Installation and recovery settings, and Windows Installer command-line options

This section describes Kaspersky Industrial CyberSecurity for Nodes installation and recovery settings. The section also contains the keys for changing the installation settings and possible key values. These keys can be used in conjunction with standard keys for the Windows Installer service's msiexec command when installing Kaspersky Industrial CyberSecurity for Nodes from the command line.

Installation settings and Windows Installer command-line options

• Acceptance of the terms of the End User License Agreement.

  The possible values for EULA=<value> command line option are as follows:

  • 0 – you reject the terms of the End User License Agreement (default value).
  • 1 – you accept the terms of the End User License Agreement.
• Acceptance of the terms of the Privacy Policy.

  The possible values for PRIVACYPOLICY=<value> command line option are as follows:

  • 0 – you reject the terms of the Privacy Policy (default value).
  • 1 – you accept the terms of the Privacy Policy.
• Selecting the mode for the application.

  The possible values for STANDALONEMODE=<value> command line option are as follows:

  • 0 – Full functionality (default value).
  • 1 – Endpoint Agent.
• Destination folder where Kaspersky Industrial CyberSecurity for Nodes files will be saved during installation. A different folder can be specified.

  The default values for INSTALLDIR=<full path to the folder> command line option are as follows:

  • For the 32-bit version of Microsoft Windows:
    • Kaspersky Industrial CyberSecurity for Nodes: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes.4.5.0
    • Kaspersky Industrial CyberSecurity for Nodes Console: %ProgramFiles%\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes Admins Tools.4.5.0
  • For the 64-bit version of Microsoft Windows: %ProgramFiles(x86)% and further similarly to the paths for 32-bit versions of Microsoft Windows.
• Start of the Real-Time File Protection task immediately after Kaspersky Industrial CyberSecurity for Nodes starts.

  The possible values for RUNRTP=<value> command line option are as follows:

  • 1 – start (default value).
  • 0 – do not start.
• Run mode for the Real-Time File Protection task.

  The possible values for RTP_BLOCKING=<value> command line option are as follows:

  • 1 – Recommended (default value).
  • 0 – Inform.
• Adding processes and files of industrial software to lists of trusted processes and exclusions as well as configuring Applications Launch Control rules. Processes and files are added to exclusions using the following command line option: ADDEXCLUSION=<exclusion profile name 1>;<exclusion profile name 2>;...;<exclusion profile name n>. Names of supported exclusion profiles are listed here.
• Path to the key file (LICENSEKEYPATH). By default, the Windows Installer attempts to find the file with .key extension in the \exec folder of the distribution kit. If the \exec folder contains several key files, the Windows Installer will select the key file whose expiration date is the farthest into the future. A key file can be saved beforehand in the \exec folder or at another path that you can specify in the LICENSEKEYPATH parameter.

  LICENSEKEYPATH can take the following values.

  • Full path to the key file including its name.
  • Path to the folder where the key files are stored.

  You can add a key after Kaspersky Industrial CyberSecurity for Nodes is installed using an administrative tool of your choice: for example, the Application Console. If you do not add a key during installation of the application, Kaspersky Industrial CyberSecurity for Nodes will not function.

• Path to the configuration file. Kaspersky Industrial CyberSecurity for Nodes imports settings from the specified configuration file created in the application. Kaspersky Industrial CyberSecurity for Nodes does not import passwords from the configuration file, for example, account passwords for starting tasks, or passwords for connecting to a proxy server. Once the settings are imported, you will have to enter all passwords manually. If the configuration file is not specified, the application will start to work with the default settings after setup.

  The default value for CONFIGPATH=<configuration file name> is not specified.

• Scan at Operating System Startup mode (SCANSTARTUP_BLOCKING). If Kaspersky Industrial CyberSecurity for Nodes was installed without a SCANSTARTUP_BLOCKING key, the Scan scope parameter in the Scan at Operating System Startup task is set as follows:
  • Action to perform on infected and other objects: Inform.
  • Action to perform on probably infected objects: Inform.

  If Kaspersky Industrial CyberSecurity for Nodes was installed with a SCANSTARTUP_BLOCKING key, the Scan scope parameter in the Scan at Operating System Startup task is set as follows:

  • Action to perform on infected and other objects: Perform recommended action.
  • Action to perform on probably infected objects: Perform recommended action.

  The Scan at Operating System Startup task is created automatically. The Inform mode is applied by default. In this case, after you deploy Kaspersky Industrial CyberSecurity for Nodes on the devices, you can enable the Scan at Operating System Startup task if no issues with system services were discovered during scan. If the application detects critical system services as infected or probably infected objects, the Inform mode gives you time to figure out the reason and solve the issue. If the application applies the Perform recommended action mode, the Disinfect. Delete if disinfection fails action is performed. Disinfection or removal of the system files may result in critical issues with operating system startup.

• Configuring the Protection of operating system services functionality.

  If this function is enabled, third-party applications cannot act upon the processes of the operating system. The possible values for PROTECTOSSERVICES=<value> command line option are as follows:

  • 1 means that the protection of operating system services is enabled (default value).
  • 0 means that the protection of operating system services is disabled.
• Configuring ports used for the remote connection of the Application Console to a computer on which the application is installed:

  To configure the port for connecting with Windows credentials, you can use the UIPORT=<port number> parameter. Range of possible port numbers: 1–65535. If the number is outside the specified interval, the default port number is used. The default value is 13032.

  If necessary, you can close the port for connecting with credentials of manually created users using the ENABLEUIKLPORT=<value> parameter:

  • 1 opens the port (default value).
  • 0 closes the port.

  The default value for this port is 13031. You can change the port number by specifying the UIKLPORT=<value> parameter. Range of possible port numbers: 1–65535.

• Setting for enabling network connections for remote management of Kaspersky Industrial CyberSecurity for Nodes using the Application Console installed on a different computer.

  The possible values for ADDWFEXCLUSION=<value> command line option are as follows:

  • 1. If this value is specified, TCP ports configured for the remote connection of the Application Console to a computer with the application installed (the UIPORT=<value> and UIKLPORT=<value> parameters) are opened in the Windows Firewall, and network connections are allowed for the executable file of the Kaspersky Industrial CyberSecurity for Nodes remote management process, avp.exe.

    Read also about additional configuration when installing the application on another device.

  • 0. If this value is specified, nothing happens.
• Disabling the check for incompatible software. Use this setting to enable or disable the check for incompatible software during background installation of the application on the protected device. Regardless of the value of this setting, during installation of Kaspersky Industrial CyberSecurity for Nodes, the application always warns about other versions of the application installed on the protected device.

  The possible values for SKIPINCOMPATIBLESW=<value> command line option are as follows:

  • 0 – The check for incompatible software is performed (default value).
  • 1 – The check for incompatible software is not performed.
• Disabling the check for the KB5007186 operating system update.

  After installing the KB5007186 update, the application continues working normally, system security is not compromised, but minor version updates of the applications become impossible. Before installing the application, the installer checks for installed operating system updates. If update KB5007186 is discovered, the installer aborts the installation. You can use the SKIPKB5007186CHECK key on the command line to enable or disable the check for the KB5007186 operating system update.

  The possible values for SKIPKB5007186CHECK=<value> command line option are as follows:

  • 0 – The installer checks if the KB5007186 operating system update is installed.
  • 1 – The installer does not check if the KB5007186 operating system update is installed.

  By default, the key is not set, which corresponds to 0.

Recovery settings and Windows Installer command-line options

• Restoring quarantined objects.

  The possible values for RESTOREQTN=<value> command line option are as follows:

  • 0 – Remove quarantined content (default value).
  • 1 – Restore quarantined content to the folder specified by the RESTOREPATH parameter into the \QB subfolder.
• Restoring the content of backup.

  The possible values for RESTOREBCK=<value> command line option are as follows:

  • 0 – Remove backup content (default value).
  • 1 – Restore backup contents to the folder specified by the RESTOREPATH parameter into the \QB subfolder.
• Enter the current password to confirm the restoration (if password protection is enabled).

  The default value for UNLOCK_PASSWORD=<specified password> is not specified.

• Folder for restored objects. Restored objects will be saved to the specified folder.

  The default value for the RESTOREPATH=<full path to the folder> command line option is as follows: %ALLUSERSPROFILE%\Program Data\Kaspersky Lab\KICS.4.5.0\QB\Restored.

Page top