[Setup]

InstallDir

Path to the application installation folder.

ActivationCode

Kaspersky Endpoint Security activation code.

EULA=1

Acceptance of the terms of the End User License Agreement. The text of the License Agreement is included in the distribution kit of Kaspersky Endpoint Security.

Accepting the terms of the End User License Agreement is necessary for installing the application or upgrading the application version.

PrivacyPolicy=1

Acceptance of the Privacy Policy. The text of the Privacy Policy is included in the Kaspersky Endpoint Security distribution kit.

To install the application or upgrade the application version, you must accept the Privacy Policy.

KSN

Agreement or refusal to participate in Kaspersky Security Network (KSN). If no value is set for this parameter, Kaspersky Endpoint Security will prompt to confirm your consent or refusal to participate in KSN when Kaspersky Endpoint Security is first started. Available values:

• 1 – agreement to participate in KSN.
• 0 – refusal to participate in KSN (default value).

The Kaspersky Endpoint Security distribution package is optimized for use with Kaspersky Security Network. If you opted not to participate in Kaspersky Security Network, you should update Kaspersky Endpoint Security immediately after the installation is complete.

Login

Set the user name for accessing the features and settings of Kaspersky Endpoint Security (the Password protection component). The user name is set together with the Password and PasswordArea parameters. The user name KLAdmin is used by default.

Password

Specify a password for accessing Kaspersky Endpoint Security features and settings (the password is specified together with the Login and PasswordArea parameters).

If you specified a password but did not specify a user name with the Login parameter, the KLAdmin user name is used by default.

PasswordArea

Specify the scope of the password for accessing Kaspersky Endpoint Security. When a user attempts to perform an action that is included in this scope, Kaspersky Endpoint Security prompts for the user's account credentials (Login and Password parameters). Use the ";" character to specify multiple values.

Available values:

• SET – modifying application settings.
• EXIT – exiting the application.
• DISPROTECT – disabling protection components and stopping scan tasks.
• DISPOLICY – disabling the Kaspersky Security Center policy.
• UNINST – removing the application from the computer.
• DISCTRL – disabling control components.
• REMOVELIC – removing the key.
• REPORTS – viewing reports.

For example, PasswordArea=SET;PasswordArea=UNINST;PasswordArea=EXIT.

SelfProtection

Enabling or disabling the application installation protection mechanism. Available values:

• 1 – the application installation protection mechanism is enabled (default value).
• 0 – the application installation protection mechanism is disabled.

Installation protection includes protection against replacement of the distribution package with malicious applications, blocking access to the installation folder of Kaspersky Endpoint Security, and blocking access to the system registry section containing application keys. However, if the application cannot be installed (for example, when performing remote installation with the help of Windows Remote Desktop), you are advised to disable protection of the installation process.

EnableAzureSupport

Enabling or disabling Azure WVD compatibility mode. Available values:

• 1 – Azure WVD compatibility mode is enabled.
• 0 – Azure WVD compatibility mode is disabled (default value).

This feature allows correctly displaying the state of the Azure virtual machine in the Kaspersky Anti Targeted Attack Platform console. To monitor the performance of the computer, Kaspersky Endpoint Security sends telemetry to KATA servers. Telemetry includes an ID of the computer (Sensor ID). Azure WVD compatibility mode allows assigning a permanent unique Sensor ID to these virtual machines. If the compatibility mode is turned off, the Sensor ID can change after the computer is restarted because of how Azure virtual machines work. This can cause duplicates of virtual machines to appear on the console.

Reboot=1

Automatic restart of the computer, if required after installation or upgrade of the application. If no value is set for this parameter, automatic computer restart is blocked.

Restart is not required when installing Kaspersky Endpoint Security. Restart is required only if you have to remove incompatible applications prior to installation. Restart may also be required when updating the application version.

AddEnvironment

In the %PATH% system variable, add the path to executable files located in the Kaspersky Endpoint Security setup folder. Available values:

• 1 – the %PATH% system variable is supplemented with the path to executable files that are located in the Kaspersky Endpoint Security setup folder.
• 0 – the %PATH% system variable is not supplemented with the path to executable files that are located in the Kaspersky Endpoint Security setup folder.

AMPPL

Enables or disables protection of the Kaspersky Endpoint Security processes using AM-PPL technology (Antimalware Protected Process Light). For more details about AM-PPL technology, please visit the Microsoft website.

AM-PPL technology is available for Windows 10 version 1703 (RS2) or later, and Windows Server 2019 operating systems.

Available values:

• 1 – protection of the Kaspersky Endpoint Security processes using AM-PPL technology is enabled.
• 0 – protection of the Kaspersky Endpoint Security processes using AM-PPL technology is disabled.

UPGRADEMODE

Application upgrade mode:

• Seamless means upgrading the application with a computer restart (default value).
• Force means upgrading the application without a restart.

You can upgrade the application without a restart starting with version 11.10.0. To upgrade an earlier version of the application, you must restart the computer. You can also install patches without a restart starting with version 11.11.0.

Restart is not required when installing Kaspersky Endpoint Security. So, the upgrade mode of the application will be specified in the application settings. You can change this parameter in the application settings or in the policy.

When upgrading already installed application, the priority of the parameter specified in the setup.ini file is higher than that of the parameter specified in the application settings or in the command line. For example, if Force upgrade mode is specified in the setup.ini file and Seamless mode is specified in the application settings, the upgrade will be installed without a restart (Force). If you are using the setup.ini file, where the UPGRADEMODE parameter is not specified, the installer will use a default value (Seamless) and will install the upgrade with a computer restart.

SetupReg

Enable writing of registry keys from the setup.reg file to the registry. SetupReg: setup.reg parameter value.

EnableTraces

Enabling or disabling application tracing. After Kaspersky Endpoint Security starts, it saves trace files in the folder %ProgramData%\Kaspersky Lab\KES.21.14\Traces. Available values:

• 1 – tracing is enabled.
• 0 – tracing is disabled (default value).

TracesLevel

Level of detail of traces. Available values:

• 100 (critical). Only messages about fatal errors.
• 200 (high). Messages about all errors, including fatal errors.
• 300 (diagnostic). Messages about all errors, as well as warnings.
• 400 (important). All error messages, warnings, and additional information.
• 500 (normal). Messages about all errors and warnings, as well as detailed information about the operation of the application in normal mode (default).
• 600 (low). All messages.

RESTAPI

Managing the application through the REST API. To manage the application through the REST API, you must specify the user name (RESTAPI_User parameter).

Available values:

• 1 – management via REST API is allowed.
• 0 – management via REST API is blocked (default value).

To manage the application through the REST API, management using administrative systems must be allowed. To do so, set the AdminKitConnector=1 parameter. If you manage the application through the REST API, it is impossible to manage the application using the administration systems of Kaspersky.

RESTAPI_User

User name of the Windows domain account used for managing the application through the REST API. Management of the application through the REST API is available only to this user. Enter the user name in the format <DOMAIN>\<UserName> (for example, RESTAPI_User=COMPANY\Administrator). You can select only one user to work with the REST API.

Adding a user name is a prerequisite for managing the application through the REST API.

RESTAPI_Port

Port used for managing the application through the REST API. Port 6782 is used by default. Make sure that the port is free.

RESTAPI_Certificate

Certificate for identifying requests (for example, RESTAPI_Certificate=C:\cert.pem). Secure interaction of Kaspersky Endpoint Security with the REST client requires configuring request identification. To do so, you must install a certificate and subsequently sign the payload of each request.

[Components]

ALL

Installation of all components. If the parameter value 1 is specified, all components will be installed regardless of the installation settings of individual components.

Because of the way Detection and Response solutions are supported, Endpoint Detection and Response Optimum as well as Kaspersky Sandbox components are installed on the computer. The Endpoint Detection and Response Expert component is not compatible with this configuration.

MailThreatProtection

Mail Threat Protection.

WebThreatProtection

Web Threat Protection.

AMSI

AMSI Protection.

HostIntrusionPrevention

Host Intrusion Prevention.

BehaviorDetection

Behavior Detection.

ExploitPrevention

Exploit Prevention.

RemediationEngine

Remediation Engine.

Firewall

Firewall.

NetworkThreatProtection

Network Threat Protection.

WebControl

Web Control.

DeviceControl

Device Control.

ApplicationControl

Application Control.

AdaptiveAnomaliesControl

Adaptive Anomaly Control.

LogInspector

Log Inspection

FileIntegrityMonitor

File Integrity Monitor

FileEncryption

File Level Encryption libraries.

DiskEncryption

Full Disk Encryption libraries.

BadUSBAttackPrevention

BadUSB Attack Prevention.

EDR

Endpoint Detection and Response Optimum (EDR Optimum).

The component is not compatible with EDR Expert (EDRCloud) and EDR KATA (EDRKATA) components.

EDRCloud

Endpoint Detection and Response Expert (EDR Expert).

The component is not compatible with EDR Optimum (EDR) and EDR KATA (EDRKATA) components.

AntiAPTFeature

Endpoint Detection and Response (KATA).

The component is not compatible with EDR Expert (EDRCloud) and EDR Optimum (EDR) components.

SB

Kaspersky Sandbox.

MDR

Managed Detection and Response.

AdminKitConnector

Application management using administration systems. Administration systems include, for example, Kaspersky Security Center. In addition to Kaspersky administration systems, you can use third-party solutions. Kaspersky Endpoint Security provides an API for this purpose.

Available values:

• 1 – application management with the help of administration systems is allowed (default value).
• 0 – application management is allowed only through the local interface.

[Tasks]

ScanMyComputer

Full Scan task. Available values:

• 1 – the task is included in the list of Kaspersky Endpoint Security tasks.
• 0 – the task is not included in the list of Kaspersky Endpoint Security tasks.

ScanCritical

Critical Areas Scan task. Available values:

• 1 – the task is included in the list of Kaspersky Endpoint Security tasks.
• 0 – the task is not included in the list of Kaspersky Endpoint Security tasks.

Updater

Update task. Available values:

• 1 – the task is included in the list of Kaspersky Endpoint Security tasks.
• 0 – the task is not included in the list of Kaspersky Endpoint Security tasks.