Kaspersky Endpoint Security 11.7.0 now has built-in agents for the Kaspersky Endpoint Detection and Response Optimum 2.0 (EDR Optimum) and Kaspersky Sandbox 2.0 solutions. You no longer need a separate Kaspersky Endpoint Agent application to work with these solutions. When you upgrade Kaspersky Endpoint Security to version 11.7.0, the EDR Optimum and Kaspersky Sandbox solutions keep working with Kaspersky Endpoint Security. In addition, the Kaspersky Endpoint Agent is removed from the computer.
In Kaspersky Endpoint Security 11.9.0 the Kaspersky Endpoint Agent distribution package is no longer part of the Kaspersky Endpoint Security distribution kit. You must download the Kaspersky Endpoint Agent distribution package separately.
Migrating the [KES+KEA] configuration to [KES+built-in agent] involves the following steps:
Upgrade all Kaspersky Security Center components to version 13.2, including the Administration Agent on user computers and Web Console.
In Kaspersky Security Center Web Console, upgrade the Kaspersky Endpoint Security web plug-in to version 11.7.0. To manage EDR Optimum and Kaspersky Sandbox components, you must use Web Console.
Use the Kaspersky Endpoint Agent Policy and Task Migration Wizard to migrate Kaspersky Endpoint Agent settings to Kaspersky Endpoint Security for Windows.
This creates a new Kaspersky Endpoint Security policy. The new policy has the Inactive status. To apply the policy, open policy properties, accept the Kaspersky Security Network Statement and set the status to Active.
If you use a common Kaspersky Endpoint Detection and Response Optimum or Kaspersky Optimum Security license to activate Kaspersky Endpoint Security for Windows and Kaspersky Endpoint Agent, EDR Optimum functionality will be activated automatically after upgrading the application to version 11.7.0. You do not need to do anything else.
If you use a stand-alone Kaspersky Endpoint Detection and Response Optimum Add-on license to activate EDR Optimum functionality, you must make sure that the EDR Optimum key is added to the Kaspersky Security Center repository and the automatic license key distribution functionality is enabled. After you upgrade the application to version 11.7.0, EDR Optimum functionality is activated automatically.
If you use a Kaspersky Endpoint Detection and Response Optimum or Kaspersky Optimum Security license to activate Kaspersky Endpoint Agent, and a different license to activate Kaspersky Endpoint Security for Windows, you must replace the Kaspersky Endpoint Security for Windows key with the common Kaspersky Endpoint Detection and Response Optimum or Kaspersky Optimum Security key. You can replace the key using the Add key task.
You do not need to activate Kaspersky Sandbox functionality. Kaspersky Sandbox functionality will be available immediately after upgrading and activating Kaspersky Endpoint Security for Windows.
To upgrade the application and migrate EDR Optimum and Kaspersky Sandbox functionality, a remote installation task is recommended.
To upgrade the application using a remote installation task, you must edit the following settings:
You can also upgrade the application using the following methods:
In this case, you must check the configuration of Kaspersky Endpoint Agent that is installed on the computer. If the installed Kaspersky Endpoint Agent includes the Endpoint Detection and Response Expert (KATA EDR) component, remove the component before you upgrade the application. If you cannot remove the Endpoint Detection and Response Expert (KATA EDR) component, Kaspersky Endpoint Security will skip the EDR Optimum and Kaspersky Sandbox components when upgrading the application. You can install components using the Change application components task after upgrading the application.
Kaspersky Endpoint Security supports automatically selecting components when upgrading the application on a computer with the Kaspersky Endpoint Agent application installed. The automatic selection of components depends on the permissions of the user account that is upgrading the application.
If you are upgrading Kaspersky Endpoint Security using the EXE or MSI file under the system account (SYSTEM), Kaspersky Endpoint Security gains access to active licenses of Kaspersky solutions. Therefore, if the computer has, for example, Kaspersky Endpoint Agent installed and the EDR Optimum solution activated, the Kaspersky Endpoint Security installer automatically configures the set of components and selects the EDR Optimum component. This makes Kaspersky Endpoint Security switch to using the built-in agent and removes Kaspersky Endpoint Agent. Running the MSI installer under the system account (SYSTEM) is usually performed when upgrading via the Kaspersky update service (SMU) or when deploying an installation package via Kaspersky Security Center.
If you are upgrading Kaspersky Endpoint Security using an MSI file under a non-privileged user account, Kaspersky Endpoint Security lacks access to active licenses of Kaspersky solutions. In this case, Kaspersky Endpoint Security automatically selects components based on Kaspersky Endpoint Agent configuration as follows:
Restart your computer to finish upgrading the application with the built-in agent. When upgrading the application, the installer removes Kaspersky Endpoint Agent before the computer is restarted. After the computer is restarted, the installer adds the built-in agent. This means that Kaspersky Endpoint Security does not perform the functions of EDR and Kaspersky Sandbox until the computer is restarted.
If after the upgrade, the computer has the Critical status in the Kaspersky Security Center console:
Make sure EDR Optimum functionality is activated using the Application components status report. If a component has the Not covered by license status, make sure that the automatic license key distribution functionality of EDR Optimum is turned on.
Upgrading the application as part of KATA EDR
If you have Kaspersky Endpoint Agent installed for integration with Kaspersky Anti Targeted Attack Platform (the Endpoint Detection and Response Expert (KATA EDR) component), you can upgrade Kaspersky Endpoint Security for Windows in any of the following ways:
To do so, you need to edit the following settings:
To do so, you must confirm the application upgrade. Kaspersky Endpoint Security excludes Endpoint Detection and Response Optimum and Kaspersky Sandbox from the installation. Upgrading Kaspersky Endpoint Agent is not supported. You can upgrade Kaspersky Endpoint Agent manually.
Kaspersky Endpoint Security excludes Endpoint Detection and Response Optimum and Kaspersky Sandbox from the installation. If the computer already has Kaspersky Endpoint Agent installed, the application is upgraded to version 3.11.