Upgrading Kaspersky Anti Targeted Attack Platform

You can upgrade Kaspersky Anti Targeted Attack Platform from version 3.6 to version 3.7.

You can also install the program update packages released by Kaspersky.

If you are not using the distributed solution and multitenancy mode and are using a standalone Central Node server, you can update the program on the Central Node server.

If you are not using the distributed solution and multitenancy mode and are using a standalone Central Node server, you can update the program on the Central Node server.

If you are using the distributed solution and multitenancy mode:

1. You can update the program on the PCN server. After the program update is complete, the PCN server belongs to the same organization it belonged to before the update.
2. If you want to update the program on an SCN server, change the role of the server from SCN to standalone Central Node server before performing the update.

   The program is updated on the standalone Central Node server.

   After updating the program, you can assign the SCN role to servers and select the organization to which the SCN server belongs.

3. After the program update is complete, by default, all users with the Administrator role are granted access to the web interface of the PCN server and all SCN servers.

   If before the program update, each user's access to SCN web interfaces was configured individually, you can configure it again.

   After the program update is complete, by default, all users with the Senior security officer and Security officer roles are granted access to the web interface of the PCN server and all SCN servers.

   If before the program update, each user's access to SCN web interfaces was configured individually, you can configure it again. To do so, in the web interface of the PCN server:

   1. Add the relevant organizations.
   2. Configure the access of user accounts with the Senior security officer and Security officer roles to these companies and servers.
   3. Delete all SCNs that are temporarily disconnected from the PCN during the update.
   4. Re-connect all relevant SCNs to the PCN.

      The program prompts you to select an organization for each SCN server.

   User access to SCN web interfaces is configured.

Perform the program update procedure on the server where you want to update the data.

Kaspersky Anti Targeted Attack Platform may contain user data and other confidential information. The Kaspersky Anti Targeted Attack Platform administrator must independently ensure the security of this data when upgrading the program, or in other cases when it may be necessary to permanently delete data. The Kaspersky Anti Targeted Attack Platform administrator bears responsibility for access to data stored on program servers.

Contents and volume of data saved when upgrading the program from version 3.6 to version 3.7

Maximum data volume	Data type	Data saved during upgrade
4 GB	Central Node settings. Program databases on the Central Node (alerts database, tasks, policies, information about alert VIP status, white lists, notifications).	All data except: Settings for integration with sensors License keys Metadata of files quarantined on computers with the Endpoint Sensors component Widget layouts in the Dashboard section Data on Endpoint Sensors components received from KSC Settings of network isolation of hosts TAA alerts
4 GB	PCN settings.	All data except: Settings for integration with sensors License keys Metadata of files quarantined on computers with Endpoint Sensors Widget layouts in the Dashboard section Data on installed Endpoint Sensors programs received from KSC Settings of network isolation of hosts TAA alerts
4 GB	Program databases on the PCN (alerts database, tasks, policies, information about alert VIP status, white lists, notifications).	All data except TAA alerts.
300 GB	Quarantine.	None.
300 GB	Sandbox artifacts.	All data.
300 GB	Database of alerts generated during a rescan.	All data except TAA alerts.
No	Targeted Attack Analyzer database.	None.
No	Events database.	None.

Special considerations for upgrading Kaspersky Anti Targeted Attack Platform from version 3.6 to version 3.7

1. After upgrading Kaspersky Anti Targeted Attack Platform from version 3.6 to version 3.7, you must add license keys again.
2. After upgrading the program to version 3.7, metadata of files quarantined on computers with the Endpoint Sensors program using the Quarantine file task in Kaspersky Anti Targeted Attack Platform 3.6 is not displayed in the Storage section, Quarantine subsection of the program web interface. After upgrading the program to version 3.7, files placed in Storage in Kaspersky Anti Targeted Attack Platform 3.6 are displayed in Storage section, Files subsection.

   Before upgrading the program to version 3.7, make sure you have processed all quarantined objects on computers with the Endpoint Sensors program.

3. User defined widget layouts in the Dashboard section are not preserved after upgrading Kaspersky Anti Targeted Attack Platform 3.6 to version 3.7.
4. Data on Endpoint Sensors components received in Kaspersky Anti Targeted Attack Platform 3.6 from Kaspersky Security Center is not transferred to Kaspersky Anti Targeted Attack Platform 3.7 because Kaspersky Anti Targeted Attack Platform 3.7 does not integrate with Kaspersky Security Center.
5. Alerts generated by the Targeted Attack Analyzer (TAA) technology in Kaspersky Anti Targeted Attack Platform 3.6 are not transferred to Kaspersky Anti Targeted Attack Platform 3.7 because the TAA technology in Kaspersky Anti Targeted Attack Platform 3.7 uses new logic.
6. Endpoint Sensors host isolation settings set up in Kaspersky Anti Targeted Attack Platform 3.6 are not transferred to Kaspersky Anti Targeted Attack Platform 3.7.

   Before upgrading the program to version 3.7, make sure to delete all Endpoint Sensors isolation rules, otherwise you will lose control over the isolated hosts.

7. User-defined IOA rules created in Kaspersky Anti Targeted Attack Platform 3.6 are transferred to Kaspersky Anti Targeted Attack Platform 3.7 in the old format and in a disabled state. If enabled in Kaspersky Anti Targeted Attack Platform 3.7, the rules are converted to the new TAA (IOA) format.

Files that are in the scan queue when Kaspersky Anti Targeted Attack Platform is upgraded to version 3.7 are not saved.

In this Help section Upgrading the program from version 3.6 to version 3.7 Installing program update packages in the administrator menu and in Technical Support Mode

Page top