To integrate with Kaspersky Endpoint Detection and Response, you must add the Endpoint Detection and Response Optimum (EDR Optimum) component or the Endpoint Detection and Response Expert (EDR Expert) component, and configure Kaspersky Endpoint Security.
The EDR Optimum and EDR Expert components are not compatible. Moreover, the EDR Expert component is incompatible with the Managed Detection and Response component.
The following conditions must be fulfilled for Endpoint Detection and Response to work:
Integration with Kaspersky Endpoint Detection and Response involves the following steps:
You can select the EDR Optimum or EDR Expert component during installation or upgrade, as well as using the Change application components task. You must restart your computer to finish upgrading the application with the new components.
Following the Change application components task execution, the status of the task is displayed incorrectly. Instead of Completed successfully, the task has the Scheduled status. However, the task can still be completed successfully. Make sure that the new component is installed in the computer properties of the Kaspersky Security Center console (Applications → Kaspersky Endpoint Security for Windows → Components) or in the local application interface.
You can acquire a license to use Kaspersky Endpoint Detection and Response in the following ways:
The feature will be available immediately after activation of Kaspersky Endpoint Security for Windows.
The feature will be available after you add a separate key for Kaspersky Endpoint Detection and Response. As a result, two keys are installed on the computer: a key for Kaspersky Endpoint Security and a key for Kaspersky Endpoint Detection and Response.
Licensing for the stand-alone Endpoint Detection and Response functionality is the same as the licensing of Kaspersky Endpoint Security.
Make sure that the EDR Optimum or EDR Expert functionality is included in the license and is running in the local interface of the application.
You can enable or disable the component in Kaspersky Endpoint Security for Windows policy settings.
The Kaspersky Endpoint Detection and Response component is enabled. Check the operating status of the component by viewing the Application components status report. You can also view the operating status of a component in reports in the local interface of Kaspersky Endpoint Security. The Endpoint Detection and Response Optimum or Endpoint Detection and Response Expert component is added to the list of Kaspersky Endpoint Security components.
To enable all the Endpoint Detection and Response features, data transfer must be enabled for the following types of data:
The data are required to obtain information about files quarantined on a computer through Web Console and Cloud Console. For example, you can download a file from quarantine for analysis in Web Console and Cloud Console.
The data are required to obtain information about threats detected on a computer in Web Console and Cloud Console. You can view alert details and take response actions in Web Console and Cloud Console.
How to enable data transfer to the Administration Server in Web Console and Cloud Console