Change application components
During installation of the application, you can select the components that will be available. You can change the available application components in the following ways:
- Locally, by using the Setup Wizard.
Application components are changed by using the normal method for a Windows operating system, which is through the Control Panel. Run the Application Setup Wizard and select the option to change the application components that are available. Follow the instructions on the screen.
This method is not available if the application was installed via Kaspersky Security Center. You can change the selection of application components in the Control Panel only after installing the application locally.
- Remotely using Kaspersky Security Center.
The Change application components task allows you to change the components of Kaspersky Endpoint Security after the application is installed.
Please take into account the following special considerations when changing the application components:
How to add or remove application components in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Tasks.
The list of tasks opens.
- Click New task.
The Task Wizard starts. Follow the instructions of the Wizard.
Step 1. Selecting task type
Select Kaspersky Endpoint Security for Windows (12.8) → Select components to install.
Step 2. Task settings for changing application components
Select the configuration of the application:
- Standard mode to protect workstations and servers. The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud.
- Endpoint Detection and Response Agent to protect against advanced threats and targeted attacks. In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA), Managed Detection and Response (MDR), Network Detection and Response (KATA), as well as Kaspersky Unified Monitoring and Analysis Platform (KUMA). This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.
- Light Agent to protect virtual environments. This configuration is intended for the application that is used as part of the Kaspersky Security for Virtualization Light Agent solution. Light Agent must be installed on each virtual machine that needs to be protected using the solution. In this configuration, you cannot use Data Encryption components or Adaptive Anomaly Control. If you are installing Light Agent on a virtual machine template that will be used to create nonpersistent virtual machines, select the Protect VDI infrastructure check box (VDI stands for Virtual Desktop Infrastructure). The VDI protection mode helps optimize the performance of Kaspersky Endpoint Security on nonpersistent virtual machines. In this mode, Light Agent declines application updates that require restarting the virtual machine. When receiving application updates that require a restart, Light Agent generates an event about needing to update the template of the protected virtual machines.
Select the application components that will be available on the user's computer. Configure the advanced settings for the task (see the table below).
Step 3. Selecting the devices to which the task will be assigned
Select the computers on which the task will be performed. The following options are available:
- Assign the task to an administration group. In this case, the task is assigned to computers included in a previously created administration group.
- Select computers detected by the Administration Server in the network: unassigned devices. The specific devices can include devices in administration groups as well as unassigned devices.
- Specify device addresses manually, or import addresses from a list. You can specify NetBIOS names, IP addresses, and IP subnets of devices to which you want to assign the task.
Step 4. Configuring a task start schedule
Configure a schedule for starting a task, for example, manually or when the computer is idle.
Step 5. Defining the task name
Enter a name for the task, for example, Add the Application Control component.
Step 6. Completing task creation
Exit the Wizard. If necessary, select the Run the task after the wizard finishes check box. You can monitor the progress of the task in the task properties.
As a result, the set of Kaspersky Endpoint Security components on users' computers will be changed in silent mode. The settings of available components will be displayed in the local interface of the application. The components that were not included in the application are disabled, and the settings of these components are not available.
How to add or remove application components in the Web Console and Cloud Console
- In the main window of the Web Console, select Assets (Devices) → Tasks.
The list of tasks opens.
- Click Add.
The Task Wizard starts. Follow the instructions of the Wizard.
Step 1. Configuring general task settings
Configure the general task settings:
- In the Application drop-down list, select Kaspersky Endpoint Security for Windows (12.8.0).
- In the Task type drop-down list, select Change application components.
- In the Task name field, enter a brief description, for example, Add the Application Control component.
- In the Devices to which the task will be assigned block, select the task scope.
Step 2. Selecting the devices to which the task will be assigned
Select the computers on which the task will be performed. For example, select a separate administration group or build a selection.
Step 3. Completing task creation
Select the Open task details when creation is complete check box and finish the wizard.
In the task properties, select the Application settings tab. Next, select the configuration of the application:
- Standard mode to protect workstations and servers. The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud.
- Endpoint Detection and Response Agent to protect against advanced threats and targeted attacks. In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA), Managed Detection and Response (MDR), Network Detection and Response (KATA), as well as Kaspersky Unified Monitoring and Analysis Platform (KUMA). This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.
- Light Agent to protect virtual environments. This configuration is intended for the application that is used as part of the Kaspersky Security for Virtualization Light Agent solution. Light Agent must be installed on each virtual machine that needs to be protected using the solution. In this configuration, you cannot use Data Encryption components or Adaptive Anomaly Control. If you are installing Light Agent on a virtual machine template that will be used to create nonpersistent virtual machines, select the Protect VDI infrastructure check box (VDI stands for Virtual Desktop Infrastructure). The VDI protection mode helps optimize the performance of Kaspersky Endpoint Security on nonpersistent virtual machines. In this mode, Light Agent declines application updates that require restarting the virtual machine. When receiving application updates that require a restart, Light Agent generates an event about needing to update the template of the protected virtual machines.
Select the application components that will be available on the user's computer. Configure the advanced settings for the task (see the table below).
As a result, the set of Kaspersky Endpoint Security components on users' computers will be changed in silent mode. The settings of available components will be displayed in the local interface of the application. The components that were not included in the application are disabled, and the settings of these components are not available.
When installing, updating or uninstalling Kaspersky Endpoint Security, errors may occur. For more information about solving these errors, please refer to the Technical Support Knowledge Base.
Advanced Settings of the task
Parameter
|
Description
|
Exclusions
|
Starting with Kaspersky Endpoint Security 12.6 for Windows, scan exclusions and trusted applications are added to the trusted zone. Predefined scan exclusions and trusted applications help quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager. This means you do not need to manually set up a trusted zone for the application on servers.
Starting with Kaspersky Endpoint Security 12.8 for Windows, you can install the application in Light Agent mode for protecting virtual environments. Predefined scan exclusions and trusted applications can help you quickly configure Kaspersky Endpoint Security in Citrix and VMware virtual environments.
You can also configure the trusted zone later in policy properties: scan exclusions and trusted applications.
|
Separate mode / Combined mode
|
You can create separate sets of components for workstations and servers – Separate mode. Before deploying the installation package, the installer detects the type of the operating system and installs only those application components that you selected for that operating system type. In this way, you can use the same installation package for workstations and servers.
Combined mode offers a common list of components for workstation and servers. The availability of individual components depends on the operating system type. In this mode, we recommend creating a separate installation package for workstations and separate installation package for servers. You can configure the common list of components in the installation package only in Standard mode.
|
Remove incompatible third-party applications
|
Prior to the installation, Kaspersky Endpoint Security checks the computer for the presence of software from the incompatible.txt list. Kaspersky does not guarantee the compatibility of Kaspersky Endpoint Security with software from the list. If an application from the list is discovered, the installer stops the deployment of Kaspersky Endpoint Security.
|
Use password for modifying the set of application components
|
Administrators typically enable Password protection to restrict access to Kaspersky Endpoint Security. That is, to modify the selection of application components, you must enter credentials of a user that has the Remove / modify / restore the application permission. For example, you can use the KLAdmin account.
|
Use Azure WVD compatibility mode
|
This feature allows correctly displaying the state of the Azure virtual machine in the Kaspersky Anti Targeted Attack Platform console. To monitor the performance of the computer, Kaspersky Endpoint Security sends telemetry to KATA servers. Telemetry includes an ID of the computer (Sensor ID). Azure WVD compatibility mode allows assigning a permanent unique Sensor ID to these virtual machines. If the compatibility mode is turned off, the Sensor ID can change after the computer is restarted because of how Azure virtual machines work. This can cause duplicates of virtual machines to appear on the console.
|
Use the password to uninstall Kaspersky Endpoint Agent and Kaspersky Security for Windows Server
|
Administrators typically enable Password protection in settings of these tasks to restrict access to Kaspersky Endpoint Agent (KEA) and Kaspersky Security for Windows Server (KSWS). That is, if you are migrating from the [KES+KEA] configuration to [KES+built-in agent], or if you are migrating from KSWS to KES, you must enter a password to remove these applications.
|
Page top