Updating the operating system

There are a number of special considerations for updating the operating system of a computer that is protected by Full Disk Encryption (FDE). Update the operating system as follows: first update the OS on one computer, then update the OS on a small portion of the computers, then update the OS on all computers of the network.

If you are using Kaspersky Disk Encryption technology, Authentication Agent is loaded before the operating system is started. Using Authentication Agent, the user can sign in to the system and receive access to encrypted drives. Then the operating system begins loading.

If you start an update of the operating system on a computer that is protected using Kaspersky Disk Encryption technology, the OS Update Wizard will remove Authentication Agent. As a result, the computer can be locked because the OS loader will not be able to access the encrypted drive.

For details about safely updating the operating system, please refer to the Technical Support Knowledge Base.

Automatic updating of the operating system is available under the following conditions:

  1. The operating system is updated through WSUS (Windows Server Update Services).
  2. Windows 10 version 1607 (RS1) or later is installed on the computer.
  3. Kaspersky Endpoint Security version 11.2.0 or later is installed on the computer.

If all the conditions are met, you can update the operating system in the usual way.

If you are using Kaspersky Disk Encryption (FDE) technology and Kaspersky Endpoint Security for Windows version 11.1.0 or 11.1.1 is installed on the computer, you do not need to decrypt the hard drives to update Windows 10.

To update the operating system, you need to do the following:

  1. Prior to updating the system, copy the drivers named cm_km.inf, cm_km.sys, klfde.cat, klfde.inf, klfde.sys, klfdefsf.cat, klfdefsf.inf, and klfdefsf.sys to a local folder. For example, C:\fde_drivers.
  2. Run the system update installation with the /ReflectDrivers switch and specify the folder containing the saved drivers:

    setup.exe /ReflectDrivers C:\fde_drivers

If you are using BitLocker Drive Encryption technology, you do not need to decrypt the hard drives to update Windows 10. For more details on BitLocker, please visit the Microsoft website.

Page top