Kaspersky Endpoint Security can be installed from the command line in one of the following modes:
/s
and /qn
keys.Prior to installing the application in silent mode, please open and read the End User License Agreement and the text of the Privacy Policy. The End User License Agreement and the text of the Privacy Policy are included in the Kaspersky Endpoint Security distribution kit. You may proceed to install the application only if you have fully read, understand, and accept the provisions and terms of the End User License Agreement, you understand and agree that your data will be processed and transmitted (including to third-party countries) in accordance with the Privacy Policy, and you have fully read and understand the Privacy Policy. If you do not accept the provisions and terms of the End User License Agreement and the Privacy Policy, please do not install or use Kaspersky Endpoint Security.
You can view the list of commands for installing the application by executing the /h
command. To get help on the installation command syntax, type setup_kes.exe /h
. As a result, the installer displays a window with a description of command options (see the figure below).
Description of installation command options
To install the application or upgrade a previous version of the application:
setup_kes.exe /pEULA=1 /pPRIVACYPOLICY=1 [/pKSN=1|0] [/pALLOWREBOOT=1] [/pSKIPPRODUCTCHECK=1] [/pSKIPPRODUCTUNINSTALL=1] [/pKLLOGIN=<user name> /pKLPASSWD=<password> /pKLPASSWDAREA=<password scope>] [/pENABLETRACES=1|0 /pTRACESLEVEL=<tracing level>] [/s]
or
msiexec /i <distribution kit name> EULA=1 PRIVACYPOLICY=1 [KSN=1|0] [ALLOWREBOOT=1] [SKIPPRODUCTCHECK=1] [KLLOGIN=<user name> KLPASSWD=<password> KLPASSWDAREA=<password scope>] [ENABLETRACES=1|0 TRACESLEVEL=<tracing level>] [/qn]
As a result, the application is installed on the computer. You can confirm that application is installed and check application settings by issuing the status
command.
Application installation settings
|
Acceptance of the terms of the End User License Agreement. The text of the License Agreement is included in the distribution kit of Kaspersky Endpoint Security. Accepting the terms of the End User License Agreement is necessary for installing the application or upgrading the application version. |
|
|
Acceptance of the Privacy Policy. The text of the Privacy Policy is included in the Kaspersky Endpoint Security distribution kit. To install the application or upgrade the application version, you must accept the Privacy Policy. |
|
|
Agreement or refusal to participate in Kaspersky Security Network (KSN). If no value is set for this parameter, Kaspersky Endpoint Security will prompt to confirm your consent or refusal to participate in KSN when Kaspersky Endpoint Security is first started. Available values:
The Kaspersky Endpoint Security distribution package is optimized for use with Kaspersky Security Network. If you opted not to participate in Kaspersky Security Network, you should update Kaspersky Endpoint Security immediately after the installation is complete. |
|
|
Automatic restart of the computer, if required after installation or upgrade of the application. If no value is set for this parameter, automatic computer restart is blocked. Restart is not required when installing Kaspersky Endpoint Security. Restart is required only if you have to remove incompatible applications prior to installation. Restart may also be required when updating the application version. |
|
|
Disable the check for installed software. The list of software that may cause compatibility issues is available in the incompatible.txt file that is included in the distribution kit. If no value is set for this parameter and software from the list is detected, the installation of Kaspersky Endpoint Security will be terminated. |
|
|
Disable automatic removal of detected software from the incompatible.txt list. If no value is set for this parameter, Kaspersky Endpoint Security attempts to remove the software that may cause compatibility issues. Automatic removal of the software cannot be enabled when installing Kaspersky Endpoint Security using the msiexec installer. To automatically remove the software that may cause compatibility issues, use setup_kes.exe file. |
|
|
Verifying digital signatures of the detected software files from the incompatible.txt list. To remove the software, Kaspersky Endpoint Security runs the software installer file. If the installer file does not have a digital signature, Kaspersky Endpoint Security considers the file untrusted and halts the software removal to avoid running potentially malicious code. If the application cannot verify the digital signature of the detected software file, Kaspersky Endpoint Security installation is stopped with an error. The default value is different depending on the software installation method:
|
|
|
Installing the application in the Endpoint Detection and Response Agent (EDR Agent) configuration for integration with the Kaspersky Endpoint Detection and Response (KATA) solution. This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside the Kaspersky Endpoint Detection and Response (KATA) solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications. You can also use EDR Agent for integration with the Kaspersky Managed Detection and Response solution. To do so, you must change the selection of application components. |
|
|
Set the user name for accessing the features and settings of Kaspersky Endpoint Security (the Password protection component). The user name is set together with the |
|
|
Specify a password for accessing Kaspersky Endpoint Security features and settings (the password is specified together with the If you specified a password but did not specify a user name with the |
|
|
Specify the scope of the password for accessing Kaspersky Endpoint Security. When a user attempts to perform an action that is included in this scope, Kaspersky Endpoint Security prompts for the user's account credentials (
|
|
|
Enabling or disabling application tracing. After Kaspersky Endpoint Security starts, it saves trace files in the folder
|
|
|
Level of detail of traces. Available values:
|
|
|
Enabling or disabling Azure WVD compatibility mode. Available values:
This feature allows correctly displaying the state of the Azure virtual machine in the Kaspersky Anti Targeted Attack Platform console. To monitor the performance of the computer, Kaspersky Endpoint Security sends telemetry to KATA servers. Telemetry includes an ID of the computer (Sensor ID). Azure WVD compatibility mode allows assigning a permanent unique Sensor ID to these virtual machines. If the compatibility mode is turned off, the Sensor ID can change after the computer is restarted because of how Azure virtual machines work. This can cause duplicates of virtual machines to appear on the console. |
|
|
Enables or disables protection of the Kaspersky Endpoint Security processes using AM-PPL technology (Antimalware Protected Process Light). For more details about AM-PPL technology, please visit the Microsoft website. AM-PPL technology is available for Windows 10 version 1703 (RS2) or later, and Windows Server 2019 operating systems. Available values:
|
|
|
Application upgrade mode:
You can upgrade the application without a restart starting with version 11.10.0. To upgrade an earlier version of the application, you must restart the computer. You can also install patches without a restart starting with version 11.11.0. Restart is not required when installing Kaspersky Endpoint Security. So, the upgrade mode of the application will be specified in the application settings. You can change this parameter in the application settings or in the policy. When upgrading already installed application, the priority of the command line parameter is lower than that of the parameter specified in the application settings or in the setup.ini file. For example, if |
|
|
Managing the application through the REST API. To manage the application through the REST API, you must specify the user name ( Available values:
To manage the application through the REST API, management using administrative systems must be allowed. To do so, set the |
|
|
User name of the Windows domain account used for managing the application through the REST API. Management of the application through the REST API is available only to this user. Enter the user name in the format Adding a user name is a prerequisite for managing the application through the REST API. |
|
|
Port used for managing the application through the REST API. Port 6782 is used by default. Make sure that the port is free. |
|
|
Certificate for identifying requests (for example, |
|
|
Application management using administration systems. Administration systems include, for example, Kaspersky Security Center. In addition to Kaspersky administration systems, you can use third-party solutions. Kaspersky Endpoint Security provides an API for this purpose. Available values:
|
|
Example:
|
After Kaspersky Endpoint Security is installed, the trial license is activated unless you provided an activation code in the setup.ini file. A trial license usually has a short term. When the trial license expires, all Kaspersky Endpoint Security features become disabled. To continue using the application, you need to activate the application with a commercial license by using the Application Activation Wizard or a special command.
When installing the application or upgrading the application version in silent mode, use of the following files is supported:
Registry keys from the setup.reg file are written to the registry only if the setup.reg
value is set for the SetupReg
parameter in the setup.ini file. The setup.reg file is generated by Kaspersky experts. It is not recommended to modify the contents of this file.
To apply settings from the setup.ini, install.cfg, and setup.reg files, place these files into the folder containing the Kaspersky Endpoint Security distribution package. You can also put the setup.reg file in a different folder. If you do so, you need to specify the path to the file in the following application installation command: SETUPREG=<path to the setup.reg file>
.