﻿Kaspersky Security Network Statement

A. INTRODUCTION

Please read this document thoroughly. It provides important information that you should be acquainted with before continuing to use our services or software. We reserve the right to modify this Statement at any time by making changes to this page.

AO Kaspersky Lab (further Kaspersky) has created this Statement in order to inform and disclose its data gathering and dissemination practices for the Software.

Kaspersky has a strong commitment to providing superior service to all of our customers and particularly respecting your concerns about Data Processing.

This Statement contains numerous general and technical details describing the steps we take to respect your Data Processing concerns. Meeting your needs and expectations forms the foundation of everything we do – including protecting your Data.

The Kaspersky Security Network service allows users of Kaspersky security products from around the world to help facilitate identification and reduce the time it takes to provide protection against new ("in the wild") security risks targeting your computer, which helps to identify new threats and their sources and to help improve a user's security level. Such information is utilized by Kaspersky for no other purposes but to enhance its security products and to further advance solutions against malicious threats and viruses. 

By participating in Kaspersky Security Network, you and the other users of Kaspersky security products from around the world contribute significantly to a safer Internet environment.

Legal Issues (if applicable)

Kaspersky Security Network may be subject to the laws of several jurisdictions because its services may be used in different jurisdictions, including the United States of America. Kaspersky shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Kaspersky guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Kaspersky Security Network may vary by country.

Kaspersky Security Network shall duly inform the users concerned when initially processing the above-mentioned information of any sharing of such information and shall allow these Internet users to opt in (in the EU Member States and other countries requiring opt-in procedures) or opt out (for all other countries) online from the commercial use of this data and/or the transmission of this data to third parties.

Kaspersky may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate documentation. Kaspersky may also provide information to law enforcement to protect its property and the health and safety of individuals as permitted by statute.

B. RECEIVED INFORMATION
The data to be processed depend on which Software You use or later switch to.

• Kaspersky Standard

In order to increase the Software's speed of reaction to information and network security threats, to investigate of infection of a user's computer as well as to improve the quality of Kaspersky products, the User agrees to provide the following information:

• Information on interaction with Web portal: code of the error category; token type; token used for authentication in the Rightholder's services; unique request ID to the Rightholder services; error code; total duration of request processing; token TTL; type of the installed Software; path to the object being processed; line number of the source file in the exception handler; response status of the Rightholder's service.
• Information about the user: type of the user that performs the action with the weak security setting.
• Information about the User environment: OS ID; OS edition; version of the operating system installed on the user's computer; OS Service Pack version; operating system bit version; browser version; browser type; flag indicating whether the device is plugged in; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; list of available Wi-Fi networks and their settings; checksum (SHA256 with salt) of the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network name; local time of the start and end of the Wi-Fi network connection; detected device type; status of VPN client settings; user's choice regarding controlling device connections to the home Wi-Fi network; network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe); network category specified in Kaspersky VPN Secure Connection (home, work, public); Wi-Fi signal strength; checksum (MD5 with salt) of the MAC address of the access point; Wi-Fi network authentication type; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network encryption type; flag indicating whether the DNS domain exists; user classification of the Wi-Fi network; ID of the key from the keystore used for encryption.
• Information about the operation of the Safe Money component: indicator of presence of web address in the Safe Money database; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; actions performed with the web address in the Software settings; web address being processed; web address of the source of the web service request (referer); indicator of remembered choice of action location for the web service.
• Information about the use of Kaspersky Security Network (KSN): source of the decision made for the object being processed; protocol used to exchange data with KSN; Software database record ID; version of the statistics being sent; detect characteristics; notification type, that triggered the statistic sending; temporal distribution of unsuccessful KSN transactions; number of unsuccessful KSN connections; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; temporal distribution of successful KSN connections; number of unsuccessful KSN transactions; number of successful KSN transactions; temporal distribution of unsuccessful KSN connections; temporal distribution of requests to KSN that timed out; temporal distribution of successful requests to KSN; number of new KSN connections; temporal distribution of successful KSN transactions; number of KSN connections taken from the cache; ID of the KSN service accessed by the Software; number of unsuccessful requests to KSN caused by routing errors; total number of requests to KSN; temporal distribution of canceled requests to KSN; number of requests for which a response was found in the local request database; date and time when statistics stopped being received; number of successful KSN connections; date and time when statistics started being received; statistics message type; object time in the buffer; error code.
• Information about an object being processed: object being processed; checksum of the object being processed; fragment content of the object being processed; checksum type for the object being processed; source of the decision made for the object being processed; size of the object being processed; checksum of the object being processed; Software verdict on the object being processed; fragment order in the object being processed; objects or its parts being processed; file of the web page being processed; fragment content of the object being processed; file of the email message being processed; ID of the key from the keystore used for encryption; logon session key; encryption algorithm for the logon session key; ID of the account under which the controlled process was started; timestamp of the Software databases; certificate issuer name; date and time of creating an object being processed; algorithm for calculating the digital certificate thumbprint; public key of the certificate; parent application name; description of an object being processed as defined in the object properties; certificate serial number; path to the object being processed; name of the object being processed; date and time when the certificate was issued; calculation algorithm of public key of the certificate; date and time of the last modification of the object being processed; version of the object being processed; date and time of signing the object; checksum (MD5) of the object being processed; digital certificate thumbprint of the scanned object and hashing algorithm; date and time when the certificate expires; checksum (SHA256) of the object being processed; information about file signature check results; format of the object being processed; certificate owner name and settings; Software vendor name; data of the internal log, generated by the anti-virus Software module for an object being processed; storage time for object being processed; type of the triggered Software anti-virus databases record; web address being processed; timestamp of the triggered record in the Software's anti-virus databases; ID of the triggered record in the Software's anti-virus databases; web address of the source of the web service request (referer); confidence of detecting access to the phishing web service; weight of the detected access to the phishing web service; debug detection indicator; phishing attack target; information on who signed the file being processed; date and time of linking the executable file; accessed IPv4 address of the web service; entropy of the file being processed; attributes of executable file being processed; result of status check in KSN of an object being processed; names of the packers that packed the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; flag indicating an application which runs automatically at startup; command line; flag indicating whether the object being processed is a PE file; detect characteristics; date and time of creating an executable file being processed; directory code; result of certificate verification; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking; object type code; ID of the task in which detection was performed; checksum (MD5) of the object being processed; release date and time of the Software's databases; protocol ID; source of the web-traffic being processed: local host or remote host; detect location within the web traffic being processed; direction of a network connection; IP address of the attacker; local port that was attacked; vulnerability danger class; vulnerability ID; trust indicator of the processed object according to KSN; line number of the source file in the exception handler; protocol processing error type; flag indication, describing the source of the web-traffic being processed (server or client); type of the triggered Software anti-virus databases record; accessed address of the web service (URL, IP); checksum (MD5) of the mask that blocked the web service; accessed IPv6 address of the web service; number of the detected software in the System Watcher context; date and time of detecting software by System Watcher; reason of detecting software by System Watcher; number of software runs since the last time the file checksum was sent; result of the module integrity check; type of the decision on a web address being processed.
• Information about accessing a web service: accessed IPv6 address of the web service; accessed IPv4 address of the web service; type of client used to access the web service; web address of the source of the web service request (referer); DNS address of the web service being accessed; information about the client that uses a network protocol (user agent); host source; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; text of the error message; web address being processed; error type; http request method; error code; logon session key; encryption algorithm for the logon session key; reason for blocking access to the web service; category of reason for blocking access to the web service; accessed IPv4 address of the web service; accessed IPv6 address of the web service; web address being processed.
• Information about the Rightholder's installed Software: full version of the Software; type of the installed Software; Software update ID; Software installation ID (PCID); release date and time of the Software's databases; version of the Software's component; timestamp of the Software databases; attribute of an object being processed, that allowed to recall the false positive decision on the object; update task type; Software health status after update; error code of the update task; version of the updater component; number of update installation error for the updater component; number of failed update installations for the updater component; full version of the Software before update; text of the error message; type of the triggered Software anti-virus databases record; timestamp of the triggered record in the Software's anti-virus databases; result of the task of scanning weak security settings; type of scan task that detected the weak setting; Software database record version; ID of the triggered record in the Software's anti-virus databases; version of the Software's component.
• Information about the device: device ID; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS Service Pack version; OS error code; action performed with the detected weak security setting; ID of the weak security setting.

• Kaspersky Plus or Kaspersky Premium

In order to increase the Software's speed of reaction to information and network security threats, to investigate of infection of a user's computer as well as to improve the quality of Kaspersky products, the User agrees to provide the following information:

• Information on interaction with Web portal: code of the error category; token type; token used for authentication in the Rightholder's services; unique request ID to the Rightholder services; error code; total duration of request processing; token TTL; type of the installed Software; path to the object being processed; line number of the source file in the exception handler; response status of the Rightholder's service.
• Information about the user: type of the user that performs the action with the weak security setting.
• Information about the User environment: OS ID; OS edition; version of the operating system installed on the user's computer; OS Service Pack version; operating system bit version; browser version; browser type; flag indicating whether the device is plugged in; DHCP settings (checksums of gateway local IPv6, DHCP IPv6, DNS1 IPv6, DNS2 IPv6; checksum of network prefix length; checksum of local address IPv6); DHCP settings (checksums of the local IP address of the gateway, DHCP IP, DNS1 IP, DNS2 IP, and subnet mask); Wi-Fi network ID based on the Wi-Fi network name and the MAC address of the access point; list of available Wi-Fi networks and their settings; checksum (SHA256 with salt) of the MAC address of the access point; Wi-Fi network ID based on the Wi-Fi network name; Wi-Fi network name; local time of the start and end of the Wi-Fi network connection; detected device type; status of VPN client settings; user's choice regarding controlling device connections to the home Wi-Fi network; network category specified in Kaspersky VPN Secure Connection (unknown, safe, unsafe); network category specified in Kaspersky VPN Secure Connection (home, work, public); Wi-Fi signal strength; checksum (MD5 with salt) of the MAC address of the access point; Wi-Fi network authentication type; Wi-Fi network ID based on the MAC address of the access point; Wi-Fi network encryption type; flag indicating whether the DNS domain exists; user classification of the Wi-Fi network; ID of the key from the keystore used for encryption.
• Information about the operation of the Safe Money component: indicator of presence of web address in the Safe Money database; indicator of action location when starting protected browser in Safe Money; start mode of the Safe Money component for the web service; actions performed with the web address in the Software settings; web address being processed; web address of the source of the web service request (referer); indicator of remembered choice of action location for the web service.
• Information about the use of Kaspersky Security Network (KSN): source of the decision made for the object being processed; protocol used to exchange data with KSN; Software database record ID; version of the statistics being sent; detect characteristics; notification type, that triggered the statistic sending; temporal distribution of unsuccessful KSN transactions; number of unsuccessful KSN connections; number of unsuccessful requests caused by KSN being disabled in the Software settings; number of unsuccessful requests to KSN caused by network problems; temporal distribution of successful KSN connections; number of unsuccessful KSN transactions; number of successful KSN transactions; temporal distribution of unsuccessful KSN connections; temporal distribution of requests to KSN that timed out; temporal distribution of successful requests to KSN; number of new KSN connections; temporal distribution of successful KSN transactions; number of KSN connections taken from the cache; ID of the KSN service accessed by the Software; number of unsuccessful requests to KSN caused by routing errors; total number of requests to KSN; temporal distribution of canceled requests to KSN; number of requests for which a response was found in the local request database; date and time when statistics stopped being received; number of successful KSN connections; date and time when statistics started being received; statistics message type; object time in the buffer; error code.
• Information about an object being processed: fragment content of the object being processed; checksum type for the object being processed; source of the decision made for the object being processed; size of the object being processed; checksum of the object being processed; Software verdict on the object being processed; fragment order in the object being processed; objects or its parts being processed; file of the web page being processed; fragment content of the object being processed; file of the email message being processed; ID of the key from the keystore used for encryption; logon session key; encryption algorithm for the logon session key; ID of the account under which the controlled process was started; timestamp of the Software databases; certificate issuer name; date and time of creating an object being processed; algorithm for calculating the digital certificate thumbprint; public key of the certificate; parent application name; description of an object being processed as defined in the object properties; certificate serial number; path to the object being processed; name of the object being processed; date and time when the certificate was issued; calculation algorithm of public key of the certificate; date and time of the last modification of the object being processed; version of the object being processed; date and time of signing the object; checksum (MD5) of the object being processed; digital certificate thumbprint of the scanned object and hashing algorithm; date and time when the certificate expires; checksum (SHA256) of the object being processed; information about file signature check results; format of the object being processed; certificate owner name and settings; Software vendor name; data of the internal log, generated by the anti-virus Software module for an object being processed; storage time for object being processed; type of the triggered Software anti-virus databases record; web address being processed; timestamp of the triggered record in the Software's anti-virus databases; ID of the triggered record in the Software's anti-virus databases; web address of the source of the web service request (referer); confidence of detecting access to the phishing web service; weight of the detected access to the phishing web service; debug detection indicator; phishing attack target; information on who signed the file being processed; date and time of linking the executable file; accessed IPv4 address of the web service; entropy of the file being processed; attributes of executable file being processed; result of status check in KSN of an object being processed; names of the packers that packed the object being processed; name of the detected malware or legitimate software that can be used to damage the user's device or data; flag indicating an application which runs automatically at startup; command line; flag indicating whether the object being processed is a PE file; detect characteristics; date and time of creating an executable file being processed; directory code; result of certificate verification; category of the service that provides user behavior tracking, specified in the Software settings; name of the service that provides user behavior tracking; object type code; ID of the task in which detection was performed; checksum (MD5) of the object being processed; data of the intercepted DHCP package from the device; release date and time of the Software's databases; protocol ID; source of the web-traffic being processed: local host or remote host; detect location within the web traffic being processed; direction of a network connection; IP address of the attacker; local port that was attacked; vulnerability danger class; vulnerability ID; trust indicator of the processed object according to KSN; line number of the source file in the exception handler; protocol processing error type; flag indication, describing the source of the web-traffic being processed (server or client); type of the triggered Software anti-virus databases record; accessed address of the web service (URL, IP); checksum (MD5) of the mask that blocked the web service; accessed IPv6 address of the web service; number of the detected software in the System Watcher context; date and time of detecting software by System Watcher; reason of detecting software by System Watcher; number of software runs since the last time the file checksum was sent; checksum type for the object being processed; checksum (SHA256) of the object being processed; size of the object being processed; Software verdict on the object being processed; source of the decision made for the object being processed; checksum of the object being processed; result of the module integrity check; type of the decision on a web address being processed; web address being processed.
• Information about accessing a web service: accessed IPv6 address of the web service; accessed IPv4 address of the web service; type of client used to access the web service; web address of the source of the web service request (referer); DNS address of the web service being accessed; information about the client that uses a network protocol (user agent); host source; indicator showing that the message is a part of a bundle of messages belonging to one access to the web service; text of the error message; web address being processed; error type; http request method; error code; logon session key; encryption algorithm for the logon session key; reason for blocking access to the web service; category of reason for blocking access to the web service; accessed IPv4 address of the web service; accessed IPv6 address of the web service.
• Information about the Rightholder's installed Software: full version of the Software; type of the installed Software; Software update ID; Software installation ID (PCID); release date and time of the Software's databases; version of the Software's component; timestamp of the Software databases; attribute of an object being processed, that allowed to recall the false positive decision on the object; update task type; Software health status after update; error code of the update task; version of the updater component; number of update installation error for the updater component; number of failed update installations for the updater component; full version of the Software before update; text of the error message; type of the triggered Software anti-virus databases record; timestamp of the triggered record in the Software's anti-virus databases; result of the task of scanning weak security settings; type of scan task that detected the weak setting; Software database record version; ID of the triggered record in the Software's anti-virus databases; version of the Software's component.
• Information about the device: device ID; OS version, OS build number, OS update number, OS edition, extended information about the OS edition; OS Service Pack version; device type define method; device name define method; device type; method used to define vendor of the device or network card detection; number of symbols in the device name; vendor of the device or network card; flag indicating if detected host name is the same as user's host name; operating system family; OS family detection method; first 5 bytes of device MAC address; OS error code; action performed with the detected weak security setting; ID of the weak security setting.

The Kaspersky Security Network service may process and submit whole files, for example, objects detected through malicious links which might be used by criminals to harm your computer and/or their parts, to Kaspersky for additional examination.

Additionally, to investigate of infection of a user's computer, trusted executable and non-executable files, application activity reports, portions of the computer's RAM, and the operating system's boot sector may be sent, as well as the following information about files and processes:
• The names and paths of the files that were accessed by the process.
• URL- and IP addresses that were accessed by the process.
• URL- and IP addresses from which the running file was downloaded. 

Kaspersky protects the information received in accordance with applicable governing law and Kaspersky rules. Data is transmitted over a secure channel.

Securing the Transmission and Storage of Data

Kaspersky is committed to protecting the security of the information it processes. The information processed is stored on computer servers with limited and controlled access. Kaspersky operates secure data networks protected by industry-standard firewall and password protection systems. Kaspersky uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Kaspersky takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our products or services, including without limitation Kaspersky Security Network, and you use all these services at your own risk.

We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Kaspersky employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Kaspersky does not combine the data stored by Kaspersky Security Network with any data, contact lists, or subscription information that is processed by Kaspersky for promotional or other purposes.

C. USE OF THE PROCESSED DATA

Kaspersky processes the data in order to analyze and identify the source of potential security risks, and to improve the ability of Kaspersky products to detect malicious behavior, fraudulent websites, crimeware, and other types of Internet security threats to provide the best possible level of protection to Kaspersky customers in the future.

Disclosure of Information to Third Parties

Kaspersky may disclose any of the information processed if asked to do so by a law enforcement official as required or permitted by law, in response to a subpoena or other legal process or if we believe in good faith that we are required to do so in order to comply with applicable law, regulation, subpoena, or other legal process or enforceable government request. Kaspersky may also disclose information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating this Statement, the terms of your agreements with the Company or to protect the safety of our users and the public or under confidentiality and licensing agreements with certain third parties which assist us in developing, operating and maintaining the Kaspersky Security Network. In order to promote awareness, detection and prevention of Internet security risks, Kaspersky may share certain information with research organizations and other security software vendors. Kaspersky may also make use of statistics derived from the information processed to track and publish reports on security risk trends.

D. DATA PROCESSING – RELATED INQUIRIES AND COMPLAINTS

Kaspersky takes and addresses its users' Data Processing concerns with utmost respect and attention. If you believe that there was an instance of non-compliance with this Statement with regard to your information or data, or you have other related inquiries or concerns, you may write or contact Kaspersky by email: support@kaspersky.com.

In your message, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry or complaint promptly.

CHOICES AVAILABLE TO YOU

In case of refusal to participate in KSN the above data is not transmitted. The data is processed and stored in a restricted and protected partition on the user's computer. This data cannot be restored after uninstallation. If you agree to participate in KSN, the data is transferred to Kaspersky for the above purposes.

Kaspersky protects the information received in accordance with applicable governing law and Kaspersky rules. Data is transmitted over a secure channel.

Participation in Kaspersky Security Network is optional. You can activate and deactivate the Kaspersky Security Network service at any time by altering the Feedback settings on your Kaspersky product's option's tab. Please note, however, if you choose to deactivate the Kaspersky Security Network service, we may not be able to provide you with some of the services dependent upon the processing of this data.

We also reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.

Kaspersky is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare.

© 2021 AO Kaspersky Lab