﻿KASPERSKY SECURITY NETWORK (KSN) STATEMENT

All terms used in this Kaspersky Security Network Statement (hereinafter "Statement") have the same meaning defined in the End User License Agreement (EULA) under the paragraph "Definitions".

Please carefully read the terms of this Statement, as well as all documents referred to in this Statement, before accepting it. If the Software is used within a legal entity or on the Computer used by several individuals, You must ensure that they have understood and accepted the conditions of this Statement before data processing begins.

Data Protection and Processing
The Rightholder handles the data it receives from the End User under this Statement in accordance with the Rightholder's Privacy Policy published at: https://www.kaspersky.com/Products-and-Services-Privacy-Policy.

Purposes of Data Processing
Use of the KSN may increase the Software's speed of reaction to information and network security threats. It is achieved by:
• Determining the reputation of scanned objects
• Identifying information security threats that are new and challenging to detect, and their sources
• Reducing the likelihood of false positives
• Increasing the efficiency of Software components
• Investigating of infection of a user's computer
• Improving the performance of the Rightholder's Software
• Receiving reference information about the number of objects with known reputation
• Improving the quality of Rightholder's Software

Processed Data 
Certain data which is processed under this Statement could be considered personal data according to laws of some countries.

The data to be processed depend on which Software You use or later switch to.
• Kaspersky Standard

With Your consent, the following data will be automatically sent on a regular basis to the Rightholder under this Statement:
• Information about the User environment: browser type; browser version; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); flag indicating whether the DNS domain exists; Wi-Fi network authentication type; list of available Wi-Fi networks and their settings; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; user classification of the Wi-Fi network; Wi-Fi network encryption type; local time of the start and end of the Wi-Fi network connection; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi signal strength; Wi-Fi network name; Software vendor name; parent application name; network category specified in Kaspersky VPN Secure Connection (home, work, public); network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe).
• Information about the operation of the Safe Money component: actions performed with the web address in the Software settings; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; indicator of remembered choice of action location for the web service; indicator of presence of web address in the Safe Money database.
• Information about the use of Kaspersky Security Network (KSN): protocol used to exchange data with KSN; ID of the KSN service accessed by the Software; date and time when statistics stopped being received; number of KSN connections taken from the cache; number of requests for which a response was found in the local request database; number of unsuccessful KSN connections; number of unsuccessful KSN transactions; temporal distribution of cancelled requests to KSN; temporal distribution of unsuccessful KSN connections; temporal distribution of unsuccessful KSN transactions; temporal distribution of successful KSN connections; temporal distribution of successful KSN transactions; temporal distribution of successful requests to KSN; temporal distribution of requests to KSN that timed out; number of new KSN connections; number of unsuccessful requests to KSN caused by routing errors; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; number of successful KSN connections; number of successful KSN transactions; total number of requests to KSN; date and time when statistics started being received.
• Information about the use of the application user interface, information about User opinion about the software: user's choice regarding controlling device connections to the home Wi-Fi network; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking.
• Information about an object being processed: fragment content of the object being processed; date and time when the certificate expires; ID of the triggered record in the Software's anti-virus databases; local port that was attacked; ID of the account under which the controlled process was started; ID of the key from the keystore used for encryption; fragment order in the object being processed; data of the internal log, generated by the anti-virus Software module for an object being processed; result of certificate verification; certificate issuer name; public key of the certificate; calculation algorithm of public key of the certificate; certificate serial number; date and time of signing the object; certificate owner name and settings; digital certificate thumbprint of the scanned object and hashing algorithm; date and time of the last modification of the object being processed; date and time of creating an object being processed; detect characteristics; objects or its parts being processed; attributes of executable file being processed; date and time of creating an executable file being processed; description of an object being processed as defined in the object properties; entropy of the file being processed; format of the object being processed; checksum type for the object being processed; the result of status check in KSN of an object being processed; trust indicator of the processed object according to KSN; date and time of linking the executable file; checksum (MD5) of the object being processed; name of the object being processed; names of the packers that packed the object being processed; flag indicating whether the object being processed is a PE file; checksum (MD5) of the mask that blocked the web service; checksum (SHA256) of the object being processed; information on who signed the file being processed; size of the object being processed; a flag indicating an application which runs automatically at startup; name of the detected malware or legitimate software that can be used to damage the user's device or data; object type code; the Software's decision on the object being processed; version of the object being processed; source of the decision made for the object being processed; checksum of the object being processed; checksum (MD5) of the object being processed; path to the object being processed; directory code; command line; information about file signature check results; vulnerability ID; vulnerability danger class; notification type, that triggered the statistic sending; logon session key; encryption algorithm for the logon session key; IP address of the attacker; debug detection indicator; attribute of an object being processed, that allowed to recall the false positive decision on the object; ID of the task in which detection was performed; confidence of detecting access to the phishing web service; phishing attack target; weight of the detected access to the phishing web service; protocol ID; storage time for object being processed; algorithm for calculating the digital certificate thumbprint; web address being processed; information about the client that uses a network protocol (user agent).
• Information about accessing a web service: type of the decision on a web address being processed; accessed address of the web service (URL, IP); type of client used to access the web service; reason for blocking access to the web service; category of reason for blocking access to the web service; DNS address of the web service being accessed; host source; accessed IPv4 address of the web service; accessed IPv6 address of the web service; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; web address of the source of the web service request (referer); web address being processed.
• Information about the Rightholder's installed Software: date and time when the certificate was issued; the Software database record ID; type of the triggered Software anti-virus databases record; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; release date and time of the Software's databases; timestamp of the Software databases; information on who signed the file being processed; command line; version of the Software's component; full version of the Software; Software update ID; Software installation ID (PCID); Software health status after update; type of installed Software; statistics message type; version of the statistics being sent; version of the updater component.
• Information about the device: detected device type; device ID; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS ID; OS Service Pack version; flag indicating whether the device is plugged in; version of the operating system installed on the user's computer; operating system bit version; OS edition.
• Other information: ID of the account under which the controlled process was started; directory code; command line; object time in the buffer; the technical specifications of the applied detection technologies; number of failed update installations for the updater component; number of update installation error for the updater component; error code of the update task; update task type.

• Kaspersky Plus or Kaspersky Premium

With Your consent, the following data will be automatically sent on a regular basis to the Rightholder under this Statement:
• Information about the User environment: browser type; browser version; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); flag indicating whether the DNS domain exists; Wi-Fi network authentication type; list of available Wi-Fi networks and their settings; checksum (MD5 with salt) of the MAC address of the access point; checksum (SHA256 with salt) of the MAC address of the access point; user classification of the Wi-Fi network; Wi-Fi network encryption type; local time of the start and end of the Wi-Fi network connection; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; Wi-Fi signal strength; Wi-Fi network name; Software vendor name; parent application name; network category specified in Kaspersky VPN Secure Connection (home, work, public); network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe).
• Information about the operation of the Safe Money component: actions performed with the web address in the Software settings; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; indicator of remembered choice of action location for the web service; indicator of presence of web address in the Safe Money database.
• Information about the use of Kaspersky Security Network (KSN): protocol used to exchange data with KSN; ID of the KSN service accessed by the Software; date and time when statistics stopped being received; number of KSN connections taken from the cache; number of requests for which a response was found in the local request database; number of unsuccessful KSN connections; number of unsuccessful KSN transactions; temporal distribution of cancelled requests to KSN; temporal distribution of unsuccessful KSN connections; temporal distribution of unsuccessful KSN transactions; temporal distribution of successful KSN connections; temporal distribution of successful KSN transactions; temporal distribution of successful requests to KSN; temporal distribution of requests to KSN that timed out; number of new KSN connections; number of unsuccessful requests to KSN caused by routing errors; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; number of successful KSN connections; number of successful KSN transactions; total number of requests to KSN; date and time when statistics started being received.
• Information about the use of the application user interface, information about User opinion about the software: user's choice regarding controlling device connections to the home Wi-Fi network; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking.
• Information about an object being processed: fragment content of the object being processed; date and time when the certificate expires; ID of the triggered record in the Software's anti-virus databases; local port that was attacked; ID of the account under which the controlled process was started; ID of the key from the keystore used for encryption; fragment order in the object being processed; data of the internal log, generated by the anti-virus Software module for an object being processed; result of certificate verification; certificate issuer name; public key of the certificate; calculation algorithm of public key of the certificate; certificate serial number; date and time of signing the object; certificate owner name and settings; digital certificate thumbprint of the scanned object and hashing algorithm; date and time of the last modification of the object being processed; date and time of creating an object being processed; detect characteristics; objects or its parts being processed; attributes of executable file being processed; date and time of creating an executable file being processed; description of an object being processed as defined in the object properties; entropy of the file being processed; format of the object being processed; checksum type for the object being processed; the result of status check in KSN of an object being processed; trust indicator of the processed object according to KSN; date and time of linking the executable file; checksum (MD5) of the object being processed; name of the object being processed; names of the packers that packed the object being processed; flag indicating whether the object being processed is a PE file; checksum (MD5) of the mask that blocked the web service; checksum (SHA256) of the object being processed; information on who signed the file being processed; size of the object being processed; a flag indicating an application which runs automatically at startup; name of the detected malware or legitimate software that can be used to damage the user's device or data; object type code; the Software's decision on the object being processed; version of the object being processed; source of the decision made for the object being processed; checksum of the object being processed; checksum (MD5) of the object being processed; path to the object being processed; directory code; command line; information about file signature check results; vulnerability ID; vulnerability danger class; notification type, that triggered the statistic sending; logon session key; encryption algorithm for the logon session key; IP address of the attacker; debug detection indicator; attribute of an object being processed, that allowed to recall the false positive decision on the object; ID of the task in which detection was performed; confidence of detecting access to the phishing web service; phishing attack target; weight of the detected access to the phishing web service; protocol ID; storage time for object being processed; algorithm for calculating the digital certificate thumbprint; web address being processed; information about the client that uses a network protocol (user agent).
• Information about accessing a web service: data of the intercepted DHCP package from the device; type of the decision on a web address being processed;  accessed address of the web service (URL, IP); type of client used to access the web service; reason for blocking access to the web service; category of reason for blocking access to the web service; DNS address of the web service being accessed; host source; accessed IPv4 address of the web service; accessed IPv6 address of the web service; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; web address of the source of the web service request (referer); web address being processed.
• Information about the Rightholder's installed Software: date and time when the certificate was issued; the Software database record ID; type of the triggered Software anti-virus databases record; ID of the triggered record in the Software's anti-virus databases; timestamp of the triggered record in the Software's anti-virus databases; type of the triggered record in the Software's anti-virus databases; release date and time of the Software's databases; timestamp of the Software databases; information on who signed the file being processed; command line; version of the Software's component; full version of the Software; Software update ID; Software installation ID (PCID); Software health status after update; type of installed Software; statistics message type; version of the statistics being sent; version of the updater component.
• Information about the device: detected device type; number of symbols in the device name; device type; vendor of the device or network card; device ID; operating system family; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS ID; OS Service Pack version; flag indicating whether the device is plugged in; version of the operating system installed on the user's computer; operating system bit version; OS edition; first 5 bytes of device MAC address; OS family detection method; device type define method; device name define method; method used to define vendor of the device or network card detection; flag indicating if detected host name is the same as user's host name; operating system family; device type.
• Other information: ID of the account under which the controlled process was started; directory code; command line; object time in the buffer; the technical specifications of the applied detection technologies; number of failed update installations for the updater component; number of update installation error for the updater component; error code of the update task; update task type.

Your Choice to Participate
It is entirely Your choice to automatically send data to the Rightholder on a regular basis under this Statement. You can withdraw Your consent at any time in the settings of the Software as described in the User Manual.

© 2021 AO Kaspersky Lab
