KEA to KES Migration Guide for MDR

Kaspersky Endpoint Security for Windows includes a built-in agent for the Kaspersky Managed Detection and Response solution. You no longer need a separate Kaspersky Endpoint Agent application to work with MDR. All functions of Kaspersky Endpoint Agent will be performed by Kaspersky Endpoint Security.

When you deploy Kaspersky Endpoint Security on computers that have Kaspersky Endpoint Agent installed, Kaspersky Managed Detection and Response solution will continue working with Kaspersky Endpoint Security. In addition, Kaspersky Endpoint Agent will be removed from the computer. The same behavior in the system will occur when you update Kaspersky Endpoint Security to version 11.6.0 or higher.

Kaspersky Endpoint Security is not compatible with Kaspersky Endpoint Agent. You cannot install both of these applications on the same computer.

The following conditions must be met for Kaspersky Endpoint Security to work as part of Kaspersky Managed Detection and Response:

Steps for migrating [KES+KEA] configuration to [KES+built-in agent] for MDR

  1. Upgrading the Kaspersky Endpoint Security Management Plug-in

    MDR component can be managed using the Kaspersky Endpoint Security Management Plug-in version 11.6 or higher. Depending on the type of Kaspersky Security Center console you are using, update the management plug-in in the Administration Console (MMC) or the web plug-in in the Web Console.

  2. Migrating policies and tasks

    Transfer Kaspersky Endpoint Agent settings to Kaspersky Endpoint Security for Windows. The following options are available:

    • A wizard for migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security. A wizard for migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security works only in Web Console

      How to migrate policy and task settings from Kaspersky Endpoint Agent to Kaspersky Endpoint Security in Web Console

    • A standard Policies and tasks batch conversion wizard. The Policies and tasks batch conversion wizard is only available in the Administration Console (MMC). For more details about Policies and tasks batch conversion wizard, please refer to the Kaspersky Security Center Help.
  3. Licensing the MDR functionality

    To activate Kaspersky Endpoint Security as part of the Kaspersky Managed Detection and Response solution, you need a separate license for Kaspersky Managed Detection and Response Add-on. You can add the key using the Add key task. As a result, two keys will be added to the application: Kaspersky Endpoint Security and Kaspersky Managed Detection and Response.

  4. Installing / Upgrading the Kaspersky Endpoint Security application

    To migrate MDR functionality during an application installation or upgrade, it is recommended to use the remote installation task. When creating a remote installation task, you need to select MDR component in the installation package settings.

    You can also upgrade the application using the following methods:

    • Using the Kaspersky update service.
    • Locally, by using the Setup Wizard.

    Kaspersky Endpoint Security supports automatically selecting components when upgrading the application on a computer with the Kaspersky Endpoint Agent application installed. The automatic selection of components depends on the permissions of the user account that is upgrading the application.

    If you are upgrading Kaspersky Endpoint Security using the EXE or MSI file under the system account (SYSTEM), Kaspersky Endpoint Security gains access to current licenses of Kaspersky solutions. Therefore, if the computer has Kaspersky Endpoint Agent installed and MDR solution activated, the Kaspersky Endpoint Security installer automatically configures the set of components and selects the MDR component. This makes Kaspersky Endpoint Security switch to using the built-in agent and removes Kaspersky Endpoint Agent. Running the MSI installer under the system account (SYSTEM) is usually performed when upgrading via the Kaspersky update service or when deploying an installation package via Kaspersky Security Center.

    If you are upgrading Kaspersky Endpoint Security using an MSI file under a non-privileged user account, Kaspersky Endpoint Security lacks access to current licenses of Kaspersky solutions. In this case, Kaspersky Endpoint Security automatically selects components based on a set of components of Kaspersky Endpoint Agent. After that Kaspersky Endpoint Security switches to using the built-in agent and removes Kaspersky Endpoint Agent.

    Kaspersky Endpoint Security supports upgrading without computer restart. You can select the application upgrade mode in policy properties.

  5. Checking the application operation

    If after application installation or upgrade, the computer has the Critical status in the Kaspersky Security Center console:

    • Make sure that the computer has Network Agent version 13.2 or higher installed.
    • Check the operating status of the built-in agent by viewing the Application components status report. If a component has the Not installed status, install the component using the Change application components task. If a component has the Not covered by license status, make sure that you have activated the built-in agent functionality.
    • Make sure you accept the Kaspersky Security Network Statement in the new policy of Kaspersky Endpoint Security for Windows.
Page top