Settings in the configuration file for post-installation configuration

In the post-installation configuration file, you can specify the settings shown in the table below. The set of applicable settings depends on the application usage mode.

The setting values are case-sensitive.

Setting	Description	Values
KSVLA_MODE	Kaspersky Endpoint Security usage mode.	`Yes` - Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments (as part of Kaspersky Hybrid Cloud Security for Virtualization Light Agent). `No` - Kaspersky Endpoint Security is used in Standard mode.
SERVER_MODE	The role of the protected virtual machine (server or workstation). The setting is applied only if the application is used in Light Agent mode.	`Yes` - the protected virtual machine is used as a server. `No` - the protected virtual machine is used as a workstation.
VDI_MODE	Enabling VDI protection mode to optimize application performance on temporary virtual machines. The setting is applied only if the application is used in Light Agent mode.	`Yes` – enable VDI protection mode. This is recommended if you are installing Kaspersky Endpoint Security on a virtual machine template that will be used to create temporary virtual machines. `No` – do not enable VDI protection mode.
EULA_AGREED	Required setting. Acceptance of the terms of the End User License Agreement.	`Yes` – accept the terms and conditions of the End User License Agreement. `No` – do not accept the terms and conditions of the End User License Agreement. The initial configuration of the application is aborted.
PRIVACY_POLICY_AGREED	Required setting. Acceptance of the terms of the Privacy Policy.	`Yes` – accept the Privacy Policy to continue installing the application. `No` – do not accept the terms and conditions of the Privacy Policy. The initial configuration of the application is aborted.
USE_KSN	Required setting. Enabling Kaspersky Security Network usage: To enable the use of KSN, the terms of the Kaspersky Security Network Statement must be accepted. If Kaspersky Endpoint Security is used in Standard mode and you have enabled the use of KSN, the application's cloud mode is automatically enabled. In this mode, Kaspersky Endpoint Security uses a lightweight version of the malware databases.	`Yes` – accept the terms of the Kaspersky Security Network Statement and enable the use of KSN. `No` – do not accept the Kaspersky Security Network Statement. Opting out of the KSN does not abort the initial configuration process.
GROUP_CLEAN	Required setting. Removing users from the kesladmin and keslaudit privileged groups before installing the application.	`Yes` - Remove users from the privileged groups. If the value is `Yes` and there is no nogroup group, the installation will fail and you will be prompted to manually remove users from privileged groups. `No` - Do not remove users from the privileged groups.
LOCALE	Optional setting. The locale used for the application events sent to Kaspersky Security Center. The locale of the graphical interface and the application command line is taken from the `LANG` environment variable. If the application does not support this localization, it defaults to the English localization.	Locale in RFC 3066 format. Possible values: `de_DE.UTF-8` – German `en_US.UTF-8` – English `fr_FR.UTF-8` – French `ja_JP.UTF-8` – Japanese `ru_RU.UTF-8` – Russian `zh_TW.UTF-8` – Chinese Simplified `zh_CN.UTF-8` – Chinese Traditional If the `LOCALE` setting is not specified, the operating system locale is used. If the application cannot detect the locale of the operating system or this locale is not supported, English (en_US.UTF-8 in RFC 3066 format) is used to localize events.
INSTALL_LICENSE	Activation code or path to the key file for adding a license key to the application. This setting applies only if the application is used in Standard mode.	<`activation code`> if you want to activate the application using an activation code during installation. <`full path to key file`> if you want to activate the application using a key file during installation. `None` if you do not want to activate the application during installation, for example, if you are installing the application in an isolated network segment without internet access.
UPDATER_SOURCE	Update source for databases and application modules. This setting applies only if the application is used in Standard mode.	`SCServer` – use the Kaspersky Security Center Administration Server as the update source. `KLServers` – use Kaspersky servers as the update source. `<update source address>`.
PROXY_SERVER	Address of the proxy server used to connect to the Internet. This setting applies only if the application is used in Standard mode.	Address of the proxy server in one of the following formats: `<connection protocol>://<IP address of the proxy server>:<port number>` if the proxy server connection does not require authentication `<connection protocol>://<user name>:<password>@<IP address of the proxy server>:<port number>` if the proxy server connection requires authentication Connecting to a proxy server over HTTPS is not supported.
UPDATE_EXECUTE	Start the application database update task during the initial configuration. This setting applies only if the application is used in Standard mode.	`Yes` – start update task. `No` – do not start update task.
KERNEL_SRCS_INSTALL	Automatic start of kernel module compilation when the File Threat Protection task is started (for operating systems that do not support the fanotify technology).	`Yes` – compile the kernel module when File Threat Protection starts. `No` – do not compile the kernel module.
ADMIN_USER	A user assigned the administrator role (admin).
CONFIGURE_SELINUX	Automatic configuration of SELinux for working with Kaspersky Endpoint Security.	`Yes` – automatically configure SELinux to work with Kaspersky Endpoint Security. `No` – do not perform automatic SELinux configuration.
DISABLE_PROTECTION	Disable protection components and scan tasks after the application is installed. An installation with protection components disabled can be convenient, for example, in order to reproduce a problem in the operation of the application and create a trace file. If you enable the necessary components and tasks after installing the application with the `DISABLE_PROTECTION=Yes` parameter, the enabled components and tasks will continue to work after the application is restarted.	`Yes` - Disable protection components and scan tasks when the application is started after installation. `No` - Do not disable protection components and scan tasks when the application is started after installation.
INTERCEPTOR_MODE	The system event interception mechanism used by Kaspersky Endpoint Security: This setting is applied only on devices where the operating system supports fanotify and the application is used in standard mode.	`UseFanotify` – use the fanotify technology to intercept system events. `UseUpdatableKernelModule` – use an updatable kernel module to intercept system events.
INTERCEPTOR_FALLBACK_STRATEGY	What the application does if the updatable kernel module fails to start. This setting is applied only on devices where the operating system supports fanotify and the application is used in standard mode.	`FallbackToFanotify` – switch to fanotify for system event interception. `FallbackToLimitedMode` – do not use system event interception. As a result, real-time file scanning is not performed, and the protection level of the device is reduced.

Setting

Description

Values

KSVLA_MODE

Kaspersky Endpoint Security usage mode.

Yes - Kaspersky Endpoint Security is used in Light Agent mode to protect virtual environments (as part of Kaspersky Hybrid Cloud Security for Virtualization Light Agent).

No - Kaspersky Endpoint Security is used in Standard mode.

SERVER_MODE

The role of the protected virtual machine (server or workstation).

The setting is applied only if the application is used in Light Agent mode.

Yes - the protected virtual machine is used as a server.

No - the protected virtual machine is used as a workstation.

VDI_MODE

Enabling VDI protection mode to optimize application performance on temporary virtual machines.

The setting is applied only if the application is used in Light Agent mode.

Yes – enable VDI protection mode. This is recommended if you are installing Kaspersky Endpoint Security on a virtual machine template that will be used to create temporary virtual machines.

No – do not enable VDI protection mode.

EULA_AGREED

Required setting.

Acceptance of the terms of the End User License Agreement.

Yes – accept the terms and conditions of the End User License Agreement.

No – do not accept the terms and conditions of the End User License Agreement. The initial configuration of the application is aborted.

PRIVACY_POLICY_AGREED

Required setting.

Acceptance of the terms of the Privacy Policy.

Yes – accept the Privacy Policy to continue installing the application.

No – do not accept the terms and conditions of the Privacy Policy. The initial configuration of the application is aborted.

USE_KSN

Required setting.

Enabling Kaspersky Security Network usage: To enable the use of KSN, the terms of the Kaspersky Security Network Statement must be accepted.

If Kaspersky Endpoint Security is used in Standard mode and you have enabled the use of KSN, the application's cloud mode is automatically enabled. In this mode, Kaspersky Endpoint Security uses a lightweight version of the malware databases.

Yes – accept the terms of the Kaspersky Security Network Statement and enable the use of KSN.

No – do not accept the Kaspersky Security Network Statement. Opting out of the KSN does not abort the initial configuration process.

GROUP_CLEAN

Required setting.

Removing users from the kesladmin and keslaudit privileged groups before installing the application.

Yes - Remove users from the privileged groups. If the value is Yes and there is no nogroup group, the installation will fail and you will be prompted to manually remove users from privileged groups.

No - Do not remove users from the privileged groups.

LOCALE

Optional setting.

The locale used for the application events sent to Kaspersky Security Center.

The locale of the graphical interface and the application command line is taken from the LANG environment variable. If the application does not support this localization, it defaults to the English localization.

Locale in RFC 3066 format. Possible values:

de_DE.UTF-8 – German
en_US.UTF-8 – English
fr_FR.UTF-8 – French
ja_JP.UTF-8 – Japanese
ru_RU.UTF-8 – Russian
zh_TW.UTF-8 – Chinese Simplified
zh_CN.UTF-8 – Chinese Traditional

If the LOCALE setting is not specified, the operating system locale is used.

If the application cannot detect the locale of the operating system or this locale is not supported, English (en_US.UTF-8 in RFC 3066 format) is used to localize events.

INSTALL_LICENSE

Activation code or path to the key file for adding a license key to the application.

This setting applies only if the application is used in Standard mode.

<activation code> if you want to activate the application using an activation code during installation.

<full path to key file> if you want to activate the application using a key file during installation.

None if you do not want to activate the application during installation, for example, if you are installing the application in an isolated network segment without internet access.

UPDATER_SOURCE

Update source for databases and application modules.

This setting applies only if the application is used in Standard mode.

SCServer – use the Kaspersky Security Center Administration Server as the update source.

KLServers – use Kaspersky servers as the update source.

<update source address>.

PROXY_SERVER

Address of the proxy server used to connect to the Internet.

This setting applies only if the application is used in Standard mode.

Address of the proxy server in one of the following formats:

<connection protocol>://<IP address of the proxy server>:<port number> if the proxy server connection does not require authentication
<connection protocol>://<user name>:<password>@<IP address of the proxy server>:<port number> if the proxy server connection requires authentication

Connecting to a proxy server over HTTPS is not supported.

UPDATE_EXECUTE

Start the application database update task during the initial configuration.

This setting applies only if the application is used in Standard mode.

Yes – start update task.

No – do not start update task.

KERNEL_SRCS_INSTALL

Automatic start of kernel module compilation when the File Threat Protection task is started (for operating systems that do not support the fanotify technology).

Yes – compile the kernel module when File Threat Protection starts.

No – do not compile the kernel module.

ADMIN_USER

A user assigned the administrator role (admin).

CONFIGURE_SELINUX

Automatic configuration of SELinux for working with Kaspersky Endpoint Security.

Yes – automatically configure SELinux to work with Kaspersky Endpoint Security.

No – do not perform automatic SELinux configuration.

DISABLE_PROTECTION

Disable protection components and scan tasks after the application is installed.

An installation with protection components disabled can be convenient, for example, in order to reproduce a problem in the operation of the application and create a trace file.

If you enable the necessary components and tasks after installing the application with the DISABLE_PROTECTION=Yes parameter, the enabled components and tasks will continue to work after the application is restarted.

Yes - Disable protection components and scan tasks when the application is started after installation.

No - Do not disable protection components and scan tasks when the application is started after installation.

INTERCEPTOR_MODE

The system event interception mechanism used by Kaspersky Endpoint Security:

This setting is applied only on devices where the operating system supports fanotify and the application is used in standard mode.

UseFanotify – use the fanotify technology to intercept system events.

UseUpdatableKernelModule – use an updatable kernel module to intercept system events.

INTERCEPTOR_FALLBACK_STRATEGY

What the application does if the updatable kernel module fails to start.

This setting is applied only on devices where the operating system supports fanotify and the application is used in standard mode.

FallbackToFanotify – switch to fanotify for system event interception.

FallbackToLimitedMode – do not use system event interception. As a result, real-time file scanning is not performed, and the protection level of the device is reduced.

Specify the values of settings in the format <setting name>=<setting value> (spaces between the a setting name and its value are not processed).

Page top