Kaspersky Anti Targeted Attack Platform
7.0
English

Contents

Data in alerts and events

Event data is saved in binary form in the folder C:\ProgramData\Kaspersky Lab\Endpoint Agent\protected\kata in open non-encrypted form.

Event data can contain information related to the following:

  • Data on executable modules.
  • Data on network connections.
  • About the operating system that is installed on the computer with Kaspersky Endpoint Agent.
  • Data on user sessions in the operating system.
  • Data on operating system user accounts.
  • Data on Windows event log.
  • About alerts of Kaspersky Endpoint Security for Windows.
  • About organizational units (OU) of Active Directory.
  • HTTP protocol headers.
  • Fully qualified domain name of the computer.
  • MD5- and SHA256 hash of files and their fragments.
  • Unique ID of the computer with Kaspersky Endpoint Agent.
  • Unique IDs of certificates.
  • Certificate publisher.
  • Certificate subject.
  • Name of the algorithm used to generate the certificate fingerprint.
  • Address and port of the local network interface.
  • Address and port of the remote network interface.
  • Application vendor.
  • Application name.
  • Name of the Windows registry variable.
  • Path to the Windows registry key.
  • Windows registry variable data.
  • Name of the detected object.
  • Kaspersky Security Center Network Agent ID.
  • Contents of the hosts file.
  • Process start command line.

See also

Data received from the Central Node component

Data contained in task completion reports

Data contained in an install log

Data on files that are blocked from starting

Data related to the performance of tasks
Page top
[Topic 194534]