﻿KASPERSKY SECURITY NETWORK (KSN) STATEMENT

All terms used in this Kaspersky Security Network Statement (hereinafter "Statement") have the same meaning defined in the End User License Agreement (EULA) under the paragraph "Definitions".

Please carefully read the terms of this Statement, as well as all documents referred to in this Statement, before accepting it. If the Software is used within a legal entity or on the Computer used by several individuals, You must ensure that they have understood and accepted the conditions of this Statement before data processing begins.

Data Protection and Processing
The Rightholder handles the data it receives from the End User under this Statement in accordance with the Rightholder's Privacy Policy published at: https://www.kaspersky.com/Products-and-Services-Privacy-Policy.

Purpose of Data Processing
To make it possible to increase the Software's speed of reaction to information and network security threats. It is achieved by:
• Determining the reputation of scanned objects
• Identifying information security threats that are new and challenging to detect, and their sources
• Reducing the likelihood of false positives
• Increasing the efficiency of Software components
• Investigating of infection of a user's computer
• Improving the performance of the Rightholder's Software
• Receiving reference information about the number of objects with known reputation
• Improving the quality of Rightholder's Software

Processed Data 
Certain data which is processed under this Statement could be considered personal data according to laws of some countries.

The data to be processed depend on which Software You use or later switch to.
• Kaspersky Standard

With Your consent, the following data will be automatically sent on a regular basis to the Rightholder under this Statement:
• Information on interaction with Web portal: code of the error category; token type; token used for authentication in the Rightholder's services; unique request ID to the Rightholder services; error code; total duration of request processing; token TTL; type of the installed Software; path to the object being processed; line number of the source file in the exception handler; response status of the Rightholder's service.
• Information about the User environment: browser version; browser type; flag indicating whether the device is plugged in; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; list of available Wi-Fi networks and their settings; checksum (SHA256 with salt) of the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network name; local time of the start and end of the Wi-Fi network connection; detected device type; status of VPN client settings; user's choice regarding controlling device connections to the home Wi-Fi network; network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe); network category specified in Kaspersky VPN Secure Connection (home, work, public); Wi-Fi signal strength; checksum (MD5 with salt) of the MAC address of the access point; Wi-Fi network authentication type; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network encryption type; flag indicating whether the DNS domain exists; user classification of the Wi-Fi network; ID of the key from the keystore used for encryption.
• Information about the operation of the Safe Money component: indicator of presence of web address in the Safe Money database; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; actions performed with the web address in the Software settings; web address being processed; web address of the source of the web service request (referer); indicator of remembered choice of action location for the web service.
• Information about the use of Kaspersky Security Network (KSN): source of the decision made for the object being processed; protocol used to exchange data with KSN; Software database record ID; version of the statistics being sent; detect characteristics; notification type, that triggered the statistic sending; temporal distribution of unsuccessful KSN transactions; number of unsuccessful KSN connections; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; temporal distribution of successful KSN connections; number of unsuccessful KSN transactions; number of successful KSN transactions; temporal distribution of unsuccessful KSN connections; temporal distribution of requests to KSN that timed out; temporal distribution of successful requests to KSN; number of new KSN connections; temporal distribution of successful KSN transactions; number of KSN connections taken from the cache; ID of the KSN service accessed by the Software; number of unsuccessful requests to KSN caused by routing errors; total number of requests to KSN; temporal distribution of canceled requests to KSN; number of requests for which a response was found in the local request database; date and time when statistics stopped being received; number of successful KSN connections; date and time when statistics started being received; statistics message type; object time in the buffer; error code.
• Information about an object being processed: fragment content of the object being processed; checksum type for the object being processed; source of the decision made for the object being processed; size of the object being processed; checksum of the object being processed; Software verdict on the object being processed; fragment order in the object being processed; objects or its parts being processed; file of the web page being processed; fragment content of the object being processed; file of the email message being processed; ID of the key from the keystore used for encryption; logon session key; encryption algorithm for the logon session key; ID of the account under which the controlled process was started; timestamp of the Software databases; certificate issuer name; date and time of creating an object being processed; algorithm for calculating the digital certificate thumbprint; public key of the certificate; parent application name; description of an object being processed as defined in the object properties; certificate serial number; path to the object being processed; name of the object being processed; date and time when the certificate was issued; calculation algorithm of public key of the certificate; date and time of the last modification of the object being processed; version of the object being processed; date and time of signing the object; checksum (MD5) of the object being processed; digital certificate thumbprint of the scanned object and hashing algorithm; date and time when the certificate expires; checksum (SHA256) of the object being processed; information about file signature check results; format of the object being processed; certificate owner name and settings; Software vendor name; data of the internal log, generated by the anti-virus Software module for an object being processed; storage time for object being processed; type of the triggered Software anti-virus databases record; web address being processed; timestamp of the triggered record in the Software's anti-virus databases; ID of the triggered record in the Software's anti-virus databases; web address of the source of the web service request (referer); confidence of detecting access to the phishing web service; weight of the detected access to the phishing web service; debug detection indicator; phishing attack target; information on who signed the file being processed; date and time of linking the executable file; accessed IPv4 address of the web service; entropy of the file being processed; attributes of executable file being processed; result of status check in KSN of an object being processed; names of the packers that packed the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; flag indicating an application which runs automatically at startup; command line; flag indicating whether the object being processed is a PE file; detect characteristics; date and time of creating an executable file being processed; directory code; result of certificate verification; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking; object type code; ID of the task in which detection was performed; checksum (MD5) of the object being processed; release date and time of the Software's databases; protocol ID; source of the web-traffic being processed: local host or remote host; detect location within the web traffic being processed; direction of a network connection; IP address of the attacker; local port that was attacked; vulnerability danger class; vulnerability ID; trust indicator of the processed object according to KSN; line number of the source file in the exception handler; protocol processing error type; flag indication, describing the source of the web-traffic being processed (server or client); type of the triggered Software anti-virus databases record; accessed address of the web service (URL, IP); checksum (MD5) of the mask that blocked the web service; accessed IPv6 address of the web service; number of the detected software in the System Watcher context; date and time of detecting software by System Watcher; reason of detecting software by System Watcher; number of software runs since the last time the file checksum was sent; checksum type for the object being processed; checksum (SHA256) of the object being processed; size of the object being processed; Software verdict on the object being processed; source of the decision made for the object being processed; checksum of the object being processed; result of the module integrity check.
• Information about accessing a web service: accessed IPv6 address of the web service; accessed IPv4 address of the web service; type of client used to access the web service; web address of the source of the web service request (referer); DNS address of the web service being accessed; information about the client that uses a network protocol (user agent); host source; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; text of the error message; error type; http request method; error code; logon session key; encryption algorithm for the logon session key; type of the decision on a web address being processed; reason for blocking access to the web service; category of reason for blocking access to the web service; accessed IPv4 address of the web service; accessed IPv6 address of the web service; web address being processed; web address being processed.
• Information about the Rightholder's installed Software: full version of the Software; type of the installed Software; Software update ID; Software installation ID (PCID); release date and time of the Software's databases; version of the Software's component; timestamp of the Software databases; attribute of an object being processed, that allowed to recall the false positive decision on the object; update task type; Software health status after update; error code of the update task; version of the updater component; number of update installation error for the updater component; number of failed update installations for the updater component; full version of the Software before update; text of the error message; type of the triggered Software anti-virus databases record; timestamp of the triggered record in the Software's anti-virus databases; technical specifications of the applied detection technologies; Software database record version; ID of the triggered record in the Software's anti-virus databases; version of the Software's component.
• Information about the device: device ID; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS Service Pack version; OS error code; OS ID; version of the operating system installed on the user's computer; operating system bit version.

• Kaspersky Plus or Kaspersky Premium

With Your consent, the following data will be automatically sent on a regular basis to the Rightholder under this Statement:
• Information on interaction with Web portal: code of the error category; token type; token used for authentication in the Rightholder's services; unique request ID to the Rightholder services; error code; total duration of request processing; token TTL; type of the installed Software; path to the object being processed; line number of the source file in the exception handler; response status of the Rightholder's service.
• Information about the User environment: browser version; browser type; flag indicating whether the device is plugged in; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; list of available Wi-Fi networks and their settings; checksum (SHA256 with salt) of the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network name; local time of the start and end of the Wi-Fi network connection; detected device type; status of VPN client settings; user's choice regarding controlling device connections to the home Wi-Fi network; network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe); network category specified in Kaspersky VPN Secure Connection (home, work, public); Wi-Fi signal strength; checksum (MD5 with salt) of the MAC address of the access point; Wi-Fi network authentication type; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network encryption type; flag indicating whether the DNS domain exists; user classification of the Wi-Fi network; ID of the key from the keystore used for encryption.
• Information about the operation of the Safe Money component: indicator of presence of web address in the Safe Money database; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; actions performed with the web address in the Software settings; web address being processed; web address of the source of the web service request (referer); indicator of remembered choice of action location for the web service.
• Information about the use of Kaspersky Security Network (KSN): source of the decision made for the object being processed; protocol used to exchange data with KSN; Software database record ID; version of the statistics being sent; detect characteristics; notification type, that triggered the statistic sending; temporal distribution of unsuccessful KSN transactions; number of unsuccessful KSN connections; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; temporal distribution of successful KSN connections; number of unsuccessful KSN transactions; number of successful KSN transactions; temporal distribution of unsuccessful KSN connections; temporal distribution of requests to KSN that timed out; temporal distribution of successful requests to KSN; number of new KSN connections; temporal distribution of successful KSN transactions; number of KSN connections taken from the cache; ID of the KSN service accessed by the Software; number of unsuccessful requests to KSN caused by routing errors; total number of requests to KSN; temporal distribution of canceled requests to KSN; number of requests for which a response was found in the local request database; date and time when statistics stopped being received; number of successful KSN connections; date and time when statistics started being received; statistics message type; object time in the buffer; error code.
• Information about an object being processed: checksum type for the object being processed; checksum (SHA256) of the object being processed; size of the object being processed; Software verdict on the object being processed; source of the decision made for the object being processed; checksum of the object being processed; fragment content of the object being processed; checksum type for the object being processed; source of the decision made for the object being processed; size of the object being processed; checksum of the object being processed; Software verdict on the object being processed; fragment order in the object being processed; objects or its parts being processed; file of the web page being processed; fragment content of the object being processed; file of the email message being processed; ID of the key from the keystore used for encryption; logon session key; encryption algorithm for the logon session key; ID of the account under which the controlled process was started; timestamp of the Software databases; certificate issuer name; date and time of creating an object being processed; algorithm for calculating the digital certificate thumbprint; public key of the certificate; parent application name; description of an object being processed as defined in the object properties; certificate serial number; path to the object being processed; name of the object being processed; date and time when the certificate was issued; calculation algorithm of public key of the certificate; date and time of the last modification of the object being processed; version of the object being processed; date and time of signing the object; checksum (MD5) of the object being processed; digital certificate thumbprint of the scanned object and hashing algorithm; date and time when the certificate expires; checksum (SHA256) of the object being processed; information about file signature check results; format of the object being processed; certificate owner name and settings; Software vendor name; data of the internal log, generated by the anti-virus Software module for an object being processed; storage time for object being processed; type of the triggered Software anti-virus databases record; web address being processed; timestamp of the triggered record in the Software's anti-virus databases; ID of the triggered record in the Software's anti-virus databases; web address of the source of the web service request (referer); confidence of detecting access to the phishing web service; weight of the detected access to the phishing web service; debug detection indicator; phishing attack target; information on who signed the file being processed; date and time of linking the executable file; accessed IPv4 address of the web service; entropy of the file being processed; attributes of executable file being processed; result of status check in KSN of an object being processed; names of the packers that packed the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; flag indicating an application which runs automatically at startup; command line; flag indicating whether the object being processed is a PE file; detect characteristics; date and time of creating an executable file being processed; directory code; result of certificate verification; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking; object type code; ID of the task in which detection was performed; checksum (MD5) of the object being processed; data of the intercepted DHCP package from the device; release date and time of the Software's databases; protocol ID; source of the web-traffic being processed: local host or remote host; detect location within the web traffic being processed; direction of a network connection; IP address of the attacker; local port that was attacked; vulnerability danger class; vulnerability ID; trust indicator of the processed object according to KSN; line number of the source file in the exception handler; protocol processing error type; flag indication, describing the source of the web-traffic being processed (server or client); type of the triggered Software anti-virus databases record; accessed address of the web service (URL, IP); checksum (MD5) of the mask that blocked the web service; accessed IPv6 address of the web service; number of the detected software in the System Watcher context; date and time of detecting software by System Watcher; reason of detecting software by System Watcher; number of software runs since the last time the file checksum was sent; result of the module integrity check.
• Information about accessing a web service: accessed IPv6 address of the web service; accessed IPv4 address of the web service; type of client used to access the web service; web address of the source of the web service request (referer); DNS address of the web service being accessed; information about the client that uses a network protocol (user agent); host source; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; text of the error message; web address being processed; error type; http request method; error code; logon session key; encryption algorithm for the logon session key; type of the decision on a web address being processed; reason for blocking access to the web service; category of reason for blocking access to the web service; accessed IPv4 address of the web service; accessed IPv6 address of the web service; web address being processed.
• Information about the Rightholder's installed Software: full version of the Software; type of the installed Software; Software update ID; Software installation ID (PCID); release date and time of the Software's databases; version of the Software's component; timestamp of the Software databases; attribute of an object being processed, that allowed to recall the false positive decision on the object; update task type; Software health status after update; error code of the update task; version of the updater component; number of update installation error for the updater component; number of failed update installations for the updater component; full version of the Software before update; text of the error message; type of the triggered Software anti-virus databases record; timestamp of the triggered record in the Software's anti-virus databases; technical specifications of the applied detection technologies; Software database record version; ID of the triggered record in the Software's anti-virus databases.
• Information about the device: OS ID; version of the operating system installed on the user's computer; operating system bit version; device ID; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS Service Pack version; device type define method; device name define method; device type; method used to define vendor of the device or network card detection; number of symbols in the device name; vendor of the device or network card; flag indicating if detected host name is the same as user's host name; operating system family; OS family detection method; first 5 bytes of device MAC address; OS error code; number of symbols in the device name; device type; vendor of the device or network card; operating system family; data of the intercepted DHCP package from the device; version of the Software's component; first 5 bytes of device MAC address.

Your Choice to Participate
It is entirely Your choice to automatically send data to the Rightholder on a regular basis under this Statement. You can withdraw Your consent at any time in the settings of the Software as described in the User Manual.

Please keep in mind that data processing by the Rightholder is based on legal bases, such as legitimate interest according to point (f) of Article 6 (1) of the EU General Data Protection Regulation (GDPR) or contract, as well as your given consent. This is why when you decide to withdraw your consent or your license agreement expires, certain data already received may still be processed under legitimate interest for the purposes described in the Privacy Policy at https://www.kaspersky.com/Products-and-Services-Privacy-Policy, except where such legitimate interest is overridden by the interests or fundamental rights and freedoms of the User. If You wish to object to such data processing, You must inform us in the manner specified in the Privacy Policy. When your license agreement expires or you withdraw your consent, the Rightholder will not receive new data from you.


© 2022 AO Kaspersky Lab
