Starting with version 11.6.0, Kaspersky Endpoint Security for Windows includes a built-in agent for Kaspersky Managed Detection and Response solution. You no longer need a separate Kaspersky Endpoint Agent application to work with MDR. All functions of Kaspersky Endpoint Agent will be performed by Kaspersky Endpoint Security.
When you deploy Kaspersky Endpoint Security on computers that have Kaspersky Endpoint Agent installed, Kaspersky Managed Detection and Response solution will continue working with Kaspersky Endpoint Security. In addition, Kaspersky Endpoint Agent will be removed from the computer. The same behavior in the system will occur when you update Kaspersky Endpoint Security to version 11.6.0 or higher.
Kaspersky Endpoint Security is not compatible with Kaspersky Endpoint Agent. You cannot install both of these applications on the same computer.
The following conditions must be met for Kaspersky Endpoint Security to work as part of Kaspersky Managed Detection and Response:
Steps for migrating [KES+KEA] configuration to [KES+built-in agent] for MDR
MDR component can be managed using the Kaspersky Endpoint Security Management Plug-in version 11.6 or higher. Depending on the type of Kaspersky Security Center console you are using, update the management plug-in in the Administration Console (MMC) or the web plug-in in the Web Console.
Transfer Kaspersky Endpoint Agent settings to Kaspersky Endpoint Security for Windows. The following options are available:
To activate Kaspersky Endpoint Security as part of the Kaspersky Managed Detection and Response solution, you need a separate license for Kaspersky Managed Detection and Response Add-on. You can add the key using the Add key task. As a result, two keys will be added to the application: Kaspersky Endpoint Security and Kaspersky Managed Detection and Response.
To migrate MDR functionality during an application installation or upgrade, it is recommended to use the remote installation task. When creating a remote installation task, you need to select MDR component in the installation package settings.
You can also upgrade the application using the following methods:
Kaspersky Endpoint Security supports automatically selecting components when upgrading the application on a computer with the Kaspersky Endpoint Agent application installed. The automatic selection of components depends on the permissions of the user account that is upgrading the application.
If you are upgrading Kaspersky Endpoint Security using the EXE or MSI file under the system account (SYSTEM), Kaspersky Endpoint Security gains access to current licenses of Kaspersky solutions. Therefore, if the computer has Kaspersky Endpoint Agent installed and MDR solution activated, the Kaspersky Endpoint Security installer automatically configures the set of components and selects the MDR component. This makes Kaspersky Endpoint Security switch to using the built-in agent and removes Kaspersky Endpoint Agent. Running the MSI installer under the system account (SYSTEM) is usually performed when upgrading via the Kaspersky update service or when deploying an installation package via Kaspersky Security Center.
If you are upgrading Kaspersky Endpoint Security using an MSI file under a non-privileged user account, Kaspersky Endpoint Security lacks access to current licenses of Kaspersky solutions. In this case, Kaspersky Endpoint Security automatically selects components based on a set of components of Kaspersky Endpoint Agent. After that Kaspersky Endpoint Security switches to using the built-in agent and removes Kaspersky Endpoint Agent.
Kaspersky Endpoint Security supports upgrading without computer restart. You can select the application upgrade mode in policy properties.
If after application installation or upgrade, the computer has the Critical status in the Kaspersky Security Center console: