KASPERSKY SECURITY NETWORK (KSN) STATEMENT Kaspersky Security Network Statement (hereinafter "Statement") relates to Kaspersky Industrial CyberSecurity for Nodes (hereinafter "Software"). KSN Statement along with the End User License Agreement for Software, in particular in the Paragraph "Conditions regarding Data Processing" specifies the conditions, responsibilities, and procedures relating to the transmission and processing of the data, indicated in the KSN Statement. Please carefully read the terms of this Statement, as well as all documents referred to in this Statement, before accepting it. All terms used in this Statement have the same meaning defined in the End User License Agreement (EULA) under the clause "Definitions". When the End User activates the use of KSN, the End User is fully responsible for ensuring that the processing of personal data of Data Subjects is lawful, particularly, within the meaning of Article 6 (1) (a) to (1) (f) of Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") if Data Subject is in the European Union, or applicable laws on confidential information, personal data, data protection, or similar thereto. Data Protection and Processing The Rightholder handles the data it receives from the End User under this Statement in accordance with the Rightholder's Privacy Policy published at: https://www.kaspersky.com/Products-and-Services-Privacy-Policy. Purpose of Data Processing To make it possible to increase the Software's speed of reaction to information and network security threats. It is achieved by: - determining the reputation of scanned objects; - identifying information security threats that are new and challenging to detect, and their sources; - taking prompt measures to increase the protection of the data stored and processed by the End User with the Computer; - reducing the likelihood of false positives; - increasing the efficiency of Software components; - investigating cases of infection of a user's computer; - improving the performance of the Rightholder's products; - receiving reference information about the number of objects with known reputation. Processed Data While the KSN is enabled, the Rightholder automatically receives and processes the following data: The data transmitted by the User depends on the type of license installed and the KSN use settings specified. If you use a license for 1-4 nodes, the Rightholder will automatically receive and process the following data during use of the KSN: - information about KSN configuration updates: error code for the configuration update; identifier for the active configuration; identifier for the configuration received; - information about files and URL addresses to be scanned: URL address for which the reputation is being requested, as well as the referrer URL address; checksums of the scanned file (MD5, SHA2-256, SHA1) and file patterns (MD5); identifier for the anti-virus databases; the connection's protocol identifier; the number of the port being used; the size of the pattern; type of the detected threat and its name according to Rightholder's classification; - the identifier of the scan task which detected the threat; - information about digital certificates being used needed to verify their authenticity: certificate's public key; the checksums (SHA2-256) of the certificate used to sign the scanned object; - the identifier of the Software component performing scanning; - IDs of the anti-virus databases and of the records in these anti-virus databases; - information about the activation of the Software on the Computer: checksum (MD5) of the key file; identifier of the certificate used to sign the ticket header; signed header of the ticket from the activation service (identifier of the regional activation center, checksum of the activation code, checksum of the ticket, ticket creation date, unique identifier of the ticket, ticket version, license status, start/end date and time of ticket validity, unique identifier of the license, license version); - information about the Rightholder's Software: full version, type, the version of the protocol used to connect with the Rightholder's services. If you use a license for 5 or more nodes, the Rightholder will automatically receive and process the following data during use of the KSN: - information about the user's request for additional actions on the object: OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software localization; Software update ID; data in the window prompting for user action; device ID; full version of the Software; indicator of interactive mode; installation date and time for the Software; name of the window prompting for user action; severity of the window prompting for user action; time of sending statistics about using application GUI; type of Software license used; type of the installed Software; type of the window prompting for user action; user's choice in the window prompting for action; - information obtained as a result of checking objects using AMSI technology: ID of the triggered record in the Software's anti-virus databases; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; detect characteristics; device ID; directory code; flag indicating whether the object being processed is a PE file; full version of the Software; image file checksum (MD5) of an application that had requested the Software for scanning via AMSI interface; image file name of an application that had requested the Software for scanning via AMSI interface; image file size of an application that had requested the Software for scanning via AMSI interface; name of the object being processed; object type code; path to the object being processed; release date and time of the Software's databases; size of the object being processed; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the triggered Software anti-virus databases record; version of the statistics being sent; - information obtained as a result of checking objects using behavioral analysis technology: ID of the triggered record in the Software's anti-virus databases; OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software database record version; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; date and time of detecting software by System Watcher; detect characteristics; device ID; directory code; full version of the Software; name of the object being processed; number of the detected software in the System Watcher context; path to the object being processed; reason of detecting software by System Watcher; result of the module integrity check; size of the object being processed; type of the installed Software; type of the triggered Software anti-virus databases record; version of the Software's component; - information about the digital certificates used: Software installation ID (PCID); Software update ID; certificate issuer name; certificate owner name and settings; certificate serial number; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; date and time of signing the object; device ID; digital certificate thumbprint of the scanned object and hashing algorithm; full version of the Software; public key of the certificate; result of certificate verification; timestamp of the Software databases; type of the installed Software; - information about using the graphical interface of the application: ID of the control in the user interface; OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software localization; Software update ID; device ID; full version of the Software; indicator of interactive mode; installation date and time for the Software; time of sending statistics about using application GUI; type of Software license used; type of the installed Software; unique ID of the logon session; - information about the files and URLs being checked: Software component ID; Software installation ID (PCID); Software update ID; checksum of the object being processed; checksum type for the object being processed; device ID; full version of the Software; type of the installed Software; version of KSN request about file reputation; version of list of revoked Software service's decisions; - information about the request and the search result of the KSN service: ID of a regional activation center; ID of the information model used to provide the Software license; Software ID; Software activation code version; Software activation date and time; Software installation ID (PCID); Software license ticket checksum; Software license ticket creation date and time; Software license ticket version; Software update ID; checksum of the Software activation code; checksum of the Software key file; configuration identifier; current license ticket ID; data on the license ticket sequence's link to the user account; device ID; error code; full version of the Software; identifier of the certificate used to sign the Software license ticket header; license expiration date; license identifier; result of the Software action; status of the license used by the Software; type of the installed Software; unique device ID; - information about the detected suspicious object: ID of the triggered record in the Software's anti-virus databases; ID of the type of notification shown to the user; IP address of the attacker; OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software localization; Software update ID; Software verdict on the object being processed; attributes that were assigned to an object being processed during scanning; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; command line; debug detection indicator; detect characteristics; detect location within the web traffic being processed; device ID; direction of a network connection; directory code; flag indicating whether the object being processed is a PE file; full version of the Software; indicator of interactive mode; information about displayed window prompting for application action; installation date and time for the Software; local port that was attacked; name of the detected malware or legitimate software that can be used to damage the user's device or data; name of the object being processed; object type code; path to the object being processed; protocol ID; release date and time of the Software's databases; size of the object being processed; source of the web-traffic being processed: local host or remote host; time of sending statistics about using application GUI; timestamp of the triggered record in the Software's anti-virus databases; type of Software license used; type of the installed Software; type of the module being loaded; type of the triggered Software anti-virus databases record; version of the statistics being sent; - information about the DNS addresses being checked: DNS address of the web service being accessed; IP address of the DNS server; Software installation ID (PCID); Software update ID; category of reason for blocking access to the web service; device ID; full version of the Software; reason for blocking access to the web service; server access duration; type of the installed Software; - information about the executable files being checked: ID of the account under which the controlled process was started; ID of the triggered record in the Software's anti-virus databases; Software database record ID; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; attributes of executable file being processed; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; command line; date and time of creating an executable file being processed; date and time of linking the executable file; debug detection indicator; detect characteristics; device ID; directory code; entropy of the file being processed; flag indicating an application which runs automatically at startup; flag indicating whether the object being processed is a PE file; format of the object being processed; full version of the Software; information on who signed the file being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; name of the object being processed; names of the packers that packed the object being processed; notification type, that triggered the statistic sending; path to the object being processed; result of certificate verification; result of status check in KSN of an object being processed; size of the object being processed; timestamp of the Software databases; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the triggered Software anti-virus databases record; version of the statistics being sent; - information about errors in the application: OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software activation date; Software component ID; Software installation ID (PCID); Software key expiration date and time; Software license ID; Software license key creation date and time; Software localization; Software module ID; Software update ID; accessed IPv4 address of the web service; address for the Software module loading; attribute data; certificate issuer name; date and time of downloading local original index file; date and time when statistics started being received; description of an object being processed as defined in the object properties; device ID; digital certificate numerical order in the chain of trust; digital certificate thumbprint of the scanned object and hashing algorithm; error code; error type; flag indicating the presence of a signed timestamp in the digital certificate; full version of the Software; memory stack of the Software process failure; name of subsystem in which the error occurred; name of task in which the error occurred; name of the module in which the failure probably occurred; name of the original index file downloaded during the last update; nested error occurred during the application operation; number of devices/accounts covered by the Software license; number of the string in the script where the error has occurred; process system ID (PID); release date and time of the Software's databases; result of certificate verification; serial number of the Software license key; size of the object being processed; source file path; text of the error message; type of Software license used; type of the installed Software; version of the Software's component; version of the statistics being sent; web address being processed; - information about web protocol errors: Software installation ID (PCID); Software update ID; device ID; error code; full version of the Software; http request method; information about implementation of the web service access handler; method used for authentication in the Software; protocol ID; protocol processing error type; remote port and IP address of the web service being accessed; server access duration; total duration of request processing; type of the installed Software; version of the installed software; web address being processed; - information about requests to the KSN service: ID of data package that is being sent to KSN; ID of the task in which detection was performed; ID of the triggered record in the Software's anti-virus databases; OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; attribute of an object being processed, that allowed to recall the false positive decision on the object; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; directory code; encryption characteristics of data package that is being sent to KSN; full version of the Software; name of the object being processed; object type code; path to the object being processed; release date and time of the Software's databases; size of the object being processed; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the triggered Software anti-virus databases record; version of the statistics being sent; - information about requests to the KSN service as a result of the search for file threats: ID of the task in which detection was performed; ID of the triggered record in the Software's anti-virus databases; OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; detect characteristics; device ID; directory code; flag indicating whether the object being processed is a PE file; full version of the Software; name of the object being processed; object type code; path to the object being processed; release date and time of the Software's databases; size of the object being processed; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the triggered Software anti-virus databases record; version of the statistics being sent; vulnerability ID; vulnerability danger class; - information about requests to the KSN service as a result of the search for network threats: ID of the triggered record in the Software's anti-virus databases; OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; accessed IPv4 address of the web service; accessed IPv6 address of the web service; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; debug detection indicator; device ID; format of the object being processed; full version of the Software; name of the detected malware or legitimate software that can be used to damage the user's device or data; name of the object being processed; release date and time of the Software's databases; sequence number of the script detected on the web page by the application; size of the object being processed; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the triggered Software anti-virus databases record; version of the statistics being sent; web address being processed; web address of the source of the web service request (referer); - information about installing or removing software on your computer: ID of the information model used to provide the Software license; ID of the licensed Software; Software ID derived from the license; Software activation date; Software component name; Software installation ID (PCID); Software installation type; Software license ID; Software localization; Software rebranding ID; Software update ID; delay of sending the statistics; device ID; flag indicating whether participation in KSN is enabled; flag indicating whether the Software is connected to Web-Portal; full version of the Software; identifier of the partner organization via which the Software license order was placed; information about Software updates; installation date and time for the Software; operating status of the Software component; serial number of the Software license key; type of the installed Software; - information about OS crash dumps: OS Service Pack version; OS error code; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; date and time of the BSOD or unexpected power off; device ID; full version of the OS kernel; full version of the Software; type of the installed Software; version of the Software's component; - information about the version of the installed OS: Device Guard (windows) enablement status; OS ID; OS Service Pack version; OS edition; operating system bit version; version of the operating system installed on the user's computer; - information about checking the reputation of a detected suspicious object: ID of the account under which the controlled process was started; ID of the key from the keystore used for encryption; IP address from which the file that matches the process was downloaded; IP address that was accessed by the object being processed; Software installation ID (PCID); Software update ID; Software vendor name; Software verdict on the object being processed; algorithm for calculating the digital certificate thumbprint; boot sectors of the operating system; calculation algorithm of public key of the certificate; certificate issuer name; certificate owner name and settings; certificate serial number; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; checksum of the object being processed; checksum of the user device name (MD5, SHA2-256, SHA1); checksum type for the object being processed; command line; data of the internal log, generated by the anti-virus Software module for an object being processed; data packages of the web traffic being processed; date and time of creating an object being processed; date and time of signing the object; date and time of the last modification of the object being processed; date and time on the user's device; date and time when the certificate expires; date and time when the certificate was issued; description of an object being processed as defined in the object properties; description of the classes and instances in the WMI storage; device ID; digital certificate thumbprint of the scanned object and hashing algorithm; directory code; encryption algorithm for the logon session key; file of the email message being processed; file of the web page being processed; format of the object being processed; fragment content of the object being processed; fragment order in the object being processed; full names of files that were accessed by the object being processed; full version of the Software; information about file signature check results; license expiration date; license identifier; logon session key; name of the Windows registry key; name of the object being processed; number of devices/accounts covered by the Software license; objects or its parts being processed; parent application name; path to the object being processed; protocol used to exchange data with KSN; public key of the certificate; segments of random access memory; size of the object being processed; source of the decision made for the object being processed; storage time for object being processed; timestamp of the Software databases; type of license used; type of the installed Software; value of the Windows registry element; version of the object being processed; version of the operating system installed on the user's computer; web address being processed; web address from which the file that matches the process was downloaded; window ID for the application being processed; - information about critical failures in the application: CPU usage information; OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; application image size; battery level and battery discharge rate; calculated size of the hard drive; current and maximum processor frequency; data about a third-party application that had caused an error: the application image file name and path, the application image file size and checksum (MD5, SHA256, SHA-1), the application process identifier (PID), date and time of the application process image file compiling and creation, application process memory stack and application process memory address where an error had occurred, application uptime before the error had occurred, names, versions and checksums (MD5, SHA256, SHA-1) of the application components' files; date and time of creating an executable file being processed; device ID; disk operations count; duration of software operation until the failure; event date and time; full version of the Software; information on disk usage (IOPS); information on network bandwidth and its usage; logical processors count; memory address with an offset, in which the third-party software failure occurred; memory stack of the Software process failure; name of the module in which the failure probably occurred; name of the process that caused software failure; number of processor cores; physical RAM size; process system ID (PID); statistics message type; type of the hard drive; type of the installed Software; version of the Software's component; volume of inbound traffic; volume of outbound traffic; - information about the installation of the application: Software installation ID (PCID); Software update ID; device ID; full version of the Software; type of the installed Software; - information about the detected threat using antivirus databases: DNS name for the owner of the logon session; DNS server response; ID of the account under which the controlled process was started; ID of the operation being performed by the Software; ID of the operation being performed on the third-party software; ID of the task in which detection was performed; ID of the triggered record in the Software's anti-virus databases; IP address; IP address of the DNS server; Kerberos session key characteristics; Kerberos ticket cache flags mask; Kerberos ticket flags mask; MAC address of the network attack source; OS versions; Software categorization base ID; Software database record ID; Software database record version; Software installation ID (PCID); Software name; Software setting value; Software update ID; Software vendor name; Software verdict on the object being processed; Software version; WMI event consumer; Windows services hosted in the process being processed; access rights for the object being processed; account name of the user that owns the logon session; account that requested the Kerberos ticket; binary mask of options of the DNS query; binary mask of the parameters for the object being processed; checksum (MD5) of the Kerberos ticket data; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; checksum of the user name; command line arguments for the process; computer name on the network (domain name); cryptographic suite that was used for issued Kerberos ticket; data about the license for identifying a group of users of the company that purchased the license by the comment in the license properties; data of the internal log, generated by the anti-virus Software module for an object being processed; date and time of the last modification of the object being processed; date and time when the Kerberos ticket expires; date and time when the Kerberos ticket was issued; debug detection indicator; detected file operations with the object being processed; device ID; direction of a network connection; directory code; error code; event date and time; external IP address; file attributes of an object being processed; file operation code; flag indicating whether the object being processed is a PE file; format of the object being processed; full path to parent process file used to launch the process; full version of the Software; header of the http request being processed; heuristically derived name of the email marketer - email message sender; http request method; information about the client that uses a network protocol (user agent); information on who signed the file being processed; integrity level for the object being processed; license identifier; local IP address; location where code was injected in process; logon session type; name of network protocol used in the detected network attack; name of the Kerberos Realm that client name belongs to; name of the Kerberos Realm that server name belongs to; name of the Windows registry key; name of the created WMI event consumer; name of the created/modified OS service; name of the detected malware or legitimate software that can be used to damage the user's device or data; name of the domain controller used to issue Kerberos ticket; name of the domain used to authenticate the owner of the logon session; name of the filter used by the WMI event consumer; name of the object being processed; name of the server used to authenticate the owner of the logon session; names of the packers that packed the object being processed; namespace name for the WMI event consumer; network interfaces list of the computer; parent process system ID (PID); path to the object being processed; performed commands IDs; port number; process system ID (PID); release date and time of the Software's databases; result of action with the object being processed; result of status check in KSN of an object being processed; security zone identifier extracted from the NTFS stream; size of the object being processed; source file path; start type of the Windows service; third-party software update ID; time of the first launch of the object being processed; type of DNS query; type of the Windows registry value; type of the installed Software; type of the triggered Software anti-virus databases record; type of user account under which the potentially malicious object was started; unique ID of the activity log for the object being processed; unique ID of the logon session; unique User ID in the Rightholder's systems; unique event ID; user account security identifier (SID); user name for the owner of the logon session; value of the Windows registry element; web address being processed; web address from which the file that matches the process was downloaded; zone index where the endpoint IP address belongs; - information about the detected threat using antivirus databases (system monitor): ID of the triggered record in the Software's anti-virus databases; Software database record ID; Software database record version; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; attribute of an object being processed, that allowed to recall the false positive decision on the object; attributes that were assigned to an object being processed during scanning; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; debug detection indicator; device ID; full version of the Software; name of the detected malware or legitimate software that can be used to damage the user's device or data; number of users that ran the object being processed; path to the object being processed; release date and time of the Software's databases; result of the Software action; source of the decision made for the object being processed; timestamp of the Software databases; type of the installed Software; type of the triggered Software anti-virus databases record; - information about the detected threat using antivirus databases (running programs): Software database record ID; Software database record version; Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; command line; debug detection indicator; device ID; full version of the Software; name of the detected malware or legitimate software that can be used to damage the user's device or data; path to the object being processed; release date and time of the Software's databases; type of the installed Software; type of the triggered Software anti-virus databases record; - information about the detected threat using antivirus databases (rootkit search): Software database record ID; Software database record version; Software image size; Software installation ID (PCID); Software name; Software update ID; address of loading Software driver into memory; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; debug detection indicator; detect characteristics; device ID; full version of the Software; name of the detected malware or legitimate software that can be used to damage the user's device or data; release date and time of the Software's databases; technical specifications of the applied detection technologies; type of the installed Software; type of the triggered Software anti-virus databases record; - information about the detected threat using antivirus databases (process monitor): Software database record ID; Software database record version; Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; debug detection indicator; device ID; full version of the Software; name of the detected malware or legitimate software that can be used to damage the user's device or data; path to the object being processed; release date and time of the Software's databases; type of the installed Software; type of the triggered Software anti-virus databases record; - information for product service statistics: ID of the triggered record in the Software's anti-virus databases; Software installation ID (PCID); Software update ID; device ID; full version of the Software; name of the detected malware or legitimate software that can be used to damage the user's device or data; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the triggered Software anti-virus databases record; - information about the recovery results of infected objects: ID of the triggered record in the Software's anti-virus databases; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; directory code; full version of the Software; information about object restoring error; name of the object being processed; operation status of restoring object; operation type of restoring object state; path to the object being processed; release date and time of the Software's databases; size of the object being processed; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the triggered Software anti-virus databases record; version of the Software's component; web address being processed; - information about the self-protection status of the product: ID of the process into which the module was loaded; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software name; Software update ID; Software vendor name; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; date and time of signing the file; device ID; directory code; full version of the Software; information on who signed the file being processed; name of the object being processed; number of the module in the load queue since Software start; path to the object being processed; signer organization name; size of the object being processed; timestamp of the triggered record in the Software's anti-virus databases; trust indicator of the module which integrity is checked by the Software; type of the installed Software; - information about the activation of the product's self-defense: ID of the account under which the controlled process was started; ID of the attacked software process; Software database record ID; Software installation ID (PCID); Software update ID; Software verdict on the object being processed; attributes of executable file being processed; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; command line; date and time of creating an executable file being processed; date and time of linking the executable file; debug detection indicator; detect characteristics; device ID; directory code; entropy of the file being processed; flag indicating an application which runs automatically at startup; flag indicating whether the object being processed is a PE file; format of the object being processed; full version of the Software; indicator showing whether the operation was allowed by self-defense; information on who signed the file being processed; name of operations performed to access the process; name of the detected malware or legitimate software that can be used to damage the user's device or data; name of the object being processed; name of the resource protected by self-defense, with which the operation is performed; names of the packers that packed the object being processed; path to the object being processed; result of certificate verification; result of status check in KSN of an object being processed; size of the object being processed; timestamp of the Software databases; timestamp of the triggered record in the Software's anti-virus databases; type of the installed Software; type of the program resource protected by self-defense, with which the operation is performed; type of the triggered Software anti-virus databases record; - information about files used by applications in On-Access scripts: Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; full version of the Software; object type code; type of the installed Software; - information about MD5 and SHA256 comparisons-A1 HashMappingStatistic: Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; checksum of the object being processed; checksum type for the object being processed; device ID; full version of the Software; type of the installed Software; - information about the detected threat Secure: ID of the applied rule; ID of the operation being performed by the Software; checksum (SHA256) of the object being processed; directory code; mode of the Software rule being applied; name of the object being processed; path to the object being processed; type of user account under which the potentially malicious object was started; - information about the result of the product update: OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software health status after update; Software installation ID (PCID); Software update ID; accessed IPv4 address of the web service; average speed of interaction with the update source; code of the error category; component name; device ID; error code; error code of the update task; full version of the Software; number of files downloaded in one session from the update source; timestamp of the component (local version); timestamp of the root index of available updates; timestamp of the root index of updates being downloaded; timestamp of the update component (updated version); total size of information downloaded during update; type of the installed Software; type of usage error of the software update web server; update task type; version of the updater component; - information about the result of rolling back the product update: OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; device ID; full version of the Software; number of failed update installations for the updater component; number of update installation error for the updater component; type of the installed Software; version of the updater component; - information about use cases when the event was processed by the system monitor for longer than the specified time: OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; code of the event that took longer than the standard time to process by System Watcher; database processing time of the event that took longer than the standard time to process by System Watcher; date and time of System Watcher start; date and time of received event of an action in the OS; date and time of the OS launch; date and time when the anti-virus databases were last updated and applied; device ID; directory code; full version of the Software; installation date and time for the Software; maximum allowed time for processing an event by System Watcher; name of the object being processed; number of delayed OS action events of the current type; number of processed OS action events; number of processed synchronous OS action events; number of update-apply cycles for anti-virus databases; number of waiting synchronous OS action events; path to the object being processed; probability of sending statistics by System Watcher; processing delay time of the event about OS action in the behavioral analysis subsystem; processing delay time of the event about OS action in the persistent event storage subsystem; processing delay time of the event about OS action in the proactive defense subsystem; processing time of the event that took longer than the standard time to process by System Watcher; release date and time of the Software's databases; total delay of all OS action events; total delay of all OS action events of the current type; total number of events that took longer than the standard time to process by System Watcher; type of the installed Software; version of the Software's component; - information about the precedents of overflow of the system monitor event queue: Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; code of the event that caused an event queue overflow while being processed by System Watcher; device ID; directory code; full version of the Software; name of the object being processed; number of events that caused an event queue overflow while being processed by System Watcher; path to the object being processed; probability of sending statistics by System Watcher; total number of queue overflows for events being processed by System Watcher; type of the installed Software; version of the Software's component; - information about use cases when event processing by the system monitor was interrupted by a timeout: ID of the interception that was timed out while being processed in System Watcher; Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; device ID; directory code; full version of the Software; major and minor numbers of the interception filter that caused the interception that was timed out while being processed in System Watcher; name of the object being processed; number of System Monitor events that were timed out when sending statistics package by System Watcher; number of klif events that were timed out when sending statistics package by System Watcher; path to the object being processed; probability of sending statistics by System Watcher; queue size of the System Watcher events that were timed out while being processed; time difference between the first event in the queue and the current event when sending statistics package by System Watcher; type of the event that was timed out while being processed (klif/swmon); type of the installed Software; version of the Software's component; - information about the operation of low-level system event interceptors: OS version supported by software drivers; Software installation ID (PCID); Software update ID; additional information about CPU features; additional information about OS features; code integrity options; current operating mode of software drivers; device ID; full version of the OS kernel; full version of the Software; hypervisor support mode; information about problems with third-party software; type of the installed Software; - information about errors in the operation of low-level system event interceptors: Software installation ID (PCID); Software update ID; device ID; full version of the Software; type of the installed Software; - information about critical failures in executable files: OS Service Pack version; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; Software installation ID (PCID); Software language ID; Software name; Software update ID; checksum (MD5) of the object being processed; device ID; directory code; duration of third-party software operation until the failure; full version of the Software; information about failure in third-party software; information about system memory usage by the Software; memory address with an offset, in which the third-party software failure occurred; name from the system log for the error occurred in third-party software; name of the module in which the failure probably occurred; name of the object being processed; path to the object being processed; type of the installed Software; version of the Software's component; version of the object being processed; - information about the technical characteristics of the detection technologies used (detectors): Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; directory code; full version of the Software; name of the object being processed; path to the object being processed; result of status check in KSN of an object being processed; size of the object being processed; technical specifications of the applied detection technologies; type of the installed Software; - information about the technical characteristics of the detection technologies used (false positive detectors): Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; directory code; full version of the Software; name of the object being processed; path to the object being processed; result of status check in KSN of an object being processed; size of the object being processed; technical specifications of the applied detection technologies; type of the installed Software; - information on the technical characteristics of the detection technologies used (preliminary detectors): Software installation ID (PCID); Software update ID; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; directory code; full version of the Software; name of the object being processed; path to the object being processed; result of status check in KSN of an object being processed; size of the object being processed; technical specifications of the applied detection technologies; type of the installed Software; - information about the executable files and modules being checked: 4-byte vector calculated over the first 4096 bytes of the section; 4-byte vector calculated over the last 4096 bytes of the section; Software installation ID (PCID); Software update ID; application image size; bit mask of the Data Directories section in the PE file; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; emulation depth; emulator version; entropy calculated over the first 4096 bytes of the section; entropy calculated over the last 4096 bytes of the section; full version of the Software; number of sections in the PE file; numeric value frequency calculated over the first 4096 bytes of the section; numeric value frequency calculated over the last 4096 bytes of the section; overlay size in the PE file; properties and checksums of the parts of the execution file; real size of the executable file section; size of the object being processed; technical specifications of the applied detection technologies; type of executable file scan task that sends statistics; type of the installed Software; value of the characteristics attribute from the PE file header; value of the subsystem attribute from the PE file header; version of a certain compiler; version of the statistics being sent; virtual size of the executable file section; zero value frequency calculated over the first 4096 bytes of the section; zero value frequency calculated over the last 4096 bytes of the section; - information about the status of the product: ID and version of the Software module that crashed; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; device ID; duration since the installation of last update; information about system memory usage by the Software; release date and time of the Software's databases; text of the error message; timestamp of the Software databases. Objects that can be exploited by intruders to harm the User's computer can be also sent to Kaspersky to be examined additionally: - Files or their parts; segments of random access memory; boot sectors of the operating system; application activity reports; - Name; size; version of the file being sent; its description and checksums (MD5, SHA2-256, SHA1); file path; ID of the format; name of the publisher; name of the product to which the file belongs; names of and paths to files accessed by the process; names and values of registry keys accessed by the process; segments of random access memory; URL and IP addresses accessed by the process or from which the file that was run originated; - Certificate validity start and end dates and times if the file being sent has a digital signature; date and time when the certificate was signed; name of the certificate publisher; information about the certificate holder; impression and public key of the certificate; algorithms used to calculate them; certificate serial number; - Information about the date and time of creation and modification of the file; an attribute signifying whether or not the date and time of file signature is used in signature verification; the result of integrity verification of the file; - The name of the account under which the process is running; the name of the computer on which it has been started; headers of process windows; ID of anti-virus databases; name of the threat detected per the Rightholder's classification; unique ID of the license; expiration date and type of license; version of the operating system (OS) and service packs installed on the computer; local time; - Objects detected at malicious links. Such objects may be temporarily stored on the User's computer until they are transmitted. Also, in order to prevent false positives, the Rightholder may receive: - trusted executable and non-executable files or their parts, information about the whitelisted digital certificates used: Software categorization base ID; Software installation ID (PCID); Software update ID; Software vendor name; application package name; category assigned to a third-party application in the application store; checksum (MD5) of the object being processed; checksum (SHA256) of the object being processed; device ID; directory code; full version of the Software; information about file signature check results; name of the object being processed; parent application name; parent application version; path to the object being processed; source of the decision made for the object being processed; timestamp of the Software databases; type of the installed Software; version of the object being processed; - number of software dumps since the Software was installed; number of software dumps since the time of the last update; version of the Software's component; full version of the Software; Software update ID; Software localization; notification type, that triggered the statistic sending; information about Software updates; Software installation ID (PCID); Software component name; operating status of the Software component; type of the installed Software; number of system dumps (BSOD) since the Software was installed; number of system dumps (BSOD) since the time of the last update. Also, in order to increase the effectiveness of protection provided by the Software, the Rightholder may receive objects that could be exploited by intruders to harm the Computer and create information security threats. Such objects include: - executable and non-executable files or their parts; - portions of the Computer's RAM; - sectors involved in the process of booting the OS; - network traffic data packets; - web pages and emails containing suspicious and malicious objects; - description of the classes and instances of classes of the WMI repository; - application activity reports. Such application activity reports contain the following data about files and processes: - the name, size and version of the file being sent, its description and checksums (MD5, SHA2-256, SHA1), file format identifier, the name of the file's vendor, the product name to which the file belongs, full path on the Computer, template code of the file path, the creation and modification timestamps of the file; - start and end date/time of the validity period of the certificate (if the file has a digital signature), the date and the time of the signature, the name of the issuer of the certificate, information about the certificate holder, the fingerprint, the certificate's public key and appropriate algorithms, and the certificate's serial number; - the name of the account from which the process is running; - checksums (MD5, SHA2-256, SHA1) of the name of the Computer on which the process is running; - titles of the process windows; - identifier for the anti-virus databases, name of the detected threat according to Rightholder's classification; - data about the installed license, its identifier, type and expiration date; - local time of the Computer at the moment of the provision of information; - names and paths of the files that were accessed by the process; - names of registry keys and their values that were accessed by the process; - URL and IP addresses that were accessed by the process; - URL and IP addresses from which the running file was downloaded. Also, in order to prevent false positives, the Rightholder may receive trusted executable and non-executable files or their parts. The description of the data transmitted depending on the KSN use settings specified can be found in the User Manual. Your Choice to Participate It is entirely Your choice to automatically send data to the Rightholder on a regular basis under this Statement. You can withdraw Your consent at any time in the settings of the Software as described in the User Manual. When the End User decides to disable the KSN, the Rightholder will not receive new data. The Rightholder may still process certain data already received under legitimate interest according to point (f) of Article 6 (1) of the EU General Data Protection Regulation (GDPR) for the purposes described in the Privacy Policy at https://www.kaspersky.com/Products-and-Services-Privacy-Policy. If the End User wishes to object to such data processing, the End User must inform the Rightholder in the manner specified in the Privacy Policy. For more information about legal bases for data processing and End User's rights and options, the End User may consult the Privacy Policy at https://www.kaspersky.com/Products-and-Services-Privacy-Policy. © 2023 AO Kaspersky Lab