KEA to KES Migration Guide for EDR Optimum

Support

Support for business applications

Kaspersky Endpoint Security 12 for Windows

Detection and Response solutions

Endpoint Detection and Response

KEA to KES Migration Guide for EDR Optimum

April 25, 2024

ID 225087

Get as PDF

Starting with version 11.7.0, Kaspersky Endpoint Security for Windows includes a built-in agent for the Kaspersky Endpoint Detection and Response Optimum solution. You no longer need a separate Kaspersky Endpoint Agent application to work with EDR Optimum. All functions of Kaspersky Endpoint Agent will be performed by Kaspersky Endpoint Security.

When you deploy Kaspersky Endpoint Security on computers that have Kaspersky Endpoint Agent installed, Kaspersky Endpoint Detection and Response Optimum solution will continue working with Kaspersky Endpoint Security. In addition, Kaspersky Endpoint Agent will be removed from the computer. The same behavior in the system will occur when you update Kaspersky Endpoint Security to version 11.7.0 or higher.

Kaspersky Endpoint Security is not compatible with Kaspersky Endpoint Agent. You cannot install both of these applications on the same computer.

The following conditions must be met for Kaspersky Endpoint Security to work as part of Kaspersky Endpoint Detection and Response Optimum:

Kaspersky Endpoint Detection and Response Optimum version 2.0 or higher
Kaspersky Security Center version 13.2 or higher (including Network Agent). In earlier versions of Kaspersky Security Center, it is impossible to activate the EDR Optimum feature.
EDR Optimum can be managed only using the Kaspersky Security Center Web Console.
Data transfer to Administration Server is enabled. The data are required to obtain information about files quarantined on a computer through Web Console.
A background connection between Kaspersky Security Center Web Console and Administration Server is established. For EDR Optimum to work with Administration Server via Kaspersky Security Center Web Console, you must establish a new secure connection, a background connection.

Steps for migrating [KES+KEA] configuration to [KES+built-in agent] for EDR Optimum

Upgrading the Kaspersky Endpoint Security web plug-in
EDR Optimum component can be managed using the Kaspersky Endpoint Security Web Plug-in version 11.7.0 or higher.
Migrating policies and tasks
Transfer Kaspersky Endpoint Agent settings to Kaspersky Endpoint Security for Windows. To do this, use the wizard for migrating from Kaspersky Endpoint Agent in the Web Console.

How to migrate policy and task settings from Kaspersky Endpoint Agent to Kaspersky Endpoint Security in Web Console
In the main window of the Web Console, select Operations → Migration from Kaspersky Endpoint Agent.

This runs the policies and tasks migration wizard. Follow the instructions of the Wizard.

Step 1. Policy migration

The Migration Wizard creates a new policy which merges the settings of Kaspersky Endpoint Security and Kaspersky Endpoint Agent policies. In the policy list, select Kaspersky Endpoint Agent policies whose settings you want to merge with the Kaspersky Endpoint Security policy. Click the Kaspersky Endpoint Agent policy in order to select the Kaspersky Endpoint Security policy with which you want to merge settings. Make sure you selected the correct policies and go to the next step.

Step 2. Task migration

The Migration Wizard creates new tasks for Kaspersky Endpoint Security. In the task list, select Kaspersky Endpoint Agent tasks which you want to create for Kaspersky Endpoint Security policy. Go to the next step.

Step 3. Wizard completion

Exit the Wizard. As a result, the wizard does the following:
- Creates a new Kaspersky Endpoint Security policy.
  The policy merges settings from Kaspersky Endpoint Security and Kaspersky Endpoint Agent. The policy is called <Kaspersky Endpoint Security policy name> & <Kaspersky Endpoint Agent policy name>. The new policy has the Inactive status. To continue, change the statuses of Kaspersky Endpoint Agent and Kaspersky Endpoint Security policies to Inactive and activate the new merged policy.
  
  After migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security for Windows, please make sure that the new policy has the functionality for data transfer to the Administration Server (quarantine file data and threat development chain data) set up. Data transfer parameter values are not migrated from a Kaspersky Endpoint Agent policy.
- Creates new Kaspersky Endpoint Security tasks.
  New tasks are copies of Kaspersky Endpoint Agent tasks. At the same time, the Wizard leaves Kaspersky Endpoint Agent tasks unchanged.
Licensing the EDR Optimum functionality
If you use a common Kaspersky Endpoint Detection and Response Optimum or Kaspersky Optimum Security license to activate Kaspersky Endpoint Security for Windows and Kaspersky Endpoint Agent, EDR Optimum functionality will be activated automatically after upgrading the application to version 11.7.0 or higher. You do not need to do anything else.

If you use a stand-alone Kaspersky Endpoint Detection and Response Optimum Add-on license to activate EDR Optimum functionality, you must make sure that the EDR Optimum key is added to the Kaspersky Security Center repository and the automatic license key distribution functionality is enabled. After you upgrade the application to version 11.7.0 or higher, EDR Optimum functionality is activated automatically.

If you use a Kaspersky Endpoint Detection and Response Optimum or Kaspersky Optimum Security license to activate Kaspersky Endpoint Agent, and a different license to activate Kaspersky Endpoint Security for Windows, you must replace the Kaspersky Endpoint Security for Windows key with the common Kaspersky Endpoint Detection and Response Optimum or Kaspersky Optimum Security key. You can replace the key using the Add key task.
Installing / Upgrading the Kaspersky Endpoint Security application
To migrate EDR Optimum functionality during an application installation or upgrade, it is recommended to use the remote installation task. When creating a remote installation task, you need to select EDR Optimum component in the installation package settings.

You can also upgrade the application using the following methods:
- Using the Kaspersky update service.
- Locally, by using the Setup Wizard.
Kaspersky Endpoint Security supports automatically selecting components when upgrading the application on a computer with the Kaspersky Endpoint Agent application installed. The automatic selection of components depends on the permissions of the user account that is upgrading the application.

If you are upgrading Kaspersky Endpoint Security using the EXE or MSI file under the system account (SYSTEM), Kaspersky Endpoint Security gains access to current licenses of Kaspersky solutions. Therefore, if the computer has, for example, Kaspersky Endpoint Agent installed and the EDR Optimum solution activated, the Kaspersky Endpoint Security installer automatically configures the set of components and selects the EDR Optimum component. This makes Kaspersky Endpoint Security switch to using the built-in agent and removes Kaspersky Endpoint Agent. Running the MSI installer under the system account (SYSTEM) is usually performed when upgrading via the Kaspersky update service or when deploying an installation package via Kaspersky Security Center.

If you are upgrading Kaspersky Endpoint Security using an MSI file under a non-privileged user account, Kaspersky Endpoint Security lacks access to current licenses of Kaspersky solutions. In this case, Kaspersky Endpoint Security automatically selects components based on Kaspersky Endpoint Agent configuration. After that Kaspersky Endpoint Security switches to using the built-in agent and removes Kaspersky Endpoint Agent.

Kaspersky Endpoint Security supports upgrading without computer restart. You can select the application upgrade mode in policy properties.
Checking the application operation
If after application installation or upgrade, the computer has the Critical status in the Kaspersky Security Center console:
- Make sure that the computer has Network Agent version 13.2 or higher installed.
- Check the operating status of the built-in agent by viewing the Application components status report. If a component has the Not installed status, install the component using the Change application components task. If a component has the Not covered by license status, make sure that you have activated the built-in agent functionality.
- Make sure you accept the Kaspersky Security Network Statement in the new policy of Kaspersky Endpoint Security for Windows.

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.