For Kaspersky Managed Detection and Response to work with Administration Server via Kaspersky Security Center Web Console, you must also establish a new secure connection, a background connection. Kaspersky Managed Detection and Response prompts you to establish a background connection when you deploy the solution. Make sure the background connection is established.
In the main window of the Web Console, select Settings → Integration.
Go to the Integration section.
Turn on the Background connection for integration Enabled toggle.
Save your changes.
Integration with Kaspersky Managed Detection and Response consists of the following steps:
Installing the Managed Detection and Response (Industrial CyberSecurity) component
For integration of Kaspersky Industrial CyberSecurity for Nodes with the Managed Detection and Response solution, the Managed Detection and Response (Industrial CyberSecurity) component is used. To install this component, in installation package settings or in the Setup Wizard, or by changing the set of application components in the Windows Control Panel, at the step when you must select application components for installation, select the following:
Full functionality → Endpoint Agent → Managed Detection and Response (Industrial CyberSecurity) for the built-in agent
Endpoint Agent → Managed Detection and Response (Industrial CyberSecurity) for the Endpoint Agent configuration
Configuring Kaspersky Private Security Network
Starting with the July 2025 update, the Managed Detection and Response solution supports operation without the KPSN configuration file. For detailed information on how the MDR solution uses Kaspersky Security Network, refer to the Kaspersky Managed Detection and Response Help.
If your configuration does not meet the requirements for running without KPSN configuration files, upload the KPSN configuration file in the Administration Server properties. The KPSN configuration file is located inside the ZIP archive of the MDR configuration file. You can also upload the KPSN configuration file using the command line.
On the device, run a command line interpreter (for example, cmd.exe) with the permissions of the local administrator.
Using the cd command, navigate to the folder where the kavshell.exe file is located.
For example, cd C:\Program Files (x86)\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes.5.0.0 and press ENTER.
You can also add the executable file path to the %PATH% system variable during the application installation phase and run the command without navigating to the application folder.
Run the following command:
KAVSHELL KSN [/global] [/private <full path to the Private KSN configuration file>] [/login=<name of the current user account>] [/pwd=</login password or KLAdmin password if /login is not specified>]
Activating Kaspersky Managed Detection and Response
When updating an earlier version of Kaspersky Industrial CyberSecurity for Nodes to version 4.5 or later, the Managed Detection and Response solution previously activated with the MDR configuration file (BLOB file) will not be activated automatically. You need to reactivate the Managed Detection and Response solution using a key file or an activation code.
To activate the Managed Detection and Response solution in Kaspersky Industrial CyberSecurity for Nodes, you need a separate license for Kaspersky Managed Detection and Response for Industrial CyberSecurity Add-on.
Starting with version 4.5, Kaspersky Industrial CyberSecurity for Nodes does not support activating the Managed Detection and Response solution using only the MDR configuration file (BLOB file).
If you are using MDR tenants, you need to upload the BLOB file for the tenant before applying the activation code, even if the BLOB file has expired.
If you do not use and have never created MDR tenants, you do not need to upload the BLOB file.
In the Kaspersky Security Center Administration Console tree, select the Policies folder.
Select the necessary policy and double-click to open the policy properties.
Select the Telemetry collection servers section.
In the Managed Detection and Response (Industrial CyberSecurity) block, click the Settings button.
The Managed Detection and Response (Industrial CyberSecurity) window opens.
Select the Managed Detection and Response check box.
If necessary, upload the MDR configuration file by clicking the Upload button. For detailed information about the MDR configuration file, please refer to the Kaspersky Managed Detection and Response Help.
By uploading a Managed Detection and Response configuration file, you agree to automatically transmit the specified data from the device with pre-installed Kaspersky Industrial CyberSecurity for Nodes to Kaspersky for processing. Do not upload the configuration file if you do not want the specified information to be processed.
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.
The policy properties window opens.
Select the Application settings tab.
Select the Telemetry collection servers section.
In the Managed Detection and Response (Industrial CyberSecurity) block, click the Settings button.
The Managed Detection and Response (Industrial CyberSecurity) window opens.
Select the Managed Detection and Response (Industrial CyberSecurity) DISABLED check box.
If necessary, upload the MDR configuration file by clicking the Upload button. For detailed information about the MDR configuration file, please refer to the Kaspersky Managed Detection and Response Help.
By uploading a Managed Detection and Response configuration file, you agree to automatically transmit the specified data from the device with pre-installed Kaspersky Industrial CyberSecurity for Nodes to Kaspersky for processing. Do not upload the configuration file if you do not want the specified information to be processed.
In the Application Console tree, select the Telemetry collection servers → Managed Detection and Response (Industrial CyberSecurity) section.
Click the Properties link in the results pane.
The Managed Detection and Response (Industrial CyberSecurity) window opens on the General tab.
Select the Managed Detection and Response check box.
If necessary, upload the MDR configuration file by clicking the Upload button. For detailed information about the MDR configuration file, please refer to the Kaspersky Managed Detection and Response Help.
By uploading a Managed Detection and Response configuration file, you agree to automatically transmit the specified data from the device with pre-installed Kaspersky Industrial CyberSecurity for Nodes to Kaspersky for processing. Do not upload the configuration file if you do not want the specified information to be processed.
On the device, run a command line interpreter (for example, cmd.exe) with the permissions of the local administrator.
Using the cd command, navigate to the folder where the kavshell.exe file is located.
For example, cd C:\Program Files (x86)\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes.5.0.0 and press ENTER.
You can also add the executable file path to the %PATH% system variable during the application installation phase and run the command without navigating to the application folder.
Run the following command:
KAVSHELL MDR /<enable|disable|show> /BLOB:<full path to the MDR configuration file> [/login:<name of the current user account>] [/pwd:</login password or KLAdmin password if /login is not specified>]
Command parameters for enabling Managed Detection and Response
Parameter
Description
MDR /<enable|disable|show>
Required argument.
Allows enabling, disabling, and viewing the status of Managed Detection and Response
/BLOB:<full path to the MDR configuration file>
Required argument.
Allows you to specify the path to the MDR configuration file.
/LOGIN=<user account name>
Optional argument.
Lets you specify the user account name with sufficient permissions.
If this option is not specified, the application prompts you for the user name on the next line.
You do not need to enter this value if you entered the KLAdmin password.
/PWD=</login password or KLAdmin password if /login is not specified>
Lets you specify the password of the KLAdmin user account or a user account with sufficient permissions.
If this option is not specified, the application prompts you for the password on the next line.