Kaspersky Security Network Statement

A. INTRODUCTION
Please read this document thoroughly. It provides important information that you
should be acquainted with before continuing to use our services or software. We
reserve the right to modify this Statement at any time by making changes to thi
s page.
AO Kaspersky Lab (further Kaspersky Lab) has created this Statement in order to
inform and disclose its data gathering and dissemination practices for Kaspersky
Endpoint Security 10 for Windows.
Kaspersky Lab has a strong commitment to providing superior service to all of ou
r customers and particularly respecting your concerns about Data Processing.
This Statement contains numerous general and technical details describing the st
eps we take to respect your Data Processing concerns. Meeting your needs and exp
ectations forms the foundation of everything we do including protecting your Dat
a.
The Kaspersky Security Network service allows users of Kaspersky Lab security pr
oducts from around the world to help facilitate identification and reduce the ti
me it takes to provide protection against new (in the wild) and complex security t
hreats and their sources, intrusion threats, as well as increasing the protectio
n level of information stored and processed by the computers user. This informati
on contains no personally identifiable information about the user and is utilize
d by Kaspersky Lab for no other purposes but to enhance its security products an
d to further advance solutions against malicious threats and viruses.
By participating in Kaspersky Security Network, you and the other users of Kaspe
rsky Lab security products from around the world contribute significantly to a s
afer Internet environment.
Legal Issues (if applicable)
Kaspersky Security Network may be subject to the laws of several jurisdictions b
ecause its services may be used in different jurisdictions, including the United
States of America. Kaspersky Lab shall disclose information without your permis
sion when required by law, or in good-faith belief that such action is necessary
to investigate or protect against harmful activities to Kaspersky Lab guests, v
isitors, associates, property or to others. As mentioned above, laws related to
data and information processed by Kaspersky Security Network may vary by country
.
Kaspersky Security Network shall duly inform the users concerned when initially
processing the above-mentioned information of any sharing of such information an
d shall allow these Internet users to opt in (in the EU Member States and other
countries requiring opt-in procedures) or opt out (for all other countries) onli
ne from the commercial use of this data and/or the transmission of this data to
third parties.
Kaspersky Lab may be required by law enforcement or judicial authorities to prov
ide some information to appropriate governmental authorities. If requested by la
w enforcement or judicial authorities, we shall provide this information upon re
ceipt of the appropriate documentation. Kaspersky Lab may also provide informati
on to law enforcement to protect its property and the health and safety of indiv
iduals as permitted by statute.
B. RECEIVED INFORMATION

In order to identify new and challenging data security threats and their sources
, as well as threats of intrusion, and to take prompt measures to increase the p
rotection of the data stored and processed by the User with a computer, the User
agrees to automatically provide the following information:
- Date of software installation and activation, the full software version, inclu
ding information about installed updates and the softwares locale;
- Information about the software installed on the computer, including the versio
n of the operating system and installed updates, kernel objects, drivers, servic
es, Microsoft Internet Explorer extensions, printing system extension, Windows E
xplorer extensions, downloaded objects, Active Setup elements, control panel app
lets, entries in the hosts file and system registry, versions of browsers and ma
il clients;
- Information about the computers hardware, including a checksum of the HDDs seria
l number;
- Data about software tools used to fix problems in software installed on the Us
ers computer, or to change its functionality, and the return codes received after
the installation of each piece of software;
- Information about the state of the computers anti-virus protection, including t
he versions and release dates and times of the anti-virus databases being used,
statistics about updates and connections with Kaspersky Lab services, job identi
fier and the identifier of the software component performing scanning;
- Information about files being downloaded by the User, including the URL and IP
addresses of the download and the download pages, download protocol identifier
and connection port number, the status of the URLs as malicious or not, files att
ributes, size and checksums (MD5, SHA2-256, SHA1), information about the process
that downloaded the file (checksums (MD5, SHA2-256, SHA1), creation/build date
and time, autoplay status, attributes, names of packers, information about signa
tures, executable file flag, format identifier, and entropy), file name and its
path, the files digital signature and timestamp of its generation, the URL where
detection occurred, the scripts number on the page that appears to be suspicious
or harmful, information about HTTP requests generated and the response to them;
- Information about the running applications and their modules, including inform
ation about processes running on the system (process ID (PID), process name, inf
ormation about the account the process was started from, the application and com
mand that started the process, the full path to the process s files, and the sta
rting command line, a description of the product that the process belongs to (in
cluding the name of the product and information about the publisher), as well as
digital certificates being used and information needed to verify their authenti
city or information about the absence of a file s digital signature), and inform
ation about the modules loaded into the processes, including their names, sizes,
types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths t
o them, PE-file header information, names of packers (if the file was packed);
- Information about all potentially malicious objects and actions, including the
name of the detected object and the full path to the object on the computer, ch
ecksums (MD5, SHA2-256, SHA1) of the files being processed, detection date and t
ime, names and size of downloaded files and paths to them, code of the path temp
late, names of packers (if the file was packed), file type code, file format ide
ntifier, list of the activities of malicious applications and associated decisio
ns made by the software and the User, identifiers for the anti-virus databases t
he software used to make a decision, name of the detected threat according to Ka
spersky Labs classification, danger level and detection status, reason for includ
ing a file in the analyzed context and the files serial number in the context, ch
ecksums (MD5, SHA2-256, SHA1), name and attributes of the executable file for th
e application that passed the infected message, anonymized IP address (IPv4 and
IPv6) of the blocked objects host, the files entropy, autoplay status, time of the
files first detection in the system, number of times the file has been run since
the last time statistics were sent, information about the name, checksums (MD5,
SHA2-256, SHA1) and size of the mail client used to receive the malicious objec
t, identifier of the entry in the anti-virus databases used to arrive at a verdi
ct, job identifier of the software that performed the scan, flag of the reputati

on verification or file signature verification, result of processing the file, c

hecksum (MD5) of the pattern collected on the object and pattern size in bytes;
- Information about scanned objects, including the assigned trust group to which
and/or from which the file has been placed, the reason the file was placed in t
hat category, category identifier, information about the source of the categorie
s and the version of the category database, the files trusted certificate flag, n
ame of the files vendor, file version, name and version of the software product w
hich includes the file;
- Information about vulnerabilities detected, including the vulnerability ID in
the database of vulnerabilities, the vulnerability danger class, and the status
of detection;
- Information about emulation of the executable file, including file size and it
s checksums (MD5, SHA2-256, SHA1), the version of the emulation component, emula
tion depth, an array of properties of logical blocks and functions within logica
l blocks obtained during the emulation, data from the executable files PE headers
;
- Information about network attacks, including the IP addresses of the attacking
computer (IPv4 and IPv6), the number of the port on the Users computer that the
network attack is directed at, identifier of the protocol of the IP packet conta
ining the attack, the attacks target (organization name, website), flag for the r
eaction to the attack, the attacks weight, trust level;
- Information about attacks associated with spoofed network resources, including
the DNS and IP addresses (IPv4 and IPv6) of visited websites, number of IP addr
ess assignments for the domain name;
- Information about the rolling back of malwares activities, including data about
the file whose activities are being rolled back (file name, full path to the fi
le, its size and checksums (MD5, SHA2-256, SHA1)), data about successful and uns
uccessful actions to delete, rename, and copy files and restore values in the re
gistry (names of registry keys and their values), information about system files
changed by malware, before and after the roll back;
- Information about the loaded software modules, including name, size and checks
ums (MD5, SHA2-256, SHA1) of the module file, its full path and template code of
the file path, parameters of the module files digital signature, timestamp of th
e signature generation, names of the subject and the organization that signed th
e module file, identifier of the process, in which the module was loaded, name o
f the module vendor, index number of the module in the load queue;
- Information to determine the reputation of files and URL-addresses, including
checksums of the scanned file (MD5, SHA2-256, SHA1) and pattern (MD5) obtained d
uring the emulation of the file, size of the pattern, emulation depth, the versi
on of the emulation component, type of the detected threat and its name accordin
g to Kaspersky Labs classification, identifier for the anti-virus databases, URL
address at which the reputation is being requested, as well as the referrer URL
address, the connections protocol identifier and the number of the port being use
d;
- Service information about the softwares operation, including the compiler versi
on, flag for the potential maliciousness of the scanned object, version of the s
et of statistics being sent, information about the availability and validity of
these statistics, identifier of the mode for generating the statistics being sen
t, flag indicating whether the software is operating in interactive mode;
- If a potentially malicious object is detected, information is provided about d
ata in the processes memory, elements of the system object hierarchy (ObjectManag
er), data in UEFI BIOS memory, names of registry keys and their values;
- Information about events in the systems logs, including the events timestamp, t
he name of the log in which the event was found, type and category of the event,
name of the events source and the events description;
- Information about network connections, including version and checksums (MD5, S
HA2-256, SHA1) of the file from which process was started that opened the port,
the path to the processs file and its digital signature, local and remote IP-addr
esses, numbers of local and remote connection ports, connection state, timestamp
of the ports opening.

For additional examination the User agrees to provide files or parts of files, i
ncluding objects detected through malicious links that could be exploited by int
ruders to harm the Users computer.
Additionally, to prevent incidents and investigate those that do occur, the User
agrees to provide trusted executable and non-executable files, URLs, portions o
f the computers RAM, and the operating systems boot sectors, as well as the follow
ing information about files and processes:
- Name of a file being send, its path on the computer, template code of the file
path, file size and its checksums (MD5, SHA2-256, SHA1);
- Name of the account from which the process is running;
- Name of the computer on which the process is running;
- Titles of the process windows;
- Identifier for the anti-virus databases, name of the detected threat according
to Kaspersky Labs classification;
- Data about the installed license, including its identifier, type and expiratio
n date;
- Version of the operating system and installed updates;
- Local time of the computer at the moment of the provision of information;
- The names and paths of the files that were accessed by the process;
- Names of registry keys and their values that were accessed by the process;
- URL- and IP-addresses that were accessed by the process;
- URL- and IP-addresses from which the running file was downloaded.
In order to promptly detect and fix errors associated with installation, uninsta
llation, and updating of the product, and to record the number of users, the Use
r agrees to provide information about the date of installation and activation of
the software on the computer, the full version of the installed software (inclu
ding the version of the installed software update), the softwares locale language
, name and type of software, type of installed license and its expiration date,
identifier of the partner from whom the license was purchased, serial number of
license, type of software installation on the computer (initial installation, up
dating, etc.) and an installation success flag or the installation error number,
a unique identifier for the installation of the software on the computer, type
and identifier of the application that is being updated, identifier of the updat
e job.
In order to increase the level of support and monitoring of the defined level of
software protection, the User agrees to provide the following information about
the results of testing software operability after applying of updates:
- Information about the set of all installed updates, and the set of most recent
ly installed/removed updates;
- The type of event that caused the update information to be sent;
- Duration since the installation of last update;
- Information about any currently installed anti-virus databases;
- CPU usage data;
- The number of active streams and streams in standby state;
- Memory usage data (Private Bytes, Non-Paged Pool);
- Number of software dumps and system dumps (BSOD) since the software was instal
led and since the time of the last update, including the identifier and version
of the software module that crashed, the memory stack in the products process, an
d information about the anti-virus databases at the time of the crash;
- The version of the installed software, including the version of the Nagent com
ponent;
- The set of installed software components, including the version of the install
ed encryption module and the status of each component;
- The operating system version, including the installed system updates.
To improve performance of Kaspersky Labs products, the User agrees to submit the
following information:

- Information about software installed on the computer, including the operating

system version and service packs installed;
- The full version of the Software, including information about the type, instal
led updates and localization;
- The installation ID of the Software on your computer, the unique ID of the com
puter;
- Value of the TARGET filter;
- Information about errors that occurred during operation of the product compone
nt, including the status ID of the Software, the error type, code and time of oc
currence, the IDs of the component, module and process of the product in which t
he error occurred, the ID of the task or update category during which the error
occurred, KL drivers logs of minidump (error code, module name, name of the sourc
e file and the line where the error occurred), identifier of the method to ident
ify an error in the software operation, name of the process that initiated inter
ception or traffic exchange which led to an error in the software operation;
- Information about updates of anti-virus databases and Software components, inc
luding the name, date and time of index files downloaded during the last update
and being downloaded during this update, as well as the date and time of complet
ion of the last update, names of the files of updated categories and its checksu
ms (MD5);
- Information about abnormal termination of the Software, including the creation
date and time of the dump, its type, the name of the process linked to the dump
, the version and send time of the statistics dump;
- Information about Software operation, including data on the use of the process
or (CPU) and memory usage (Private Bytes, Non-Paged Pool, Paged Pool), the numbe
r of active flows in the product process and flows in pending state, the length
of time the Software was in operation before the error occurred, the memory stac
k in the product process;
- Data on the BSOD, including a flag indicating the occurrence of the BSOD on th
e computer, the name of the driver that caused the BSOD, the address and memory
stack in the driver, a flag indicating the duration of the session before the BS
OD occurred, memory stack of drivers that crashed, type of stored memory dump, f
lag for the session of the OS before BSOD lasted more than 10 minutes, unique id
entifier of the dump, timestamp of the BSOD;
- Event identifiers (unexpected power-off, third-party application crash, errors
of interception processing), date and time of the unexpected power-off;
- Information about third-party applications that caused the error, including th
eir name, version and localization, the error code and information about the err
or from the system log of applications, the address of the error and memory stac
k of the third-party application, a flag indicating the occurrence of the error
in the Software component, the length of time the third-party application was in
operation before the error occurred, checksums (MD5, SHA2-256, SHA1) of the app
lication process image, in which the error occurred, path to the application pro
cess image and template code of the path, information from the system log with a
description of the error associated with the application, information about the
application module, in which an error occurred (information on the exception, c
rash memory address as an offset in the application module, name and version of
the module, identifier of the application crash in the Rightholders plugin and me
mory stack of the crash, duration of the application session before crash);
- Information on the status of computer protection, including the protection sta
tus code;
- Version of the Updater component, number of crashes of the Updater component w
hile running update tasks over the lifetime of the component;
- ID of the update task type, number of failed Updater attempts to complete upda
te tasks;
- Full version of SystemWatcher component, code of the event that overflowed the
event queue and number of such events, the total number of queue overflow event
s, information about the file of the process of the initiator of the event (file
name and its path on the computer, template code of the file path, checksums (M
D5, SHA2-256, SHA1) of the process associated with the file, file version), iden

tifier of the event interception that occurred, the full version of the intercep
tion filter, identifier of the type of the intercepted event, size of the event
queue and the number of events between the first event in the queue and the curr
ent event, number of overdue events in the queue, information about the file of
the process of the initiator of the current event (file name and its path on the
computer, template code of the file path, checksums (MD5, SHA2-256, SHA1) of th
e process associated with the file), duration of the event processing, maximum d
uration of the event processing, probability of sending statistics;
- Information about computer, including operating system and service packs insta
lled, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, paramet
ers of the OS run mode;
- Information about the software installed on the computer, including the name o
f the software and the name of its publisher, information about registry keys an
d their values, information about software components files, including checksums
(MD5, SHA2-256, SHA1), name of a file, its path on the computer, size, version
and digital signature;
- Information about hardware installed on the computer, including type, name, mo
del name, firmware version, parameters of built-in and connected devices;
- Information about the last unsuccessful OS restart, including the number of un
successful restarts.
In order to receive the reference information about the number of objects with k
nown reputation, the User agrees to provide information about the version of the
protocol used to connect with the Rightholders services.
When participating in KSN, the User agrees to provide the following information
for all purposes mentioned above:
- The unique software installation identifier;
- The full version of the installed software;
- The type identifier of the installed software;
- The unique identifier of the computer with the installed software.
Securing the Transmission and Storage of Data
Kaspersky Lab is committed to protecting the security of the information it proc
esses. The information processed is stored on computer servers with limited and
controlled access. Kaspersky Lab operates secure data networks protected by indu
stry-standard firewall and password protection systems. Kaspersky Lab uses a wid
e range of security technologies and procedures to protect information from thre
ats such as unauthorized access, use, or disclosure. Our security policies are p
eriodically reviewed and enhanced as necessary, and only authorized individuals
have access to the data that we process. Kaspersky Lab takes steps to ensure tha
t your information is treated securely and in accordance with this Statement. Un
fortunately, no data transmission can be guaranteed secure. As a result, while w
e strive to protect your data, we cannot guarantee the security of any data you
transmit to us or from our products or services, including without limitation Ka
spersky Security Network, and you use all these services at your own risk.
We treat the data we process as confidential information; it is, accordingly, su
bject to our security procedures and corporate policies regarding protection and
use of confidential information. All Kaspersky Lab employees are aware of our s
ecurity policies. Your data is only accessible to those employees who need it in
order to perform their jobs. Any stored data will not be associated with any pe
rsonally identifiable information. Kaspersky Lab does not combine the data store
d by Kaspersky Security Network with any data, contact lists, or subscription in
formation that is processed by Kaspersky Lab for promotional or other purposes.
C. USE OF THE PROCESSED DATA
Kaspersky Lab processes the data in order to analyze and identify the source of

potential security risks, and to improve the ability of Kaspersky Labs products t
o detect malicious behavior, fraudulent websites, crimeware, and other types of
Internet security threats to provide the best possible level of protection to Ka
spersky Lab customers in the future.
Disclosure of Information to Third Parties
Kaspersky Lab may disclose any of the information processed if asked to do so by
a law enforcement official as required or permitted by law, in response to a su
bpoena or other legal process or if we believe in good faith that we are require
d to do so in order to comply with applicable law, regulation, subpoena, or othe
r legal process or enforceable government request. Kaspersky Lab may also disclo
se information when we have reason to believe that disclosing this information i
s necessary to identify, contact or bring legal action against someone who may b
e violating this Statement, the terms of your agreements with the Kaspersky Lab
or to protect the safety of our users and the public or under confidentiality an
d licensing agreements with certain third parties which assist us in developing,
operating and maintaining the Kaspersky Security Network. In order to promote a
wareness, detection and prevention of Internet security risks, Kaspersky Lab may
share certain information with research organizations and other security softwa
re vendors. Kaspersky Lab may also make use of statistics derived from the infor
mation processed to track and publish reports on security risk trends.
D. DATA PROCESSING RELATED INQUIRIES AND COMPLAINTS
Kaspersky Lab takes and addresses its users Data Processing concerns with utmost
respect and attention. If you believe that there was an instance of non-complian
ce with this Statement with regard to your information or data, or you have othe
r related inquiries or concerns, you may write or contact Kaspersky Lab by email
: support@kaspersky.com.
In your message, please describe in as much detail as possible the nature of you
r inquiry. We will investigate your inquiry or complaint promptly.
CHOICES AVAILABLE TO YOU
In case of refusal to participate in KSN the above data is not transmitted. The
data is processed and stored in a restricted and protected partition on the users
computer. This data cannot be restored after uninstallation. If you agree to pa
rticipate in KSN, the data is transferred to Kaspersky Lab for the above purpose
s.
Kaspersky Lab protects the information received in accordance with the law and K
aspersky Labs rules.
Kaspersky Lab uses the information received only in an anonymized form as part o
f aggregated statistics. These aggregated statistics are generated automatically
from the original information received and do not contain personal information
or any other confidential information. Initial information received is destroyed
upon accumulation (once a year). General statistics are kept indefinitely.
Participation in Kaspersky Security Network is optional. You can activate and de
activate the Kaspersky Security Network service at any time by altering the Feed
back settings on your Kaspersky Lab products options tab. Please note, however, if
you choose to deactivate the Kaspersky Security Network service, we may not be
able to provide you with some of the services dependent upon the processing of t
his data.
We also reserve the right to send infrequent alert messages to users to inform t
hem of specific changes that may impact their ability to use our services that t
hey have previously signed up for. We also reserve the right to contact you if c

ompelled to do so as part of a legal proceeding or if there has been a violation

of any applicable licensing, warranty or purchase agreements.
Kaspersky Lab is retaining these rights because in limited cases we feel that we
may need the right to contact you as a matter of law or regarding matters that
may be important to you. These rights do not allow us to contact you to market n
ew or existing services if you have asked us not to do so, and issuance of these
types of communications is rare.
2015 AO Kaspersky Lab. All Rights Reserved.