KEA to KES Migration Guide for MDR

Starting with version 11.6.0, Kaspersky Endpoint Security for Windows includes a built-in agent for Kaspersky Managed Detection and Response solution. You no longer need a separate Kaspersky Endpoint Agent application to work with MDR. All functions of Kaspersky Endpoint Agent will be performed by Kaspersky Endpoint Security.

When you deploy Kaspersky Endpoint Security on computers that have Kaspersky Endpoint Agent installed, Kaspersky Managed Detection and Response solution will continue working with Kaspersky Endpoint Security. In addition, Kaspersky Endpoint Agent will be removed from the computer. The same behavior in the system will occur when you update Kaspersky Endpoint Security to version 11.6.0 or higher.

Kaspersky Endpoint Security is not compatible with Kaspersky Endpoint Agent. You cannot install both of these applications on the same computer.

The following conditions must be met for Kaspersky Endpoint Security to work as part of Kaspersky Managed Detection and Response:

• Kaspersky Security Center version 13.2 or higher (including Network Agent). In earlier versions of Kaspersky Security Center, it is impossible to activate the Managed Detection and Response feature.
• A background connection between Kaspersky Security Center Web Console and Administration Server is established. For MDR to work with Administration Server via Kaspersky Security Center Web Console, you must establish a new secure connection, a background connection.

Steps for migrating [KES+KEA] configuration to [KES+built-in agent] for MDR

1. Upgrading the Kaspersky Endpoint Security Management Plug-in

   MDR component can be managed using the Kaspersky Endpoint Security Management Plug-in version 11.6 or higher. Depending on the type of Kaspersky Security Center console you are using, update the management plug-in in the Administration Console (MMC) or the web plug-in in the Web Console.

2. Migrating policies and tasks

   Transfer Kaspersky Endpoint Agent settings to Kaspersky Endpoint Security for Windows. The following options are available:

   • A wizard for migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security. A wizard for migrating from Kaspersky Endpoint Agent to Kaspersky Endpoint Security works only in Web Console

     How to migrate policy and task settings from Kaspersky Endpoint Agent to Kaspersky Endpoint Security in Web Console

     In the main window of the Web Console, select Operations → Migration from Kaspersky Endpoint Agent.

     This runs the policies and tasks migration wizard. Follow the instructions of the Wizard.

     Step 1. Policy migration

     The Migration Wizard creates a new policy which merges the settings of Kaspersky Endpoint Security and Kaspersky Endpoint Agent policies. In the policy list, select Kaspersky Endpoint Agent policies whose settings you want to merge with the Kaspersky Endpoint Security policy. Click the Kaspersky Endpoint Agent policy in order to select the Kaspersky Endpoint Security policy with which you want to merge settings. Make sure you selected the correct policies and go to the next step.

     Step 2. Task migration

     The Migration Wizard does not support MDR tasks. Skip this step.

     Step 3. Wizard completion

     Exit the Wizard. As a result of the wizard, a new Kaspersky Endpoint Security policy will be created. The policy merges settings from Kaspersky Endpoint Security and Kaspersky Endpoint Agent. The policy is called <Kaspersky Endpoint Security policy name> & <Kaspersky Endpoint Agent policy name>. The new policy has the Inactive status. To continue, change the statuses of Kaspersky Endpoint Agent and Kaspersky Endpoint Security policies to Inactive and activate the new merged policy.

   • A standard Policies and tasks batch conversion wizard. The Policies and tasks batch conversion wizard is only available in the Administration Console (MMC). For more details about Policies and tasks batch conversion wizard, please refer to the Kaspersky Security Center Help.
3. Licensing the MDR functionality

   To activate Kaspersky Endpoint Security as part of the Kaspersky Managed Detection and Response solution, you need a separate license for Kaspersky Managed Detection and Response Add-on. You can add the key using the Add key task. As a result, two keys will be added to the application: Kaspersky Endpoint Security and Kaspersky Managed Detection and Response.

4. Installing / Upgrading the Kaspersky Endpoint Security application

   To migrate MDR functionality during an application installation or upgrade, it is recommended to use the remote installation task. When creating a remote installation task, you need to select MDR component in the installation package settings.

   You can also upgrade the application using the following methods:

   • Using the Kaspersky update service.
   • Locally, by using the Setup Wizard.

   Kaspersky Endpoint Security supports automatically selecting components when upgrading the application on a computer with the Kaspersky Endpoint Agent application installed. The automatic selection of components depends on the permissions of the user account that is upgrading the application.

   If you are upgrading Kaspersky Endpoint Security using the EXE or MSI file under the system account (SYSTEM), Kaspersky Endpoint Security gains access to current licenses of Kaspersky solutions. Therefore, if the computer has Kaspersky Endpoint Agent installed and MDR solution activated, the Kaspersky Endpoint Security installer automatically configures the set of components and selects the MDR component. This makes Kaspersky Endpoint Security switch to using the built-in agent and removes Kaspersky Endpoint Agent. Running the MSI installer under the system account (SYSTEM) is usually performed when upgrading via the Kaspersky update service or when deploying an installation package via Kaspersky Security Center.

   If you are upgrading Kaspersky Endpoint Security using an MSI file under a non-privileged user account, Kaspersky Endpoint Security lacks access to current licenses of Kaspersky solutions. In this case, Kaspersky Endpoint Security automatically selects components based on a set of components of Kaspersky Endpoint Agent. After that Kaspersky Endpoint Security switches to using the built-in agent and removes Kaspersky Endpoint Agent.

   Kaspersky Endpoint Security supports upgrading without computer restart. You can select the application upgrade mode in policy properties.

5. Checking the application operation

   If after application installation or upgrade, the computer has the Critical status in the Kaspersky Security Center console:

   • Make sure that the computer has Network Agent version 13.2 or higher installed.
   • Check the operating status of the built-in agent by viewing the Application components status report. If a component has the Not installed status, install the component using the Change application components task. If a component has the Not covered by license status, make sure that you have activated the built-in agent functionality.
   • Make sure you accept the Kaspersky Security Network Statement in the new policy of Kaspersky Endpoint Security for Windows.

Page top