Installation and uninstallation settings and command line options for the Windows Installer service
This section contains descriptions of the settings for installing and uninstalling Kaspersky Security for Windows Server, their default values, keys for changing the installation settings, and their possible values. These keys can be used in conjunction with standard keys for the Windows Installer service's msiexec command when installing Kaspersky Security for Windows Server from the command line.
Installation settings and command line options in Windows Installer
Acceptance of the terms of the End User License Agreement: you must accept the terms to install Kaspersky Security for Windows Server.
The possible values for EULA=<value> command line option are as follows:
0 – you reject the terms of the End User License Agreement (default value).
1 – you accept the terms of the End User License Agreement.
Acceptance of the terms of the Privacy Policy: you must accept the terms to install Kaspersky Security for Windows Server.
The possible values for PRIVACYPOLICY=<value> command line option are as follows:
0 – you reject the terms of the Privacy Policy (default value).
1 – you accept the terms of the Privacy Policy.
Allow installation of Kaspersky Security for Windows Server if the KB4528760 update not installed. For detailed information about the KB4528760 update please visit Microsoft website.
The possible values for SKIPCVEWINDOWS10=<value> command line option are as follows:
0 – cancel the installation of Kaspersky Security for Windows Server if the KB4528760 update is not installed (default value).
1 – allow the installation of Kaspersky Security for Windows Server if the KB4528760 update is not installed.
The KB4528760 update fixes the CVE-2020-0601 security vulnerability. For detailed information about the CVE-2020-0601 security vulnerability please visit the Microsoft website.
Installation of Kaspersky Security for Windows Server with a preliminary scan of active processes and the boot sectors of local disks.
The possible values for PRESCAN=<value> command line option are as follows:
0 – do not perform a preliminary scan of active processes and the boot sectors of local disks during the installation (default value).
1 – perform a preliminary scan of active processes and the boot sectors of local disks during the installation.
Destination folder where Kaspersky Security for Windows Server files will be saved during installation. A different folder can be specified.
The default values for INSTALLDIR=<full path to the folder> command line option are as follows:
Kaspersky Security for Windows Server: %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Windows Server
Administration tools: %ProgramFiles%\Kaspersky Lab\Kaspersky Security for Windows Server Admins Tools
On the x64-bit version of Microsoft Windows: %ProgramFiles(x86)%
The Real-Time File Protection task starts immediately after Kaspersky Security for Windows Server starts. Turn on this setting to start Real-Time File Protection and Script Monitoring when Kaspersky Security for Windows Server starts (recommended).
The possible values for RUNRTP=<value> command line option are as follows:
1 – start (default value).
0 – do not start.
Protection exclusions recommended by Microsoft Corporation. In the Real-Time File Protection task exclude from the protection scope objects on the device that Microsoft Corporation recommends to exclude. Some applications on the protected device may become unstable when an anti-virus application intercepts or modifies the files they use. For example, Microsoft Corporation includes some domain controller applications in the list of such objects.
The possible values for ADDMSEXCLUSION=<value> command line option are as follows:
1 – exclude (default value).
0 – do not exclude.
Objects excluded from the protection scope according to Kaspersky recommendations. In the Real-Time File Protection task exclude from the protection scope objects on the device that Kaspersky recommends to exclude.
The possible values for ADDKLEXCLUSION=<value> command line option are as follows:
1 – exclude (default value).
0 – do not exclude.
Allow remote connection to the Application Console. By default, remote connection is not allowed to the Application Console installed on the protected device. During the installation, you can allow connection. Kaspersky Security for Windows Server creates allowing rules for the process kavfsgt.exe using the TCP protocol for all ports.
The possible values for ALLOWREMOTECON=<value> command line option are as follows:
1 – allow.
0 – deny (default value).
Path to the key file (LICENSEKEYPATH
)
. By default, the Windows Installer attempts to find the file with .key extension in the \server folder of the distribution kit. If the \server folder contains several key files, the Windows Installer will select the key file that has the farthest expiration date. A key file can be saved beforehand in the \server folder or by specifying another path to the key file using the Add key setting. You can add a key after Kaspersky Security for Windows Server is installed using an administrative tool of your choice: for example, the Application Console. If you do not add a key during installation of the application, Kaspersky Security for Windows Server will not function.
Path to the configuration file. Kaspersky Security for Windows Server imports settings from the specified configuration file created in the application. Kaspersky Security for Windows Server does not import passwords from the configuration file, for example, account passwords for starting tasks, or passwords for connecting to a proxy server. Once the settings are imported, you will have to enter all passwords manually. If the configuration file is not specified, the application will start to work with the default settings after setup.
The default value for CONFIGPATH=<configuration file name> is not specified.
Enabling network connections for the Application Console option is used to install Kaspersky Security for Windows Server Console on another device. You can remotely manage device protection from another device with the Kaspersky Security for Windows Server Console installed. Port 135 (TCP) is opened in Microsoft Windows Firewall, network connections are allowed for the executable file kavfsrcn.exe for remote management of Kaspersky Security for Windows Server, and access is granted to DCOM applications. When installation is complete, add users to the KAVWSEE Administrators group to let them remotely manage the application, if the protected device operates on the Microsoft Windows Server 2008, and allow network connections to the Kaspersky Security Management Service (kavfsgt.exe file) on the protected device. You can read more about additional configuration when the Kaspersky Security for Windows Server Console is installed on another device.
The possible values for ADDWFEXCLUSION=<value> command line option are as follows:
1 – allow.
0 – deny (default value).
Disabling the check for incompatible software. Use this setting to enable or disable the check for incompatible software during background installation of the application on the protected device.Regardless of the value of this setting, during installation of Kaspersky Security for Windows Server, the application always warns about other versions of the application installed on the protected device.
The possible values for SKIPINCOMPATIBLESW=<value> command line option are as follows:
0 – The check for incompatible software is performed (default value).
1 – The check for incompatible software is not performed.
Uninstallation settings and command line options in Windows Installer
Restoring quarantined objects.
The possible values for RESTOREQTN=<value> command line option are as follows:
0 – Remove quarantined content (default value).
1 – Restore quarantined content to the folder specified by the RESTOREPATH parameter into the \Quarantine subfolder.
Restoring the content of backup.
The possible values for RESTOREBCK=<value> command line option are as follows:
0 – Remove backup content (default value).
1 – Restore backup contents to the folder specified by the RESTOREPATH parameter into the \Backup subfolder.
Enter the current password to confirm the uninstallation (if password protection is enabled).
The default value for UNLOCK_PASSWORD=<specified password> is not specified.
Folder for restored objects. Restored objects will be saved to the specified folder.
The default value for RESTOREPATH=<full path to the folder> command line option is %ALLUSERSPROFILE%\Application Data\Kaspersky Lab\Kaspersky Security for Windows Server\11\Restored.