Kaspersky Endpoint Agent saves the values of settings received from the Central Node component on the hard disk of the computer. Data is saved in open non-encrypted form in the folder C:\ProgramData\Kaspersky Lab\Endpoint Agent\protected\data.
By default, only users with System and Administrator permissions have read-access to files when Self-Defense is enabled. When Self-Defense is disabled, users with System and Administrator permissions can also delete the files, modify their contents, and modify the access rights to them. The Kaspersky Endpoint Agent application does not manage access permissions to this folder or any files in it. It is the system administrator who determines access permissions.
The data is deleted when Kaspersky Endpoint Agent is removed.
Data received from the Central Node component may contain the following information:
Data on network connections.
Data on the operating system that is installed on the server with the Central Node component.
Data on operating system user accounts.
Data on user sessions in the operating system.
Data on Windows event log.
About a RT_VERSION resource.
About the contents of a PE file.
About operating system services.
Certificate of the server with the Central Node component.
URL- and IP addresses of visited websites.
HTTP protocol headers.
Computer name.
MD5 hashes of files.
Unique ID of the computer with Kaspersky Endpoint Agent.
Names and values of Windows registry keys.
Paths to Windows registry keys.
Names of Windows registry variables.
Name of the local DNS cache entry.
Address from the local DNS cache entry in IPv4 format.
IP address or name of the requested host from the local DNS cache.
Host of the local DNS cache element.
Domain name of the local DNS cache element.
Address of the ARP cache element in IPv4 format.
Physical address of the ARP cache element.
Serial number of the logical drive.
Home folder of the local user.
Name of the user account that started the process.
Path to the script that is run when the user logs in to the system.
Name of the user account under which the event occurred.
Name of the computer where the event occurred.
Full paths to files on computers with Kaspersky Endpoint Agent.
Names of files on computers with Kaspersky Endpoint Agent.
Masks of files on computers with Kaspersky Endpoint Agent.
Full names of folders on computers with Kaspersky Endpoint Agent.
Comments of the file publisher.
Mask of the process file image.
Path to the process file image that opened the port.
Name of the process that opened the port.
Local IP address of the port.
Trusted public key of the digital signature of executable modules.