1. Open the Kaspersky Security Center Administration Console.
2. In the console tree, select Tasks.

   The list of tasks opens.

3. Click New task.

The Task Wizard starts. Follow the instructions of the Wizard.

Step 1. Selecting task type

Select Kaspersky Endpoint Security for Windows (12.8) → Select components to install.

Step 2. Task settings for changing application components

Select the configuration of the application:

• Standard mode to protect workstations and servers. The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud.
• Endpoint Detection and Response Agent to protect against advanced threats and targeted attacks. In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA), Managed Detection and Response (MDR), Network Detection and Response (KATA), as well as Kaspersky Unified Monitoring and Analysis Platform (KUMA). This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.
• Light Agent to protect virtual environments. This configuration is intended for the application that is used as part of the Kaspersky Security for Virtualization Light Agent solution. Light Agent must be installed on each virtual machine that needs to be protected using the solution. In this configuration, you cannot use Data Encryption components or Adaptive Anomaly Control. If you are installing Light Agent on a virtual machine template that will be used to create nonpersistent virtual machines, select the Protect VDI infrastructure check box (VDI stands for Virtual Desktop Infrastructure). The VDI protection mode helps optimize the performance of Kaspersky Endpoint Security on nonpersistent virtual machines. In this mode, Light Agent declines application updates that require restarting the virtual machine. When receiving application updates that require a restart, Light Agent generates an event about needing to update the template of the protected virtual machines.

Select the application components that will be available on the user's computer. Configure the advanced settings for the task (see the table below).

Step 3. Selecting the devices to which the task will be assigned

Select the computers on which the task will be performed. The following options are available:

• Assign the task to an administration group. In this case, the task is assigned to computers included in a previously created administration group.
• Select computers detected by the Administration Server in the network: unassigned devices. The specific devices can include devices in administration groups as well as unassigned devices.
• Specify device addresses manually, or import addresses from a list. You can specify NetBIOS names, IP addresses, and IP subnets of devices to which you want to assign the task.

Step 4. Configuring a task start schedule

Configure a schedule for starting a task, for example, manually or when the computer is idle.

Step 5. Defining the task name

Enter a name for the task, for example, Add the Application Control component.

Step 6. Completing task creation

Exit the Wizard. If necessary, select the Run the task after the wizard finishes check box. You can monitor the progress of the task in the task properties.

As a result, the set of Kaspersky Endpoint Security components on users' computers will be changed in silent mode. The settings of available components will be displayed in the local interface of the application. The components that were not included in the application are disabled, and the settings of these components are not available.

1. In the main window of the Web Console, select Assets (Devices) → Tasks.

   The list of tasks opens.

2. Click Add.

The Task Wizard starts. Follow the instructions of the Wizard.

Step 1. Configuring general task settings

Configure the general task settings:

1. In the Application drop-down list, select Kaspersky Endpoint Security for Windows (12.8.0).
2. In the Task type drop-down list, select Change application components.
3. In the Task name field, enter a brief description, for example, Add the Application Control component.
4. In the Devices to which the task will be assigned block, select the task scope.

Step 2. Selecting the devices to which the task will be assigned

Select the computers on which the task will be performed. For example, select a separate administration group or build a selection.

Step 3. Completing task creation

Select the Open task details when creation is complete check box and finish the wizard.

In the task properties, select the Application settings tab. Next, select the configuration of the application:

• Standard mode to protect workstations and servers. The default configuration. This configuration lets you use all components of the application, including components that provide support for Detection and Response solutions. This configuration is used for comprehensive protection of the computer from a variety of threats, network attacks, and fraud.
• Endpoint Detection and Response Agent to protect against advanced threats and targeted attacks. In this configuration, you can only install the components that provide support for Detection and Response solutions: Endpoint Detection and Response (KATA), Managed Detection and Response (MDR), Network Detection and Response (KATA), as well as Kaspersky Unified Monitoring and Analysis Platform (KUMA). This configuration is needed if a third-party Endpoint Protection Platform (EPP) is deployed in your organization alongside a Kaspersky Detection and Response solution. This makes Kaspersky Endpoint Security in the Endpoint Detection and Response Agent configuration compatible with third-party EPP applications.
• Light Agent to protect virtual environments. This configuration is intended for the application that is used as part of the Kaspersky Security for Virtualization Light Agent solution. Light Agent must be installed on each virtual machine that needs to be protected using the solution. In this configuration, you cannot use Data Encryption components or Adaptive Anomaly Control. If you are installing Light Agent on a virtual machine template that will be used to create nonpersistent virtual machines, select the Protect VDI infrastructure check box (VDI stands for Virtual Desktop Infrastructure). The VDI protection mode helps optimize the performance of Kaspersky Endpoint Security on nonpersistent virtual machines. In this mode, Light Agent declines application updates that require restarting the virtual machine. When receiving application updates that require a restart, Light Agent generates an event about needing to update the template of the protected virtual machines.

Select the application components that will be available on the user's computer. Configure the advanced settings for the task (see the table below).

As a result, the set of Kaspersky Endpoint Security components on users' computers will be changed in silent mode. The settings of available components will be displayed in the local interface of the application. The components that were not included in the application are disabled, and the settings of these components are not available.