KASPERSKY SECURITY NETWORK (KSN) STATEMENT Kaspersky Security Network Statement (hereinafter "KSN Statement") relates to the computer program Kaspersky Endpoint Security for Linux (hereinafter "Software"). KSN Statement along with the End User License Agreement for Software, in particular in the Section "Conditions regarding Data Processing" specifies the conditions, responsibilities and procedures relating to transmission and processing of the data, indicated in the KSN Statement. Carefully read the terms of the KSN Statement, as well as all documents referred to in the KSN Statement, before accepting it. When the End User activates the using of the KSN, the End User is fully responsible for ensuring that the processing of personal data of Data Subjects is lawful, particularly, within the meaning of Article 6 (1) (a) to (1) (f) of Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") if Data Subject is in the European Union, or applicable laws on confidential information, personal data, data protection, or similar thereto. Data Protection and Processing Data received by the Rightholder from the End User during use of the KSN are handled in accordance with the Rightholder's Privacy Policy published at: www.kaspersky.com/Products-and-Services-Privacy-Policy. Purpose of Using the KSN Use of the KSN could lead to increase the effectiveness of protection provided by the Software, against information and network security threats. The declared purpose is achieved by: - determining the reputation of scanned objects; - identifying information security threats that are new and challenging to detect, and their sources; - taking prompt measures to increase the protection of the data stored and processed by the End User with the Computer; - reducing the likelihood of false positives; - increasing the efficiency of Software components; - preventing information security incidents and investigating incidents that did occur; - improving the performance of the Rightholder's products; - receiving reference information about the number of objects with known reputation. Processed Data During use of the KSN, the Rightholder will automatically receive and process the following data: - Information about scanned files: checksums of scanned files (MD5, SHA2-256, SHA1) and file patterns (MD5), the pattern size, the type of identified threat and the name thereof in accordance with the Right Holder's classification, and the anti-virus database I; - ID of the scan task during which the threat was discovered; - Information about the digital certificates that were used and are required to verify the authenticity thereof: checksums (SHA256) of the certificate specified in the scanned object's signature and the open certificate key; - Information about software installed on the computer: the name of the software and the manufacturer thereof, the registry keys used and the values thereof, information about software component files (checksums [MD5, SHA2-256, SHA1], the name, file path, size, version and digital signature), information about kernel objects, drivers, services, printing system extensions, control panel applets, hosts file and system registry entries, and browser and mail client versions; - Information about the computer's anti-virus protection status: release version, dates and times of anti-virus databases used, updates and connections to Right Holder services and the scan task ID and scan software component ID; - Information about applications started and the modules thereof: data on processes started in the system (process ID [PID], process name, data on the account that started the process or the application and team that started the process, as well as whether the application or process were trusted, the complete path to the process files or command prompt, the process integrity level, a description of the product associated with the process (product name and manufacturer), as well as information about the digital certificates used and information required to verify the authenticity thereof, or data showing the absence of a digital file signature), as well as information about modules started within the process (name, size, type, issue date, attributes, checksums [MD5, SHA2-256, SHA1], path), PE-file header and the file compressor (if the file has been compressed); - Information about all potentially harmful objects and actions: the name of the detected object and the complete path to the object on the computer, checksums of processed files (MD5, SHA2-256, SHA1), the date and time of detection, the name and size of infected files and paths thereto, the path template code, an indication of whether the object is a container, the name of the file compressor (if the file is compressed), the file type code, the file format ID, a list of harmful activities by the application and software and User solutions thereto, the anti-virus database ID based on which the software solution was selected, the name of the discovered threat in accordance with the Right Holder's classification, the threat level, the detection status and method, the reason for inclusion in the analyzed context and number of the file in context, checksums (MD5, SHA2-256, SHA1), the name and attributes of the executed application file that allowed the infected message or link in, the anonymized IP-addresses (IPv4 and IPv6) of the blocked object's host, the file entropy, an indication of whether the file was autostarted, the time of first detection in the system, the number of file starts from the moment of the last statistics transfer, information about the name, checksums (MD5, SHA2-256, SHA1), size of the mail client through which the harmful object was received, scanner software task ID, file reputation or signature lookup attribute, the file processing result, the object pattern checksum (MD5) and pattern size in bytes, and the technical characteristics of the detection technologies used; - Information about scanned objects: the assigned trust group to which or from which the file was transferred, the reason why the file was placed into this category, the category ID, information about the source of the categories and the category database version, indication whether the file has a trust certificate, the name of the file manufacturer, the file version and the name and version of the application containing the file; - Information about discovered vulnerabilities: the vulnerability ID in the vulnerability database, the vulnerability threat class and detection status; - Information about emulation of the executable: the file size and checksums (MD5, SHA2-256, SHA1), the emulation component version, emulation depth, the logic block characteristics vector and functions within the logic blocks detected during emulation and data from the executable's PE-header structure; - Information about downloaded software modules: the name, size and checksums (MD5, SHA2-256, SHA1) of the module file, the complete path thereto and path template code, the module file's digital signature parameters, the date and time that the signature was generated, the name of the subject and organization that signed the module file, the ID of the process during which the module was downloaded, the name of the module's source and the module's number in the download queue; - Service information about the software: the compiler version, indicator of the potential maliciousness of the scanned object, the version of the statistical data set transferred, information about the completeness and accuracy of the statistical data, the statistical data generation term ID and information on the software operating mode; - If a potentially malicious object is detected, information about data in process memory: object system hierarchy elements (ObjectManager), UEFI BIOS memory data and registry key names and values will be provided; - Information about the installation date: the type of license used and the expiration date thereof, the ID of the partner from which the license was acquired, the license serial number, the type of software installation on the computer (first-time installation, update, etc.), indication of successful installation or installation error code, the unique installation ID, the type and ID of the application being updated and the update task ID; - Information about all installed updates, as well as the latest installed and/or uninstalled updates, the type of event that caused update information to be sent, the time since the last update was installed and information about anti-virus databases downloaded at the time that the information was provided; - Information about software component errors: the software status ID, the error code and type, as well as the time that the error occurred, component, module and process IDs of the product in which the error occurred, the task or category ID of the update during the installation of which the error occurred, the software error detection method ID and the name of the process that initiated traffic interception and exchange and led to the software error; - Information about anti-virus database and software component updates: the names, dates and times that index files were downloaded during the last update and were being downloaded during the current update, as well as the date and time that the last update was completed and the names of the files in updated categories and their checksums (MD5, SHA2-256, SHA1); - The software update component version, the number of emergency shutdowns of the software update component when performing updates while the component was active, the update task type ID and the number of unsuccessful attempts to update the software update component; - Information for verifying the authenticity of certificates signed by files: the certificate fingerprint, the checksum calculation algorithm, the public key and serial number of the certificate, the name of the certificate issuer and the result of verifying the certificate and certificate database ID; - Information about the Right Holder's software: the full version, type, localization and operating status of any software used, the version of installed software components and the operating status thereof, data on installed software updates as well as the TARGET filter value, and the version of the connection protocol used with the Right Holder's services; - Information about installed system devices: the type, name, model, firmware version and specifications of installed and connected devices and the unique ID of the computer on which the software was installed; - Information about the operating system (OS) version installed on the computer and any installed update packages, the bit version, release and operating parameters of the OS and the version and checksums (MD5, SHA2-256, SHA1) of the OS kernel. Also, in order to achieve the declared purpose of increasing the effectiveness of protection provided by the Software, the Rightholder may receive objects that could be exploited by intruders to harm the Computer and create information security threats. Such objects include: - Executable and non-executable files in part or in whole; - Portions of the computer's RAM; - The sector involved in the operating system start process; - Web pages and emails that contain suspicious and malicious objects; - App activity logs. Such app activity logs contain the following data on files and processes: - The name, size and version of the file sent, a description and checksum (MD5, SHA2-256, SHA1) thereof, the format ID, the name of the manufacturer, the name of the product that the file references, the complete file path on the computer and the path template code, and the date and time that the file was created and modified; - The certificate's validity start and end date and time if the file sent contains a digital signature, the time and date of the signature, the name of the certificate's issuer, information about the certificate's owner, the certificate's fingerprint and open key and algorithm for the calculation thereof and the certificate's serial number; - The name of the account record that started the process; - The checksum (MD5, SHA2-256, SHA1) on behalf of the computer that started the process; - The name of the processing window; - The anti-virus database ID and the name of the threat detected in accordance with the Right Holder's classification; - Information about the software license, the license ID and the type and date of expiration thereof; - The computer's local time when the information was provided; - The names of and paths to files to which the process obtained access; - The names of the registry keys and the values thereof to which the process obtained access; - The URL and IP addresses with which the process was communicating; - The URL and IP addresses from which the started file was obtained. Also, in order to achieve the declared purpose with respect to preventing false positives, the Rightholder may receive trusted executable and non-executable files or their parts. Providing the above information to the KSN is voluntary. After installing the Software, the End User can at any time enable or disable the use of the KSN in the Software settings as described in the User Manual. (c) 2018 AO Kaspersky Lab. All Rights Reserved.