Installing the application from the command line

Kaspersky Endpoint Security can be installed from the command line in one of the following modes:

In interactive mode by using the Application Setup Wizard.
In silent mode. After installation is started in silent mode, your involvement in the installation process is not required. To install the application in silent mode, use the /s and /qn keys.
Prior to installing the application in silent mode, please open and read the End User License Agreement and the text of the Privacy Policy. The End User License Agreement and the text of the Privacy Policy are included in the Kaspersky Endpoint Security distribution kit. You may proceed to install the application only if you have fully read, understand, and accept the provisions and terms of the End User License Agreement, you understand and agree that your data will be processed and transmitted (including to third-party countries) in accordance with the Privacy Policy, and you have fully read and understand the Privacy Policy. If you do not accept the provisions and terms of the End User License Agreement and the Privacy Policy, please do not install or use Kaspersky Endpoint Security.

To install the application or upgrade a previous version of the application:

Run the command line interpreter (cmd.exe) as an administrator.
Go to the folder where the Kaspersky Endpoint Security distribution package is located.

Run the following command:

setup_kes.exe /pEULA=1 /pPRIVACYPOLICY=1 [/pKSN=1|0] [/pALLOWREBOOT=1|0] [/pSKIPPRODUCTCHECK=1|0] [/pSKIPPRODUCTUNINSTALL=1|0] [/pKLLOGIN=<user name> /pKLPASSWD=<password> /pKLPASSWDAREA=<password scope>] [/pENABLETRACES=1|0 /pTRACESLEVEL=<tracing level>] [/s]

msiexec /i <distribution kit name> EULA=1 PRIVACYPOLICY=1 [KSN=1|0] [ALLOWREBOOT=1|0] [SKIPPRODUCTCHECK=1|0] [SKIPPRODUCTUNINSTALL=1|0] [KLLOGIN=<user name> KLPASSWD=<password> KLPASSWDAREA=<password scope>] [ENABLETRACES=1|0 TRACESLEVEL=<tracing level>] [/qn]


`EULA`	Acceptance or rejection of the terms of the End User License Agreement. The text of the License Agreement is included in the distribution kit of Kaspersky Endpoint Security. Available values: `1` – acceptance of the terms of the End User License Agreement. `0` – rejection of the terms of the End User License Agreement (default value). Accepting the terms of the End User License Agreement is necessary for installing the application or upgrading the application version.
`PRIVACYPOLICY`	Acceptance or rejection of the Privacy Policy. The text of the Privacy Policy is included in the Kaspersky Endpoint Security distribution kit. Available values: `1` – acceptance of the Privacy Policy. `0` – rejection of the Privacy Policy (default value). To install the application or upgrade the application version, you must accept the Privacy Policy.
`KSN`	Agreement or refusal to participate in Kaspersky Security Network (KSN). If no value is set for this parameter, Kaspersky Endpoint Security will prompt to confirm your consent or refusal to participate in KSN when Kaspersky Endpoint Security is first started. Available values: `1` – agreement to participate in KSN. `0` – refusal to participate in KSN (default value). The Kaspersky Endpoint Security distribution package is optimized for use with Kaspersky Security Network. If you opted not to participate in Kaspersky Security Network, you should update Kaspersky Endpoint Security immediately after the installation is complete.
`ALLOWREBOOT=1`	Automatic restart of the computer, if required after installation or upgrade of the application. If no value is set for this parameter, automatic computer restart is blocked. Restart is not required when installing Kaspersky Endpoint Security. Restart is required only if you have to remove incompatible applications prior to installation. Restart may also be required when updating the application version.
`SKIPPRODUCTCHECK=1`	Disabling checking for incompatible software. The list of incompatible software is available in the incompatible.txt file that is included in the distribution kit. If no value is set for this parameter and incompatible software is detected, the installation of Kaspersky Endpoint Security will be terminated.
`SKIPPRODUCTUNINSTALL=1`	Disable automatic removal of detected incompatible software. If no value is set for this parameter, Kaspersky Endpoint Security attempts to remove incompatible software.
`KLLOGIN`	Set the user name for accessing the features and settings of Kaspersky Endpoint Security (the Password protection component). The user name is set together with the `KLPASSWD` and `KLPASSWDAREA` parameters. The user name KLAdmin is used by default.
`KLPASSWD`	Specify a password for accessing Kaspersky Endpoint Security features and settings (the password is specified together with the `KLLOGIN` and `KLPASSWDAREA` parameters). If you specified a password but did not specify a user name with the `KLLOGIN` parameter, the KLAdmin user name is used by default.
`KLPASSWDAREA`	Specify the scope of the password for accessing Kaspersky Endpoint Security. When a user attempts to perform an action that is included in this scope, Kaspersky Endpoint Security prompts for the user’s account credentials (`KLLOGIN` and `KLPASSWD` parameters). Use the "`;`" character to specify multiple values. Available values: `SET` – modifying application settings. `EXIT` – exiting the application. `DISPROTECT` – disabling protection components and stopping scan tasks. `DISPOLICY` – disabling Kaspersky Security Center policy. `UNINST` – removing the application from the computer. `DISCTRL` – disabling control components. `REMOVELIC` – removing the key. `REPORTS` – viewing reports.
`ENABLETRACES`	Enabling or disabling application traces. After Kaspersky Endpoint Security starts, it saves trace files in the folder %ProgramData%/Kaspersky Lab. Available values: `1` – traces are enabled. `0` – traces are disabled (default value).
`TRACESLEVEL`	Level of detail of traces. Available values: `100` (critical). Only messages about fatal errors. `200` (high). Messages about all errors, including fatal errors. `300` (diagnostic). Messages about all errors, as well as warnings. `400` (important). All error messages, warnings, and additional information. `500` (normal). Messages about all errors and warnings, as well as detailed information about the operation of the application in normal mode (default). `600` (low). All messages.
`AMPPL`	Enables or disables protection of the Kaspersky Endpoint Security processes using AM-PPL technology (Antimalware Protected Process Light). For more details about AM-PPL technology, please visit the Microsoft website. AM-PPL technology is available for Windows 10 version 1703 (RS2) or later, and Windows Server 2019 operating systems. Available values: `1` – protection of the Kaspersky Endpoint Security processes using AM-PPL technology is enabled. `0` – protection of the Kaspersky Endpoint Security processes using AM-PPL technology is disabled.
`RESTAPI`	Managing the application through the REST API. To manage the application through the REST API, you must specify the user name (`RESTAPI_User` parameter). Available values: `1` – management via REST API is allowed. `0` – management via REST API is blocked (default value). To manage the application through the REST API, management using administrative systems must be allowed. To do so, set the `AdminKitConnector=1` parameter. If you manage the application through the REST API, it is impossible to manage the application using the administration systems of Kaspersky.
`RESTAPI_User`	User name of the Windows domain account used for managing the application through the REST API. Management of the application through the REST API is available only to this user. Enter the user name in the format <`DOMAIN>\<UserName>` (for example, `RESTAPI_User=COMPANY\Administrator`). You can select only one user to work with the REST API. Adding a user name is a prerequisite for managing the application through the REST API.
`RESTAPI_Port`	Port used for managing the application through the REST API. Port 6782 is used by default.
`ADMINKITCONNECTOR`	Application management using administration systems. Administration systems include, for example, Kaspersky Security Center. In addition to Kaspersky administration systems, you can use third-party solutions. Kaspersky Endpoint Security provides an API for this purpose. Available values: `1` – application management with the help of administration systems is allowed (default value). `0` – application management is allowed only through the local interface.
Example: `setup_kes.exe /pEULA=1 /pPRIVACYPOLICY=1 /pKSN=1 /pALLOWREBOOT=1` `msiexec /i kes_win.msi EULA=1 PRIVACYPOLICY=1 KSN=1 KLLOGIN=Admin KLPASSWD=Password KLPASSWDAREA=EXIT;DISPOLICY;UNINST /qn` `setup_kes.exe /pEULA=1 /pPRIVACYPOLICY=1 /pKSN=1 /pENABLETRACES=1 /pTRACESLEVEL=600 /s`

After Kaspersky Endpoint Security is installed, the trial license is activated unless you provided an activation code in the setup.ini file. A trial license usually has a short term. When the trial license expires, all Kaspersky Endpoint Security features become disabled. To continue using the application, you need to activate the application with a commercial license by using the Application Activation Wizard or a special command.

When installing the application or upgrading the application version in silent mode, use of the following files is supported:

setup.ini – general settings for application installation
install.cfg – settings of Kaspersky Endpoint Security operation
setup.reg – registry keys
Registry keys from the setup.reg file are written to the registry only if the setup.reg value is set for the SetupReg parameter in the setup.ini file. The setup.reg file is generated by Kaspersky experts. It is not recommended to modify the contents of this file.

To apply settings from the setup.ini, install.cfg, and setup.reg files, place these files into the folder containing the Kaspersky Endpoint Security distribution package.

Page top