administration Server through Network Agent.
  • Details of data encryption errors on devices performed using the Data encryption feature of Kaspersky applications. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • List of managed programmable logic controllers (PLCs). The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • Data required for creation of a threat development chain. The managed application transfers data from the device to Administration Server through Network Agent. A complete list of data is provided in the Help files of the corresponding application.
  • Data required for Kaspersky Security Center integration with the Kaspersky Managed Detection and Response service (the dedicated plug-in must be installed for Kaspersky Security Center Web Console): integration initiation token, integration token, and user session token. The User enters the integration initiation token in the Kaspersky Security Center Web Console interface. The Kaspersky MDR service transfers the integration token and the user session token through the dedicated plug-in.
  • Details of the entered activation codes or specified key files. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • User accounts: name, description, full name, email address, main phone number, password, secret key generated by Administration Server, and one-time password for two-step verification. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Data that Identity and Access Manager needs for centralized authentication and for providing Single Sign-on (SSO) between Kaspersky applications integrated with Kaspersky Security Center: installation and configuration settings of Identity and Access Manager, Identity and Access Manager user session, Identity and Access Manager tokens, client application statuses and resource server statuses. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Revision history of management objects. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Registry of deleted management objects. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Installation packages created from the file, as well as installation settings. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Data required for the display of announcements from Kaspersky in Kaspersky Security Center Web Console. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Data required for the functioning of plug-ins of managed applications in Kaspersky Security Center Web Console and saved by the plug-ins in the Administration Server database during their routine operation. The description and ways of providing the data are provided in the Help files of the corresponding application.
  • Kaspersky Security Center Web Console user settings: localization language and theme of the interface, Monitoring panel display settings, information about the status of notifications (Already read / Not yet read), status of columns in spreadsheets (Show / Hide), Training mode progress. The User enters data in the Kaspersky Security Center Web Console interface.
  • Kaspersky Event Log for Kaspersky Security Center components and Kaspersky managed applications. Kaspersky Event Log is stored on each device and is never transferred to Administration Server.
  • Certificate for secure connection of managed devices to the Kaspersky Security Center components. The User enters data in the Administration Console or Kaspersky Security Center Web Console interface.
  • Data required for the Kaspersky Security Center operation in cloud environments, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Yandex.Cloud. Administration Server receives the data from the virtual machine on which it runs.
  • Information about the User's acceptance of the terms and conditions of legal agreements with Kaspersky.
  • The Administration Server data that the User enters in the following components:
    • Administration Console
    • Kaspersky Security Center Web Console
    • Command-line terminal when using the klscflag utility
    • Components interacting with the Administration Server via klakaut automation objects and Kaspersky Security Center OpenAPI
  • Any data that the User enters in the Administration Console or Kaspersky Security Center Web Console interface.

The data listed above can be present in Kaspersky Security Center if one of the following methods is applied:

  • The User enters data in the interface of the following components:
    • Administration Console
    • Kaspersky Security Center Web Console
    • Command-line terminal when using the klscflag utility
    • Components interacting with the Administration Server via klakaut automation objects and Kaspersky Security Center OpenAPI
  • Network Agent automatically receives data from the device and transfers it to Administration Server.
  • Network Agent receives data retrieved by the Kaspersky managed application and transfers it to Administration Server. The lists of data processed by Kaspersky managed applications are provided in the Help files for the corresponding applications.
  • Administration server gets information about networked devices independently or receives information from a Network Agent acting as a distribution point.
  • Data is transferred from the mobile device to Administration Server by using the Exchange ActiveSync or iOS MDM protocol.

The listed data is stored in the Administration Server database. User names and passwords are stored in encrypted form.

All data listed above can be transferred to Kaspersky only through dump files, trace files, or log files of Kaspersky Security Center components, including log files created by installers and utilities.

Dump files, trace files, and log files of Kaspersky Security Center components contain random data of Administration Server, Network Agent, Administration Console, iOS MDM Server, Exchange Mobile Device Server, and Kaspersky Security Center Web Console. These files can contain personal and sensitive data. Dump files, trace files, and log files are stored on the device in non-encrypted form. Dump files, trace files, and log files are not transferred to Kaspersky automatically; however, the administrator can transfer data to Kaspersky manually upon request by Technical Support to resolve issues in the Kaspersky Security Center operation.

Following the links in the Administration Console or Kaspersky Security Center Web Console, the User agrees to the automatic transfer of the following data:

  • Kaspersky Security Center code
  • Kaspersky Security Center version
  • Kaspersky Security Center localization
  • License ID
  • License type
  • Whether the license was purchased through a partner

The list of data provided via each link depends on the purpose and location of the link.

Kaspersky uses the received data in anonymized form and for general statistics only. Summary statistics are generated automatically from the originally received information and do not contain any personal or confidential data. As soon as new data is accumulated, the previous data is wiped (once a year). Summary statistics are stored indefinitely.

Kaspersky protects any information received in accordance with law and applicable Kaspersky rules. Data is transmitted over a secure channel.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.