Creating an installation package

An installation package is a set of files created for remote installation of a Kaspersky application via Kaspersky Security Center. The installation package contains a range of settings needed to install the application and get it running immediately after installation. The installation package is created using files with the .kpd and .kud extensions included in the application distribution kit. Kaspersky Endpoint Security installation package is common for all supported Windows versions and processor architecture types.

How to create an installation package in the Administration Console (MMC)

How to create an installation package in the Web Console and Cloud Console

Installation package settings

Section

Description

Configuration of Kaspersky Endpoint Security

Standard mode. The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud. You can select the components that you want to install at the next step of the Setup Wizard.

Endpoint Detection and Response Agent. In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA), Managed Detection and Response (MDR), Network Detection and Response (KATA), as well as Kaspersky Unified Monitoring and Analysis Platform (KUMA). This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.

Predefined exclusions

Starting with Kaspersky Endpoint Security 12.6 for Windows, scan exclusions and trusted applications are added to the trusted zone. Predefined scan exclusions and trusted applications help quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager. This means you do not need to manually set up a trusted zone for the application on servers. You can also configure the trusted zone later in policy properties: scan exclusions and trusted applications.

Protection components

In this section, you can select the application components that will be available. You can change the set of application components at a later time by using the Change application components task.

The set of available components depends on the configuration of the application:

Standard mode

The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud. You can select the components that you want to install at the next step of the Setup Wizard.

The BadUSB Attack Prevention component, Detection and Response component, and data encryption components are not installed by default. These components can be added in the installation package settings.

If you need to install Detection and Response components, Kaspersky Endpoint Security supports the following configurations:

  • Endpoint Detection and Response Optimum only
  • Endpoint Detection and Response Expert only
  • Endpoint Detection and Response (KATA) only
  • Network Detection and Response (KATA) only
  • Sandbox only
  • Endpoint Detection and Response Optimum and Sandbox
  • Endpoint Detection and Response Expert and Sandbox
  • Endpoint Detection and Response (KATA) and Sandbox
  • Network Detection and Response (KATA) and Endpoint Detection and Response (KATA)
  • Network Detection and Response (KATA) and Managed Detection and Response

Kaspersky Endpoint Security verifies the selection of components before installing the application. If the selected configuration of Detection and Response components is not supported, Kaspersky Endpoint Security cannot be installed.

Endpoint Detection and Response Agent

In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA), Managed Detection and Response (MDR), Network Detection and Response (KATA), as well as Kaspersky Unified Monitoring and Analysis Platform (KUMA). This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.

License key

In this section, you can activate the application. To activate the application, you must select a license key. Before you do that, you must add the key to the Administration Server. For more details about adding keys to the Kaspersky Security Center Administration Server, please refer to Kaspersky Security Center Help.

Incompatible applications

Carefully read the list of incompatible applications and allow removal of these applications. If incompatible applications are installed on the computer, installation of Kaspersky Endpoint Security ends with an error.

Installation settings

Add the path to the file avp.com to the system variable %PATH%. You can add the installation path to the %PATH% variable for convenient use of the command line interface.

Protect the installation process. Installation protection includes protection against replacement of the distribution package with malicious applications, blocking access to the installation folder of Kaspersky Endpoint Security, and blocking access to the system registry section containing application keys. However, if the application cannot be installed (for example, when performing remote installation with the help of Windows Remote Desktop), you are advised to disable protection of the installation process.

Ensure compatibility with Citrix PVS. You can enable support of Citrix Provisioning Services to install Kaspersky Endpoint Security to a virtual machine.

Use Azure WVD compatibility mode. This feature allows correctly displaying the state of the Azure virtual machine in the Kaspersky Anti Targeted Attack Platform console. To monitor the performance of the computer, Kaspersky Endpoint Security sends telemetry to KATA servers. Telemetry includes an ID of the computer (Sensor ID). Azure WVD compatibility mode allows assigning a permanent unique Sensor ID to these virtual machines. If the compatibility mode is turned off, the Sensor ID can change after the computer is restarted because of how Azure virtual machines work. This can cause duplicates of virtual machines to appear on the console.

Application installation folder. You can change the installation path of Kaspersky Endpoint Security on a client computer. By default, the application is installed in the %ProgramFiles(x86)%\Kaspersky Lab\KES.12.7 folder.

Configuration file. Installing the application with predefined settings. To do this, you need to upload a file that defines the settings of Kaspersky Endpoint Security. You can create a configuration file in the local interface of the application.

Page top