Kaspersky Security Cloud for Mac

About data provided (other regions)

14 February 2022

ID 70562

View information about the data provided to Kaspersky while using previous versions of the application

Kaspersky protects any information received in accordance with law and applicable Kaspersky rules. Data is transmitted over a secure channel.

End User License Agreement

You agree to automatically provide the information indicated below via the software installed by you, copyrighted to AO Kaspersky Lab (hereinafter Kaspersky, the Rightholder), to Kaspersky for the following purposes:

  • Software activation and verification of the legality of Software use.

    The Rightholder has to verify that the license You will use is legal during activation and use of the Software. To do so the Rightholder has to process and receive the following information about the Software, the license You have acquired, and the Computer where You will install the Software, specifically:

    Type, version and localization of the installed Software, versions of installed updates, identifier of the Computer and identifier of the Software installation on the Computer, activation code and unique identifier of activation of the current license; type, version and word size of the operating system; name of the virtual environment if the Software is installed in a virtual environment, identifiers of the Software components that are active at the time the information is provided, content type, IP address of the server, content length, protocol version, user ID, My Kaspersky infrastructure signature, application ID, global product identifier, current local date and time on the User's computer, current activation code, operating system name and version, application service ID, platform of the User's device, unique device ID on My Kaspersky, information about agreements proposed to the user, type of the agreement, version of the agreement text, flag that indicates if the User agrees with the agreement text, type of compression for the license ticket data, type of signature on the ticket, content of the license ticket header, Regional Activation Center identifier, activation code hash calculated using the SHA1 algorithm, ticket body hash calculated using the SHA1 algorithm, license ticket creation date and time, internal license information identifier, current license ticket identifier, license ticket sequence ID, date from which the license ticket is valid, date to which the license ticket is valid, current license ticket state, license version, license ticket version, application IDs of products compatible with the current application, application localization ID, application customization ID, system and application parameters, options for ticket packaging, My Kaspersky service token, My Kaspersky user ID, My Kaspersky account type, signature, supported types of applications, previous activation code, activation date and time, My Kaspersky service ID.

  • Management of Computer protection and acquired licenses via the My Kaspersky website.

    The My Kaspersky website helps You remotely manage Your acquired licenses and the protection of your Computer. This functionality requires that the Rightholder receive from Your Computer and process information about the Software, the acquired license, information about the Computer:

    • User email address.
    • User password.
    • Authorization parameters.
    • Authorization context.
    • CAPTCHA identifier.
    • CAPTCHA type.
    • User's reply to CAPTCHA.
    • Application localization and localization of third-party software.
    • One-time password for two-step verification.
    • Unique user identifier on My Kaspersky.
    • User account identifier on My Kaspersky.
    • Region.
    • Flag indicating whether the user agrees to provide his/her email address to receive personalized marketing offers.
    • One-time password to register the device on My Kaspersky.
    • One-time password to automatically connect the application downloaded from My Kaspersky.
    • Version of the protocol used.
    • XMPP message identifier.
    • Current time and its difference from UTC.
    • General information about the user's device: unique device identifier, unique device identifier on My Kaspersky, temporary device identifier on My Kaspersky, device's network name, device type, operating system type, version of the operating system and installed service packs, device type image, name of the computer on the network (the domain name), hash sum of the device MAC address and user identifier on My Kaspersky, technology used to determine the device parameters, version of device enumeration engine, device name, name and value of device parameters, vendor of the device.
    • General information about licenses used in the application: license identifier, activation code, license type, current license status, service information about license, activation errors, current license expiration date and time, license header, information about additional licenses added.
    • Operating system regional settings: information about the time zone, default keyboard layout, locale.
    • Device token type.
    • Service ID.
    • Unique ID of user-device binding on My Kaspersky.
    • Reason of disconnecting from My Kaspersky.
    • Data to receive an authentication token for the session.
    • Partner's rebranding code.
    • My Kaspersky account identifier.
    • Information about the application: application ID, unique ID of the application installation on the computer, full version of the application, application ID on My Kaspersky, application type, version of the application status, aggregated application status, application operating mode, license status, application protection level, protection components status, scan status, database status, database update status, versions of the used anti-virus databases and the time of their last update, list of detected security problems, list of recommendations and available actions.
    • Information about detecting the operating system's weak security settings, the User's choice regarding weak security settings, mode of launching the task for searching for weak security settings, result of the task for searching for weak security settings, number of weak security settings detected, flag indicating whether the detected weak security settings can be remotely fixed, processed weak security settings detected, grouping of the security settings by importance level, identifier indicating whether the Computer is used by a child.
    • List of detected security problems, list of recommendations and their versions, available actions, full version of the application, protocol version, aggregated protection status, protection components status, scan tasks status, update tasks status, list of problems detected on User's device, protection level, status of databases and update process.
    • Information about weak security settings: notification type, severity, Knowledge Base link, processing state, quantity, possibility to be fixed, detection rule identifier.
  • Providing You with the core functionality of the acquired Software.

    The core functionality of the Software as described in the User Manual is to protect the User from known threats to information security. To provide this core functionality, while You are using the Software the Rightholder has to receive from Your device and process information about the installed Software, the acquired license, the scanned objects, detected threats and infections on the Computer, information about the Computer and devices connected thereto, the Computer's activity on the Internet:

    • Information about visited websites: the website's addresses, initial domain parts of web addresses that the User entered in the browser address bar or accessed from a search engine.
    • The row with information about linking the activation code with the User: the unique User identifier on My Kaspersky, the Software activation code, the license ownership type (owner/not owner), the KPC Infra signature.
    • Information indicating the interface element from which the User decided to purchase the Software.
    • Information about licensing: software activation code, date and time of Software activation, number of days that have elapsed since Software activation, number of days left before license expiration, number of days that have elapsed since license expiration, type of installed license, license activation date, license expiration date, license key serial number, license status ID, license ID, license ticket sequence ID, current license status, current subscription status, validity period of the installed license, subscription state reason, subscription expiration date, ID of the subscription provider's data schema, order number under which the license was purchased, ID of the price-list position for which the license was issued, license term, additional license info, customer name, number of devices for which the license is valid, type of the license user, part of software activation key, license identifier, ticket sequence identifier, license activation ID.
    • Information about the partner: identifier of the partner who sold the license, country in which the partner who sold the license is located, partner's order number under which the license was sold, full name of the partner for whom the order for the license was issued.
    • Data about the license for identifying a group of Users by additional properties of the subscription.
    • Data about the license for identifying a group of Users of the company that purchased the license by the information comment in the license properties.
    • Information about the Software: version of the installed Software, build number of the Software without auto patches, ISO 15924 code for the Software's locale, software version patch, software installation date and time, the Software's ISO 639-1 language code, unique software installation identifier, type of installed Software, the ISO 3166-1 Alpha-2 country code, software locale, software region, software rebranding identifier, application ID, customization ID, rebranding code, trial version reset state, My Kaspersky connection state, My Kaspersky User ID, ID of the Software update start, databases update request URL, application component that initiated request to reputation service and request scenario, third-party software identifiers (offered during the application installation, selected by user, installed), information about installation errors, installation time, installation process modification flags.
    • User's device ID.
    • Information about operating system: bitness of the operating system (for example, 32-bit or 64-bit), operating system family (for example, Windows or Mac), operating system type, operating system version, operating system service pack.
    • Status of the User's acceptance of the terms of the agreement: type of the agreement, version of the agreement, agreement acceptance state, date of the statement modification.
    • State of KSN usage, queued message timeout.
    • Value of the application rating specified by User, number of days since installation when the rating request has appeared, User‘s comment.
    • Identifier of the link location in the application UI, link name, link type.
    • Web address, used for information request, protocol type, parent web address (from which the web address was received), port number.
    • Information on the Computer's connection to the wireless network: the name of the wireless network (SSID), the wireless network authentication type, the wireless network encoding type, the checksum (MD5 and SHA256) and name of the access point MAC address; the unique identifiers compiled using a unique Computer identifier, the unique Computer installation identifier; the security level of the wireless network, the wireless network category, the attribute for the DNS name; the DHCP data of connection settings to the network: the checksum (SHA256) of the IP address (IPv4 and IPv6) of the DNS servers, the checksum (SHA256) of the local IP address (IPv4 and IPv6), the checksum (SHA256) of the local IP address (IPv4 and IPv6) of the gate, the checksum (SHA256) of the subnet mask and network prefix length, list of available networks.
    • Information about the Wi-Fi network: Wi-Fi network ID (router MAC address hash), Wi-Fi network type, device ID (device MAC address hash+User identifier on My Kaspersky (hash (MAC+User identifier on My Kaspersky)), device status.
    • Unique ID of the content delivered by the application and read by the User, protocol version, button ID, button action type, event place type.
    • Information about the number of launches of installed products: hash of the launched products (MD5), format of the launched files.
    • Localization, rebranding code, application type, application version, application hotfix, OS version, reason for certificate invalidation, link name and target, region, OS type, list of content IDs read by user, SHA1 hash of User login, first 5 bytes of the device MAC address detected in the monitored home Wi-Fi network, hash of scanned object (MD5, SHA256), web resource domain, web server IP address, SHA1 hash of the certificate, certificate type, certificate content, detect name, database record revision, database record identifier, database record type.
    • Unique identifier of the website user which downloaded distribution package from the website.

The information received will be protected by the Rightholder in accordance with established legal requirements and is required to ensure the operation of the software licensed by you.

Kaspersky may use the statistical data obtained, generated based on the information received, to monitor trends in the field of computer security threats and to publish the corresponding reports.

Kaspersky Security Network Statement

In order to increase the Software's speed of reaction to information and network security threats, the User agrees to provide the following information:

  • Information about the operating system (OS) installed on the computer and installed updates.
  • Information about the Rightholder's installed software and the anti-virus protection status: the version of the Software, the unique software identifiers on the computer, information about updates.
  • Information about all scanned objects and actions: name of the scanned object, date and time of the scan, URL and Referrer from which it was downloaded, names and size of scanned files and paths to them, archive flag, date and time of file creation, name of the packer (if the file was packed), file entropy, file type, file type code, identifier and format, URL from which the object was downloaded, object checksums (MD5, SHA256, SHA2), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate), number of starts of the object since the last statistics were sent, task identifier of the software that performed the scan, file image size, PE-file header subsystem, PE-file header characteristics, number of sections, bit mask from DataDirectory, overlay size, number of found strings, number of found non random strings, vector of DataDirectory objects sorted by RVA, vector of DataDirectory objects sorted by section numbers, cosine hash from the received data, minwise hash from the received data, identifier indicating whether the data sent in force mode, scan type, emulation depth, emulation version, compiler version, object hash, file entropy, frequency of 0s, frequency of numbers, 4-byte DWT vector, virtual section size, real section size, technical parameters of the applicable detection technologies.

    For executable files: sign of sending service information, reputation verification flag or file signature flag, name, type, ID, type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, a sign of the Autorun list, date of entry, the list of attributes, name of the Packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format.

  • Information about the running applications and their modules: checksums (MD5, SHA256) of running files, size, attributes, creation date, and PE-file header information, names of packers (if the file was packed), code of the account under which the process has been started, command line parameters used to start the process, names of files and their modules, the checksums of the files (SHA256), running of the executable file, the identifier conditions for the formation of statistics based on the information provided, an identifier of the existence and validity of the data provided in the statistics.
  • Information about processes running on the system: process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process's files, and the starting command line, an indication whether the process's file has autorun status, a description of the product that the process belongs to: the name of the product and information about the publisher, as well as digital certificates being used and information needed to verify their authenticity or information about the absence of a file's digital signature, and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), IP addresses (IPv4 or IPv6) of visited websites, the domain name, the method for determining the domain name, the sign indicating the domain name has entered the list, the name of the file of the process that opened the website, the size and checksums (MD5, SHA2-256) of the process's file, the path to the process's file and the template code of the file path, the result of the file's certificate validation, the User Agent string, the storage duration of this information prior to being sent to KSN, the result of the file's validation by KSN.
  • If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Rightholder's classification, the checksum (MD5, SHA2-256, SHA1) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the identifier of the type of traffic on which the threat was detected, the vulnerability identifier and its threat level, the URL of the web page where the vulnerability was detected, the intermediate results of object analysis, and the flag for the silent detection of the object.
  • Information about network attacks: the IP address of the attacking computer and the port number at which the network attack is directed on the User's Computer, the identifier of the protocol used to carry out the attack, the name and type of attack, and information about the record in the anti-virus database.
  • The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier and weight of the rule used to reach scanning results, the objective of the attack.
  • Information about changes made by the User in the list of websites protected by the Safe Money component: the URL of the website, a flag indicating that a website has been added, modified or deleted, information about whether the website was added in the Software window or via a browser, URL from which the User opened the website (if the website was added from a browser), information about whether the User chose to remember the change for the website (if the website was added from the browser), information about the mode in which Safe Money runs for the website.
  • Aggregated data from the results of scanning using the local and cloud KSN databases: the number of unique unknown objects, the number of unique trusted objects, the number unique untrusted objects; the total number of "unknown object", "trusted object" and "untrusted objects" statuses, the number of objects trusted based on validation of a certificate, designated as trusted based on a trusted URL, recognized as trusted based on the transfer of trust from a trusted process; the number of unknown objects for which no decision regarding trust has been made, the number of objects that the user has designated as trusted.
  • Information about the use of Kaspersky Security Network (KSN): KSN identifier, software identifier, full version of the application, depersonalized IP address of the user's device, indicators of the quality of fulfillment of KSN requests, indicators of the quality of the processing of KSN packets, indicators of the number of KSN requests and information about the types of KSN requests, date and time when statistics started being sent, date and time when statistics stopped being sent, KSN protocol version.
  • Information about the Private Browsing component: the Referrer from the http tracking request, the name of the service or organization which provides tracking services, the category of the tracking service in accordance with the Rightholder's categorization, ID and the version of the browser, which opened the URL.
  • If a potentially malicious object is detected, information is provided about data in the processes' memory, elements of the system object hierarchy (ObjectManager), data in UEFI BIOS memory, names of registry keys and their values.
  • Information about events in the systems logs: the event's timestamp, the name of the log in which the event was found, type and category of the event, name of the event's source and the event's description.
  • Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process's file and its digital signature, local and remote IP addresses, numbers of local and remote connection ports, connection state, timestamp of the port's opening.
  • Information about the wireless network connection being used by the computer: the name of the wireless network, the checksum (MD5 and SHA256) of the MAC address of the access point, flag indicating whether the computer is running on battery power or a stationary power supply, DNS flag, the type of the computer, information about wireless network type and security; the unique identifiers, made using a unique identifier of the computer, unique identifier of the software installation, name of the wireless network and MAC address of the access point; information about the available wireless networks: the name of the wireless network, the MAC address of the access point, information about the wireless network's security and signal quality; flag for use of the VPN connection, the category of the wireless network specified in the software, DHCP settings, the checksum (SHA256) of the IP address (IPv4 and IPv6) of the computer, the domain name and the checksum (SHA256) of the path from the URL address of the captive portal; WPS settings of the access points: the checksums of the name and serial number of the wireless device, the number and name of the wireless device model, the name of its manufacturer; local time at the start and end of the wireless connection session, the list of available wireless access points and their parameters, the monitoring mode of devices connection to the home wireless network.

The Kaspersky Security Network service may process and submit whole files, for example, objects detected through malicious links which might be used by criminals to harm your computer and/or their parts, to Kaspersky for additional examination.

Additionally, to prevent incidents and investigate those that do occur, trusted executable and non-executable files, application activity reports, portions of the computer's RAM, and the operating system's boot sector may be sent, as well as the following information about files and processes:

  • The names and paths of the files that were accessed by the process.
  • Names of registry keys and their values that were accessed by the process.
  • URL- and IP addresses that were accessed by the process.
  • URL- and IP addresses from which the running file was downloaded.

To improve the quality of Kaspersky products, the User agrees to provide Kaspersky with the following information:

  • Information about the use of the product's user interface: information about the opening of the interface's windows (identifiers and names of windows and used control elements) and switching between windows, information that determines the reason for opening a window, the date and time the interface was started and the stages of interface's startup, the time and type of the user's interaction with the interface, information about changes to settings and product parameters (the name of the setting or parameter, and the old and new values).
  • The ID of the application in interactive mode.
  • Information about updates of the installed Software and anti-virus databases: the IP address (IPv4 or IPv6) of the update source being used, the type of the update task, the number and total size of files downloaded during an update, the average download speed for the update files, the average speed for network operations during the update, the completion status of the update task, the type of an error that may occur during an update, the number of unsuccessful updates, the identifier of the product component that performs updates, and the database version and date of creation, the value of the target filter.
  • Information about the versions of the operating system (OS major version, OS minor version, OS build, OS service pack) and installed updates, current and default OS language settings, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode, OS edition, OS properties, OS processor type.
  • Information about the software installed on the computer: the name of the software and the name of its publisher, information about registry keys and their values, information about software components files: checksums (MD5, SHA2-256, SHA1), name of a file, its path on the computer, size, version and digital signature.
  • Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
  • Information about the last unsuccessful OS restart: the number of unsuccessful restarts.
  • Information about use of the Adaptive Security scenarios: the identifier of the Software or User action when the password entry is detected; the identifier of the OS setting, which reduces the level of computer protection, the identifier of the Software or User action upon discovery of such a setting, the type of the actor that changed the OS setting, the type of scan operation during which the OS setting was detected, the result of the scan; the checksum (SHA256) based on the unique Software installation ID and the statistics ID, as well as the identifiers indicating use of the Computer by a child.
  • Information about devices connected to the wireless network: the MAC address of the device, the type, the number of characters in the title, the type of installed OS, the manufacturer name, and data from the DHCP packet received from the device.

When participating in KSN, the User agrees to provide the following information for all purposes mentioned above:

  • The unique software installation identifier.
  • The full version of the installed software.
  • The type identifier of the installed software.
  • The unique identifier of the computer with the installed software.

Kaspersky protects the information received in accordance with applicable governing law and Kaspersky rules. Data is transmitted over a secure channel.

Files (or their parts) that may be exploited by intruders to harm the computer or data may be also sent to Kaspersky to be examined additionally.

Read the Kaspersky Security Network Statement and revoke your acceptance

You agree to submit the following information for the purpose of application identification during database and module updates:

  • Software ID (AppID)
  • Active license ID
  • Unique Software installation ID (InstallationID)
  • Unique Update task launch ID (SessionID)
  • Version of Software (BuildInfo)
  • Information about updating the Updater component: unsuccessful update tasks, the number of failed starts after the upgrade, the version of the component, the error code, the ID of the type of update task, the status code of the software after the update, the date and time the statistics is sent

The application also processes and stores the following personal data displayed in the application interface:

  • Email address used to connect to My Kaspersky
  • Website addresses that were added to the exclusions (displayed in the Web Anti-Virus, Website tracking, Safe Money preferences, and in the Reports window)
  • License data
  • Hashes of passwords
  • Hashes of email addresses

This data is stored locally in a non-modified form and can be viewed under any user account on the computer.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.