To integrate with Kaspersky Endpoint Detection and Response, you must add the Endpoint Detection and Response Optimum (EDR Optimum) component or the Endpoint Detection and Response Expert (EDR Expert) component, and configure Kaspersky Endpoint Security.
EDR Optimum, EDR Expert and EDR (KATA) components are not compatible with each other.
The following conditions must be fulfilled for Endpoint Detection and Response to work:
Starting from Kaspersky Endpoint Security version 12.6 the display of alert details has been moved from Kaspersky Endpoint Security management plug-in to EDR management plug-in. The EDR management plug-in is a single plugin for working with agents on Windows, Mac and Linux operating systems. Now, when working with EDR Optimum, you will need Kaspersky Endpoint Security management plug-in to create threat response tasks and EDR management plug-in to view alert details.
EDR Expert can be managed only using the Kaspersky Security Center Cloud Console. You cannot manage this functionality using the Administration Console (MMC).
Integration with Kaspersky Endpoint Detection and Response involves the following steps:
You can select the EDR Optimum or EDR Expert component during installation or upgrade, as well as using the Change application components task.
You must restart your computer to finish upgrading the application with the new components.
You can acquire a license to use Kaspersky Endpoint Detection and Response in the following ways:
The feature will be available immediately after activation of Kaspersky Endpoint Security for Windows.
The feature will be available after you add a separate key for Kaspersky Endpoint Detection and Response. As a result, two keys are added on the computer: a key for Kaspersky Endpoint Security and a key for Kaspersky Endpoint Detection and Response.
Licensing for the stand-alone Endpoint Detection and Response functionality is the same as the licensing of Kaspersky Endpoint Security.
Make sure that the EDR Optimum or EDR Expert functionality is included in the license and is running in the local interface of the application.
For more information about the EDR Optimum End User License Agreement, refer to the Kaspersky Endpoint Detection and Response Optimum Help.
You can enable or disable the component in Kaspersky Endpoint Security for Windows policy settings.
The Kaspersky Endpoint Detection and Response component is enabled. Check the operating status of the component by viewing the Application components status report. You can also view the operating status of a component in reports in the local interface of Kaspersky Endpoint Security. The Endpoint Detection and Response Optimum or Endpoint Detection and Response Expert component is added to the list of Kaspersky Endpoint Security components.
To enable all the Endpoint Detection and Response features, data transfer must be enabled for the following types of data:
The data are required to obtain information about files quarantined on a computer through Web Console and Cloud Console. For example, you can download a file from quarantine for analysis in Web Console and Cloud Console.
The data are required to obtain information about threats detected on a computer in Web Console and Cloud Console. You can view alert details and take response actions in Web Console and Cloud Console.
How to enable data transfer to the Administration Server in Web Console and Cloud Console