When migrating from Kaspersky Security for Windows Server (KSWS) to Kaspersky Endpoint Security (KES), you can use the follow recommendations to configure server protection and optimize performance. Here we will look at an example of migration for a single organization.
Infrastructure of the organization
The company has the following equipment installed:
The administrator manages Kaspersky solutions using the Administration Console (MMC). Kaspersky Endpoint Detection and Response Optimum (EDR Optimum) is also deployed
In Kaspersky Security Center, three administration groups are created, containing servers of the organization: two administration groups for SQL servers and an administration group for Microsoft Exchange servers. Each administration group is managed by its own policy. Database Update and On-demand scan tasks are created for all servers in the organization.
The KSWS activation key is added to Kaspersky Security Center. Automatic key distribution is enabled.
KSWS is managed by SQL_Policy(1) and SQL_Policy(2) policies. Database Update, On-demand scan tasks are also created.
KSWS is managed by the Exchange_Policy policy. Database Update, On-demand scan tasks are also created.
Planning the migration
The migration involves the following steps:
The migration scenario is initially performed on one of the cluster of SQL servers. Then the migration scenario is performed on the other cluster of SQL servers. Then the migration scenario is performed on the Microsoft Exchange.
Migrating KSWS tasks and policies using the Policies and Tasks Batch Conversion Wizard
To migrate KSWS tasks, you can use the Policies and Tasks Batch Conversion Wizard (the migration wizard). As a result, instead of the SQL_Policy(1), SQL_Policy(2), and Exchange_Policy policies, you will get a single policy with three profiles for SQL and Microsoft Exchange servers respectively. The new policy profile with KSWS settings will be named UpgradedFromKSWS <Name of the Kaspersky Security for Windows Server policy>. In profile properties, the migration wizard automatically selects the UpgradedFromKSWS
device tag as the triggering criterion. Thus the settings from the policy profile are applied to servers automatically.
Migrating the Kaspersky Endpoint Agent policy using the Policies and Tasks Batch Conversion Wizard
To migrate Kaspersky Endpoint Agent policies, you can use the Policies and Tasks Batch Conversion Wizard. The Policy and Task Migration Wizard for Kaspersky Endpoint Agent is only available in the Web Console.
Using tags to activate policy profiles in the properties of the new policy
Select the device tag that you assigned earlier as the profile activation condition. Open policy properties and select General rules for policy profile activation as the profile activation condition.
Installing KES instead of KSWS
Before installing KES, you must disable Password protection in KSWS policy properties.
Installing KES involves the following steps:
Kaspersky Security Center automatically adds the UpgradedFromKSWS
tag to names of computers on the console after the KES installation is complete.
To check the KES installation, you can use the Report on protection deployment. You can also check the device status. To confirm application activation, you can use the Report on usage of license keys.
Activating EDR Optimum
You can activate EDR Optimum functionality using a stand-alone Kaspersky Endpoint Detection and Response Optimum Add-on license. You must confirm that the EDR Optimum key is added to the Kaspersky Security Center repository and the automatic license key distribution functionality is enabled.
To check EDR Optimum activation, you can use the Report on status of application components.
Confirming that KES is working
To confirm that KES is working, you can check and see that no errors are reported. The device status must be OK. Update and malware scan tasks and successfully completed.
Page top