Upgrading Kaspersky Anti Targeted Attack Platform

You can upgrade Kaspersky Anti Targeted Attack Platform from version 3.7.2 to version 4.0. Upgrading the program involves the following steps:

1. Upgrading the Sandbox component.

   The program does not have a standard upgrade procedure. You must install the component version 4.0.

   After installing the component you need to set the maximum number of simultaneously running virtual machines. The value 48 is used by default.

   When installing the component on a VMware ESXi virtual machine, you must set up a configuration described in Calculations for the Sandbox component section.

2. Upgrading the Central Node component.

   To upgrade the component, you need to run the disk image containing the Central Node and Sensor components.

   You can upgrade the component to version 4.0 only from version 3.7.2. If you are using an older version, you must upgrade it to 3.7.2 in order: 3.7 → 3.7.1 and 3.7.1 → 3.7.2.

   If you are not using the distributed solution and multitenancy mode and are using a standalone Central Node server, you can update the program on the Central Node server.

   If you are using the distributed solution and multitenancy mode:

   Operation mode in which the program can be used to protect the infrastructure of several organizations simultaneously.

   Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

   1. You can update the program on the PCN server. After the program update is complete, the PCN server belongs to the same organization it belonged to before the update.
   2. If you want to update the program on an SCN server, change the role of the server from SCN to standalone Central Node server before performing the update.

      The program is updated on the standalone Central Node server.

      After updating the program, you can assign the SCN role to servers and select the organization to which the SCN server belongs.

   3. After the program update is complete, by default, all users with the Administrator role are granted access to the web interface of the PCN server and all SCN servers.

      If before the program update, each user's access to SCN web interfaces was configured individually, you can configure it again.

      After the program update is complete, by default, all users with the Senior security officer and Security officer roles are granted access to the web interface of the PCN server and all SCN servers.

      If before the program update, each user's access to SCN web interfaces was configured individually, you can configure it again. To do so, in the web interface of the PCN server:

      1. Add the relevant organizations.
      2. Configure the access of user accounts with the Senior security officer and Security officer roles to these companies and servers.
      3. Delete all SCNs that are temporarily disconnected from the PCN during the update.
      4. Re-connect all relevant SCNs to the PCN.

      The program prompts you to select an organization for each SCN server.

      User access to SCN web interfaces is configured.

      Perform the program update procedure on the server where you want to update the data.

   Kaspersky Anti Targeted Attack Platform may contain user data and other confidential information. The Kaspersky Anti Targeted Attack Platform administrator must independently ensure the security of this data when upgrading the program, or in other cases when it may be necessary to permanently delete data. The Kaspersky Anti Targeted Attack Platform administrator bears responsibility for access to data stored on program servers.

3. Upgrading the Sensor component installed on a standalone server.

   The program does not have a standard upgrade procedure. You must install the component version 4.0.

4. Upgrading the Kaspersky Endpoint Agent component
   • Kaspersky Endpoint Agent for Windows.
   • Kaspersky Endpoint Agent for Linux.

Special considerations for upgrading Kaspersky Anti Targeted Attack Platform from version 3.7.2 to version 4.0

1. After upgrading Kaspersky Anti Targeted Attack Platform from version 3.7.2 to version 4.0, you must add license keys again.
2. If a file with YARA rules was uploaded to a Central Node server version 3.7.2, after updating the program to version 4.0, instead of the file you will see a table with individual YARA rules.
3. Filters that were applied to alerts and events in the alert and event table, are preserved after upgrading the program from version 3.7.2 to version 4.0.
4. If integration with Kaspersky Secure Mail Gateway and Kaspersky Security for Linux Mail Server was configured for Kaspersky Anti Targeted Attack Platform 3.7.2, after the program is upgraded to version 4.0, integration settings are preserved.
5. If the amount of data sent to Kaspersky Endpoint Agent was increased or decreased by modifying or replacing a configuration file in Kaspersky Anti Targeted Attack Platform 3.7.2, after the program is upgraded to version 4.0, the settings are preserved.
6. Customized widget layouts in the Dashboard section are not preserved after upgrading the program from version 3.7.2 to version 4.0.
7. Sensor and Sandbox component data are not preserved.
8. Central Node 4.0 is not compatible with Sensor and Sandbox components version 3.7.2.

In this Help section Contents and amount of information kept when updating Kaspersky Anti Targeted Attack Platform Installation of the program update package 4.0.1

Page top