﻿Kaspersky Security Network Statement

A. INTRODUCTION

Please read this document thoroughly. It provides important information that you should be acquainted with before continuing to use our services or software. We reserve the right to modify this Statement at any time by making changes to this page.

AO Kaspersky Lab (further Kaspersky Lab) has created this Statement in order to inform and disclose its data gathering and dissemination practices for Kaspersky Internet Security for Mac.

Kaspersky Lab has a strong commitment to providing superior service to all of our customers and particularly respecting your concerns about Data Processing. 

This Statement contains numerous general and technical details describing the steps we take to respect your Data Processing concerns. Meeting your needs and expectations forms the foundation of everything we do – including protecting your Data.

The Kaspersky Security Network service allows users of Kaspersky Lab security products from around the world to help facilitate identification and reduce the time it takes to provide protection against new ("in the wild") security risks targeting your computer, which helps to identify new threats and their sources and to help improve a user’s security level. Such information contains no personally identifiable information about the user and is utilized by Kaspersky Lab for no other purposes but to enhance its security products and to further advance solutions against malicious threats and viruses. 

By participating in Kaspersky Security Network, you and the other users of Kaspersky Lab security products from around the world contribute significantly to a safer Internet environment.

Legal Issues (if applicable)

Kaspersky Security Network may be subject to the laws of several jurisdictions because its services may be used in different jurisdictions, including the United States of America. Kaspersky Lab shall disclose information without your permission when required by law, or in good-faith belief that such action is necessary to investigate or protect against harmful activities to Kaspersky Lab guests, visitors, associates, property or to others. As mentioned above, laws related to data and information processed by Kaspersky Security Network may vary by country.

Kaspersky Security Network shall duly inform the users concerned when initially processing the above-mentioned information of any sharing of such information and shall allow these Internet users to opt in (in the EU Member States and other countries requiring opt-in procedures) or opt out (for all other countries) online from the commercial use of this data and/or the transmission of this data to third parties.

Kaspersky Lab may be required by law enforcement or judicial authorities to provide some information to appropriate governmental authorities. If requested by law enforcement or judicial authorities, we shall provide this information upon receipt of the appropriate documentation. Kaspersky Lab may also provide information to law enforcement to protect its property and the health and safety of individuals as permitted by statute.

B. RECEIVED INFORMATION

In order to increase the Software’s speed of reaction to information and network security threats, the User agrees to provide the following information:
1. Information about the operating system (OS) installed on the computer and installed updates.
2. Information about the Rightholder's installed software and the anti-virus protection status: the version of the Software, the unique software identifiers on the computer, information about updates. 
3. Information about all scanned objects and actions: name of the scanned object, date and time of the scan, URL and Referrer from which it was downloaded, names and size of scanned files and paths to them, archive flag, date and time of file creation, name of the packer (if the file was packed), file entropy, file type, file type code, identifier and format, URL from which the object was downloaded, object checksums (MD5, SHA256, Sha2), the type and value of the object's supplementary checksum, data about the object's digital signature (certificate), number of starts of the object since the last statistics were sent, task identifier of the software that performed the scan, file image size, PE-file header subsystem, PE-file header characteristics, number of sections, bit mask from DataDirectory, overlay size, number of found strings, number of found nonrandom strings, vector of DataDirectory objects sorted by RVA, vector of DataDirectory objects sorted by section numbers, cosine hash from the collected data, minwise hash from the collected data, identifier indicating whether the data sent in force mode, scan type, emulation depth, emulation version, compiler version, object hash, file entropy, frequency of 0s, frequency of numbers, 4-byte DWT vector, virtual section size, real section size, technical parameters of the applicable detection technologies. 
For executable files: sign of sending service information, reputation verification flag or file signature flag, name, type, ID, type, checksum (MD5) and the size of the application that was loaded by the object being validated, the application path and template paths, a sign of the Autorun list, date of entry, the list of attributes, name of the Packer, information about the digital signature of the application: the publisher certificate, the name of the uploaded file in the MIME format.
4. Information about the running applications and their modules: checksums (MD5, SHA256) of running files, size, attributes, creation date, and PE-file header information, names of packers (if the file was packed), code of the account under which the process has been started, command line parameters used to start the process, names of files and their modules, the checksums of the files (SHA256), running of the executable file, the identifier conditions for the formation of statistics based on the information provided, an identifier of the existence and validity of the data provided in the statistics.
5. Information about processes running on the system (process ID (PID), process name, information about the account the process was started from, the application and command that started the process, the full path to the process’s files, and the starting command line, an indication whether the process’s file has autorun status, a description of the product that the process belongs to (for example, the name of the product and information about the publisher), as well as digital certificates being used and information needed to verify their authenticity or information about the absence of a file’s digital signature), and information about the modules loaded into the processes: their names, sizes, types, creation dates, attributes, checksums (MD5, SHA2-256, SHA1), the paths to them, PE-file header information, names of packers (if the file was packed), IP-addresses (IPv4 or IPv6) of visited websites, the domain name, the method for determining the domain name, the sign indicating the domain name has entered the list, the name of the file of the process that opened the website, the size and checksums (MD5, SHA2-256) of the process’s file, the path to the process’s file and the template code of the file path, the result of the file’s certificate validation, the User Agent string, the storage duration of this information prior to being sent to KSN, the result of the file’s validation by KSN.
6. If threats or vulnerabilities are detected, in addition to information about the detected object, information is provided about the identifier, version, and type of the record in the anti-virus database, the name of the threat based on the Rightholder's classification, the checksum (MD5, SHA2-256, SHA1) of the application file that requested the URL where the threat was detected, the IP address (IPv4 or IPv6) of the detected threat, the identifier of the type of traffic on which the threat was detected, the vulnerability identifier and its threat level, the URL of the web page where the vulnerability was detected, the intermediate results of object analysis, and the flag for the silent detection of the object.
7. Information about network attacks: the IP address of the attacking computer and the port number at which the network attack is directed on the User's Computer, the identifier of the protocol used to carry out the attack, the name and type of attack, and information about the record in the anti-virus database.
8. The URL and IP address of the web page where harmful or suspicious content was detected, the name, size, and checksum of the file that requested the URL, the identifier and weight of the rule used to reach scanning results, the objective of the attack.
9. Information about changes made by the User in the list of websites protected by the Safe Money component: the URL of the website, a flag indicating that a website has been added, modified or deleted, information about whether the website was added in the Software window or via a browser, URL from which the User opened the website (if the website was added from a browser), information about whether the User chose to remember the change for the website (if the website was added from the browser), information about the mode in which Safe Money runs for the website.
10. Aggregated data from the results of scanning using the local and cloud KSN databases: the number of unique unknown objects, the number of unique trusted objects, the number unique untrusted objects; the total number of «unknown object», «trusted object» and «untrusted objects» statuses, the number of objects trusted based on validation of a certificate, designated as trusted based on a trusted URL, recognized as trusted based on the transfer of trust from a trusted process; the number of unknown objects for which no decision regarding trust has been made, the number of objects that the user has designated as trusted. 
11. Information about the use of Kaspersky Security Network (KSN): KSN identifier, software identifier, full version of the application, depersonalized IP address of the user’s device, indicators of the quality of fulfillment of KSN requests, indicators of the quality of the processing of KSN packets, indicators of the number of KSN requests and information about the types of KSN requests, date and time when statistics started being sent, date and time when statistics stopped being sent, KSN protocol version.
12. Information about the Private Browsing component: the Referrer from the http tracking request, the name of the service or organization which provides tracking services, the category of the tracking service in accordance with the Rightholder’s categorization, ID and the version of the browser, which opened the URL.
13. If a potentially malicious object is detected, information is provided about data in the processes’ memory, elements of the system object hierarchy (ObjectManager), data in UEFI BIOS memory, names of registry keys and their values.
14. Information about events in the systems logs: the event’s timestamp, the name of the log in which the event was found, type and category of the event, name of the event’s source and the event’s description.
15. Information about network connections: version and checksums (MD5, SHA2-256, SHA1) of the file from which process was started that opened the port, the path to the process’s file and its digital signature, local and remote IP-addresses, numbers of local and remote connection ports, connection state, timestamp of the port’s opening.
16. Information about the wireless network connection being used by the computer: the name of the wireless network, the checksum (MD5 and SHA256) of the MAC-address of the access point, flag indicating whether the computer is running on battery power or a stationary power supply, DNS flag, the type of the computer, information about wireless network type and security; the unique identifiers, made using a unique identifier of the computer, unique identifier of the software installation, name of the wireless network and MAC-address of the access point; information about the available wireless networks: the name of the wireless network, the MAC-address of the access point, information about the wireless network’s security and signal quality; flag for use of the VPN connection, the category of the wireless network specified in the software, DHCP settings, the checksum (SHA256) of the IP-address (IPv4 and IPv6) of the computer, the domain name and the checksum (SHA256) of the path from the URL-address of the captive portal; WPS settings of the access points: the checksums of the name and serial number of the wireless device, the number and name of the wireless device model, the name of its manufacturer; local time at the start and end of the wireless connection session, the list of available wireless access points and their parameters.
17. Information about Parental control component work: component version, categorization reason, additional information about categorization reason, categorized URL, host IP address of blocked/categorized object.

The Kaspersky Security Network service may process and submit whole files, for example, objects detected through malicious links which might be used by criminals to harm your computer and/or their parts, to Kaspersky Lab for additional examination.

Additionally, to prevent incidents and investigate those that do occur, trusted executable and non-executable files, application activity reports, portions of the computer's RAM, and the operating system's boot sector may be sent, as well as the following information about files and processes:
⁃ The names and paths of the files that were accessed by the process.
⁃ Names of registry keys and their values that were accessed by the process.
⁃ URL- and IP-addresses that were accessed by the process.
⁃ URL- and IP-addresses from which the running file was downloaded.

To improve the quality of Kaspersky Lab’s products, the User agrees to provide Kaspersky Lab with the following information:
⁃ Information about the use of the product's user interface: information about the opening of the interface's windows (identifiers and names of windows and used control elements) and switching between windows, information that determines the reason for opening a window, the date and time the interface was started and the stages of interface's startup, the time and type of the user's interaction with the interface, information about changes to settings and product parameters (the name of the setting or parameter, and the old and new values).
⁃ The ID of the application in interactive mode.
⁃ Information about updates of the installed Software and anti-virus databases: the IP address (IPv4 or IPv6) of the update source being used, the type of the update task, the number and total size of files downloaded during an update, the average download speed for the update files, the average speed for network operations during the update, the completion status of the update task, the type of an error that may occur during an update, the number of unsuccessful updates, the identifier of the product component that performs updates, and the database version and date of creation.
⁃ Information about the versions of the operating system and installed updates, current and default OS language settings, version and checksums (MD5, SHA2-256, SHA1) of the OS kernel file, parameters of the OS run mode.
⁃ Information about the software installed on the computer: the name of the software and the name of its publisher, information about registry keys and their values, information about software components files: checksums (MD5, SHA2-256, SHA1), name of a file, its path on the computer, size, version and digital signature.
⁃ Information about hardware installed on the computer: type, name, model name, firmware version, parameters of built-in and connected devices.
⁃ Information about the last unsuccessful OS restart: the number of unsuccessful restarts.

When participating in KSN, the User agrees to provide the following information for all purposes mentioned above:
⁃ The unique software installation identifier.
⁃ The full version of the installed software.
⁃ The type identifier of the installed software.
⁃ The unique identifier of the computer with the installed software.

Kaspersky Lab protects the information received in accordance with applicable governing law and Kaspersky Lab's rules. Data is transmitted over a secure channel.

Securing the Transmission and Storage of Data

Kaspersky Lab is committed to protecting the security of the information it processes. The information processed is stored on computer servers with limited and controlled access. Kaspersky Lab operates secure data networks protected by industry-standard firewall and password protection systems. Kaspersky Lab uses a wide range of security technologies and procedures to protect information from threats such as unauthorized access, use, or disclosure. Our security policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the data that we process. Kaspersky Lab takes steps to ensure that your information is treated securely and in accordance with this Statement. Unfortunately, no data transmission can be guaranteed secure. As a result, while we strive to protect your data, we cannot guarantee the security of any data you transmit to us or from our products or services, including without limitation Kaspersky Security Network, and you use all these services at your own risk.

We treat the data we process as confidential information; it is, accordingly, subject to our security procedures and corporate policies regarding protection and use of confidential information. All Kaspersky Lab employees are aware of our security policies. Your data is only accessible to those employees who need it in order to perform their jobs. Any stored data will not be associated with any personally identifiable information. Kaspersky Lab does not combine the data stored by Kaspersky Security Network with any data, contact lists, or subscription information that is processed by Kaspersky Lab for promotional or other purposes.

C. USE OF THE PROCESSED DATA

Kaspersky Lab processes the data in order to analyze and identify the source of potential security risks, and to improve the ability of Kaspersky Lab’s products to detect malicious behavior, fraudulent websites, crimeware, and other types of Internet security threats to provide the best possible level of protection to Kaspersky Lab customers in the future.

Disclosure of Information to Third Parties

Kaspersky Lab may disclose any of the information processed if asked to do so by a law enforcement official as required or permitted by law, in response to a subpoena or other legal process or if we believe in good faith that we are required to do so in order to comply with applicable law, regulation, subpoena, or other legal process or enforceable government request. Kaspersky Lab may also disclose information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating this Statement, the terms of your agreements with the Company or to protect the safety of our users and the public or under confidentiality and licensing agreements with certain third parties which assist us in developing, operating and maintaining the Kaspersky Security Network. In order to promote awareness, detection and prevention of Internet security risks, Kaspersky Lab may share certain information with research organizations and other security software vendors. Kaspersky Lab may also make use of statistics derived from the information processed to track and publish reports on security risk trends.

D. DATA PROCESSING – RELATED INQUIRIES AND COMPLAINTS

Kaspersky Lab takes and addresses its users’ Data Processing concerns with utmost respect and attention. If you believe that there was an instance of non-compliance with this Statement with regard to your information or data, or you have other related inquiries or concerns, you may write or contact Kaspersky Lab by email: support@kaspersky.com.

In your message, please describe in as much detail as possible the nature of your inquiry. We will investigate your inquiry or complaint promptly.

CHOICES AVAILABLE TO YOU

Participation in Kaspersky Security Network is optional. You can activate and deactivate the Kaspersky Security Network service at any time by selecting the corresponding option in the settings of your Kaspersky Lab product. Please note, however, if you choose to deactivate the Kaspersky Security Network service, we may not be able to provide you with some of the services dependent upon the processing of this data.

We also reserve the right to send infrequent alert messages to users to inform them of specific changes that may impact their ability to use our services that they have previously signed up for. We also reserve the right to contact you if compelled to do so as part of a legal proceeding or if there has been a violation of any applicable licensing, warranty or purchase agreements.

Kaspersky Lab is retaining these rights because in limited cases we feel that we may need the right to contact you as a matter of law or regarding matters that may be important to you. These rights do not allow us to contact you to market new or existing services if you have asked us not to do so, and issuance of these types of communications is rare. 

© 2019 AO Kaspersky Lab. All Rights Reserved.
