Change application components
During installation of the application, you can select the components that will be available. You can change the available application components in the following ways:
- Locally, by using the Setup Wizard.
Application components are changed by using the normal method for a Windows operating system, which is through the Control Panel. Run the Application Setup Wizard and select the option to change the application components that are available. Follow the instructions on the screen.
- Remotely using Kaspersky Security Center.
The Change application components task allows you to change the components of Kaspersky Endpoint Security after the application is installed.
Please take into account the following special considerations when changing the application components:
- On computers running Windows Server, you cannot install all components of Kaspersky Endpoint Security (for example, the Adaptive Anomaly Control component is not available).
- If the hard drives on your computer are protected by Full Disk Encryption (FDE), you cannot remove the Full Disk Encryption component. To remove the Full Disk Encryption component, decrypt all the hard drives of the computer.
- If the computer has encrypted files (FLE) or the user uses encrypted removable drives (FDE or FLE), it will be impossible to access the files and removable drives after the Data Encryption components are removed. You can access the files and removable drives by reinstalling the Data Encryption components.
How to add or remove application components in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Tasks.
The list of tasks opens.
- Click New task.
The Task Wizard starts. Follow the instructions of the Wizard.
Step 1. Selecting task type
Select Kaspersky Endpoint Security for Windows (12.4) → Select components to install.
Step 2. Task settings for changing application components
Select the configuration of the application:
- Full functionality. The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud. You can select the components that you want to install at the next step of the Setup Wizard.
- Endpoint Detection and Response Agent. In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA) or Managed Detection and Response. This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.
Select the application components that will be available on the user's computer.
Configure the advanced settings for the task (see the table below).
Step 3. Selecting the devices to which the task will be assigned
Select the computers on which the task will be performed. The following options are available:
- Assign the task to an administration group. In this case, the task is assigned to computers included in a previously created administration group.
- Select computers detected by the Administration Server in the network: unassigned devices. The specific devices can include devices in administration groups as well as unassigned devices.
- Specify device addresses manually, or import addresses from a list. You can specify NetBIOS names, IP addresses, and IP subnets of devices to which you want to assign the task.
Step 4. Configuring a task start schedule
Configure a schedule for starting a task, for example, manually or when the computer is idle.
Step 5. Defining the task name
Enter a name for the task, for example, Add the Application Control component.
Step 6. Completing task creation
Exit the Wizard. If necessary, select the Run the task after the wizard finishes check box. You can monitor the progress of the task in the task properties.
As a result, the set of Kaspersky Endpoint Security components on users' computers will be changed in silent mode. The settings of available components will be displayed in the local interface of the application. The components that were not included in the application are disabled, and the settings of these components are not available.
How to add or remove application components in the Web Console and Cloud Console
- In the main window of the Web Console, select Devices → Tasks.
The list of tasks opens.
- Click the Add button.
The Task Wizard starts. Follow the instructions of the Wizard.
Step 1. Configuring general task settings
Configure the general task settings:
- In the Application drop-down list, select Kaspersky Endpoint Security for Windows (12.4).
- In the Task type drop-down list, select Change application components.
- In the Task name field, enter a brief description, for example, Add the Application Control component.
- In the Select devices to which the task will be assigned block, select the task scope.
Step 2. Selecting the devices to which the task will be assigned
Select the computers on which the task will be performed. For example, select a separate administration group or build a selection.
Step 3. Completing task creation
Select the Open task details when creation is complete check box and finish the Wizard.
In the task properties, select the Application Settings tab. Next, select the configuration of the application:
- Full functionality. The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud. You can select the components that you want to install at the next step of the Setup Wizard.
- Endpoint Detection and Response Agent. In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA) or Managed Detection and Response. This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.
Select the application components that will be available on the user's computer.
Configure the advanced settings for the task (see the table below).
As a result, the set of Kaspersky Endpoint Security components on users' computers will be changed in silent mode. The settings of available components will be displayed in the local interface of the application. The components that were not included in the application are disabled, and the settings of these components are not available.
When installing, updating or uninstalling Kaspersky Endpoint Security, errors may occur. For more information about solving these errors, please refer to the Technical Support Knowledge Base.
Advanced Settings of the task
Parameter
|
Description
|
Remove incompatible third-party applications
|
The list of incompatible applications can be viewed in incompatible.txt , which is included in the distribution kit. If incompatible applications are installed on the computer, installation of Kaspersky Endpoint Security ends with an error.
|
Use password for modifying the set of application components
|
Administrators typically enable Password protection to restrict access to Kaspersky Endpoint Security. That is, to modify the selection of application components, you must enter credentials of a user that has the Remove / modify / restore the application permission. For example, you can use the KLAdmin account.
|
Use Azure WVD compatibility mode
|
This feature allows correctly displaying the state of the Azure virtual machine in the Kaspersky Anti Targeted Attack Platform console. To monitor the performance of the computer, Kaspersky Endpoint Security sends telemetry to KATA servers. Telemetry includes an ID of the computer (Sensor ID). Azure WVD compatibility mode allows assigning a permanent unique Sensor ID to these virtual machines. If the compatibility mode is turned off, the Sensor ID can change after the computer is restarted because of how Azure virtual machines work. This can cause duplicates of virtual machines to appear on the console.
|
Use the password to uninstall Kaspersky Endpoint Agent and Kaspersky Security for Windows Server
|
Administrators typically enable Password protection in settings of these tasks to restrict access to Kaspersky Endpoint Agent (KEA) and Kaspersky Security for Windows Server (KSWS). That is, if you are migrating from the [KES+KEA] configuration to [KES+built-in agent], or if you are migrating from KSWS to KES, you must enter a password to remove these applications.
|
Page top