Installation and uninstallation settings and command line options for the Windows Installer service

This section contains descriptions of the settings for installing and uninstalling Kaspersky Industrial CyberSecurity for Nodes, their default values, keys for changing the installation settings, and their possible values. These keys can be used in conjunction with standard keys for the Windows Installer service's msiexec command when installing Kaspersky Industrial CyberSecurity for Nodes from the command line.

Installation settings and command line options in Windows Installer

• Acceptance of the terms of the End User License Agreement: you must accept the terms to install Kaspersky Industrial CyberSecurity for Nodes.

  The possible values for EULA=<value> command line option are as follows:

  • 0 – you reject the terms of the End User License Agreement (default value).
  • 1 – you accept the terms of the End User License Agreement.
• Acceptance of the terms of the Privacy Policy: you must accept the terms to install Kaspersky Industrial CyberSecurity for Nodes.

  The possible values for PRIVACYPOLICY=<value> command line option are as follows:

  • 0 – you reject the terms of the Privacy Policy (default value).
  • 1 – you accept the terms of the Privacy Policy.
• Allow installation of Kaspersky Industrial CyberSecurity for Nodes if the KB4528760 update not installed. For detailed information about the KB4528760 update please visit Microsoft website.

  The possible values for SKIPCVEWINDOWS10=<value> command line option are as follows:

  • 0 – cancel the installation of Kaspersky Industrial CyberSecurity for Nodes if the KB4528760 update is not installed (default value).
  • 1 – allow the installation of Kaspersky Industrial CyberSecurity for Nodes if the KB4528760 update is not installed.

  The KB4528760 update fixes the CVE-2020-0601 security vulnerability. For detailed information about the CVE-2020-0601 security vulnerability please visit the Microsoft website.

• Installation of Kaspersky Industrial CyberSecurity for Nodes with a preliminary scan of active processes and the boot sectors of local disks.

  The possible values for PRESCAN=<value> command line option are as follows:

  • 0 – do not perform a preliminary scan of active processes and the boot sectors of local disks during the installation (default value).
  • 1 – perform a preliminary scan of active processes and the boot sectors of local disks during the installation.
• Destination folder where Kaspersky Industrial CyberSecurity for Nodes files will be saved during installation. A different folder can be specified.

  The default values for INSTALLDIR=<full path to the folder> command line option are as follows:

  • Kaspersky Industrial CyberSecurity for Nodes: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes
  • Administration tools: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes Admins Tools
  • On the x64-bit version of Microsoft Windows: %ProgramFiles(x86)%
• The Real-Time File Protection task starts immediately after Kaspersky Industrial CyberSecurity for Nodes starts. Turn on this setting to start Real-Time File Protection when Kaspersky Industrial CyberSecurity for Nodes starts (recommended).

  The possible values for RUNRTP=<value> command line option are as follows:

  • 1 – start (default value).
  • 0 – do not start.
• Objects excluded from the protection scope according to Microsoft Corporation recommendations. In the Real-Time File Protection task exclude from the protection scope objects on the device that Microsoft Corporation recommends to exclude. Some applications on the protected device may become unstable when an anti-virus application intercepts or modifies the files they use. For example, Microsoft Corporation includes some domain controller applications in the list of such objects.

  The possible values for ADDMSEXCLUSION=<value> command line option are as follows:

  • 1 – exclude (default value).
  • 0 – do not exclude.
• Objects excluded from the protection scope according to Kaspersky recommendations. In the Real-Time File Protection task exclude from the protection scope objects on the device that Kaspersky recommends to exclude.

  The possible values for ADDKLEXCLUSION=<value> command line option are as follows:

  • 1 – exclude (default value).
  • 0 – do not exclude.
• Allow remote connection to the Application Console. By default, remote connection is not allowed to the Application Console installed on the protected device. During the installation, you can allow connection. Kaspersky Industrial CyberSecurity for Nodes creates allowing rules for the process kavfsgt.exe using the TCP protocol for all ports.

  The possible values for ALLOWREMOTECON=<value> command line option are as follows:

  • 1 – allow.
  • 0 – deny (default value).
• Path to the key file (LICENSEKEYPATH).
  By default, the Windows Installer attempts to find the file with .key extension in the \server folder of the distribution kit. If the \server folder contains several key files, the Windows Installer will select the key file that has the farthest expiration date. A key file can be saved beforehand in the \server folder or by specifying another path to the key file using the Add key setting. You can add a key after Kaspersky Industrial CyberSecurity for Nodes is installed using an administrative tool of your choice: for example, the Application Console. If you do not add a key during installation of the application, Kaspersky Industrial CyberSecurity for Nodes will not function.
• Path to the configuration file. Kaspersky Industrial CyberSecurity for Nodes imports settings from the specified configuration file created in the application. Kaspersky Industrial CyberSecurity for Nodes does not import passwords from the configuration file, for example, account passwords for starting tasks, or passwords for connecting to a proxy server. Once the settings are imported, you will have to enter all passwords manually. If the configuration file is not specified, the application will start to work with the default settings after setup.

  The default value for CONFIGPATH=<configuration file name> is not specified.

• Mode of the Scan at Operation System startup task (SCANSTARTUP_BLOCKING). If you install Kaspersky Industrial CyberSecurity for Nodes in the install mode without the SCANSTARTUP_BLOCKING key, the Scan at Operation System startup task has the following parameters assigned to the Scan scope setting:
  • Action to perform on infected and other objects: Notify only
  • Action to perform on probably infected objects: Notify only

  If you install Kaspersky Industrial CyberSecurity for Nodes in the install mode using the SCANSTARTUP_BLOCKING key, the Scan at Operation System startup task has the following parameters assigned to the Scan scope setting:

  • Action to perform on infected and other objects: Perform recommended action
  • Action to perform on probably infected objects: Perform recommended action

  The Scan at Operation System startup task is created automatically. By default, the Notify only mode is applied. In this case, after you deploy Kaspersky Industrial CyberSecurity for Nodes on the devices, you can enable the Scan at Operation System startup task if no issues with system services were discovered during scan. If the application detects critical system services as infected or probably infected objects, the Notify only mode gives you time to figure out the reason and solve the issue. If the application applies the Perform recommended action mode, which calls the Disinfect. Remove if disinfection fails action, disinfection or removal of the system files may result in critical issues with the operating system startup.

• Enabling network connections for the Application Console option is used to install Kaspersky Industrial CyberSecurity for Nodes Console on another device. You can remotely manage device protection from another device with the Kaspersky Industrial CyberSecurity for Nodes Console installed. Port 135 (TCP) is opened in Microsoft Windows Firewall, network connections are allowed for the executable file kavfsrcn.exe for remote management of Kaspersky Industrial CyberSecurity for Nodes, and access is granted to DCOM applications. When installation is complete, add users to the KICS Administrators group to let them remotely manage the application, and allow network connections to the Kaspersky Security Management Service (kavfsgt.exe file) on the protected device. You can read more about additional configuration when the Kaspersky Industrial CyberSecurity for Nodes Console is installed on another device.

  The possible values for ADDWFEXCLUSION=<value> command line option are as follows:

  • 1 – allow.
  • 0 – deny (default value).
• Disabling the check for incompatible software. Use this setting to enable or disable the check for incompatible software during background installation of the application on the protected device. Regardless of the value of this setting, during installation of Kaspersky Industrial CyberSecurity for Nodes, the application always warns about other versions of the application installed on the protected device.

  The possible values for SKIPINCOMPATIBLESW=<value> command line option are as follows:

  • 0 – The check for incompatible software is performed (default value).
  • 1 – The check for incompatible software is not performed.

Uninstallation settings and command line options in Windows Installer

• Restoring quarantined objects.

  The possible values for RESTOREQTN=<value> command line option are as follows:

  • 0 – Remove quarantined content (default value).
  • 1 – Restore quarantined content to the folder specified by the RESTOREPATH parameter into the \Quarantine subfolder.
• Restoring the content of backup.

  The possible values for RESTOREBCK=<value> command line option are as follows:

  • 0 – Remove backup content (default value).
  • 1 – Restore backup contents to the folder specified by the RESTOREPATH parameter into the \Backup subfolder.
• Enter the current password to confirm the uninstallation (if password protection is enabled).

  The default value for UNLOCK_PASSWORD=<specified password> is not specified.

• Folder for restored objects. Restored objects will be saved to the specified folder.

  The default value for RESTOREPATH=<full path to the folder> command line option is %ALLUSERSPROFILE%\Application Data\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes\3.1\Restored

Page top