Same Info in:   Русский English 


Typical Installation Using Wizard

The deployment wizard is the preferable installation method. It starts when you click the Install Kaspersky Anti-Virus link on the Getting started page; it can also be started on the last page of the Quick Start wizard, and there are many other ways to start the deployment wizard in the Kaspersky Administration Console.

The deployment wizard uses step by step prompts for the product to be installed, target computers and the installation method.

Selecting the product

The product to be installed is selected from the list of available installation packages. The standard Kaspersky Security Center includes installation packages for the current versions of the Network Agent and Kaspersky Endpoint Security for Windows. You can manage installation packages, delete or create new ones in the Installation Packages repository (in the Repositories node). See further sections for details.

If Kaspersky Endpoint Security is selected in the deployment wizard, it will be installed together with the Network Agent. In other words, the wizard not only installs the selected package, but also connects the computers to the Administration Server by installing the Network Agent on them. If the computers are already connected, the Network Agent is not reinstalled (overwritten).

Selecting Computers

You can select groups or separate computers for installation. Groups are comprised of managed computers. To install the products on unassigned or even undiscovered computers, click Select computers for deployment. Then you will be able to either select the computers detected by Administration Server, or specify computers’ addresses manually.

When a group is selected, the wizard does not show its contents, so the administrator must remember which group the target computers are in.

Installation method

The wizard always tries to install products using the Network Agent. If the Network Agent is not yet installed on the computer, installation using Windows tools is tried. This section describes each installation method.

If both Kaspersky Endpoint Security and Network Agent are to be installed on the computer, the wizard first installs the Network Agent using Windows tools, and then installs Kaspersky Endpoint Security using Network Agent.


Kaspersky Endpoint Security, unlike the Network Agent, needs a license to operate properly. In the installation wizard you can explicitly select which license should be used to activate the product from the list of licenses added to the license repository of Administration Server. If necessary, you can add a license there without quitting the wizard.

This step can be skipped if the repository contains a license configured to be distributed automatically. It will be automatically installed on all computers where Kaspersky Endpoint Security needs to be activated.


The wizard offers to select restart parameters; however, in most cases neither the Network Agent nor Kaspersky Endpoint Security installation requires restarting the computer. The Network Agent installation almost never requires it. During Kaspersky Endpoint Security installation, the necessity to restart may arise if another protection program has been installed on the computer.

The default choice—Prompt user for action—is all right for workstations. When installing the product on servers, we recommend selecting Do not restart the computer. At a server, a user is unlikely present and so no one will react to the prompt.

The restart parameters are described in more detail in the section devoted to uninstallation of incompatible applications.

Computer relocation

As a result of installing the Network Agent and protection tools, computers become manageable. That is why if computers, not groups, are selected, the wizard will ask whether it is necessary to relocate the computers to an administration group, and if yes, into which one. The selection affects only unassigned computers. If both unassigned and managed computers are on the installation list, the managed ones will remain in their groups.

Specifying the account

Typically, the installation is performed by Windows tools and needs an account for accessing the target computers. The deployment wizard allows specifying several accounts, in case different administrator passwords are used on the target computers. The installer tries the accounts in succession. If the first account has insufficient privileges, the next one is tried, and so on.

Before the specified accounts are tried, the installer attempts to act on behalf of the Administration Server service account, which you don’t actually see on the account list. However, if the administrator used the default settings when installing the server, the server service account cannot be used for remote installation:

  • As a result of typical installation, the server service starts with local system permissions and has no rights on remote computers
  • As a result of custom installation with default settings, the server service starts on behalf of the KL-AK-* account that is created automatically and receives the rights of a local administrator—again, no rights on remote computers

So, in most cases you have to explicitly specify accounts for accessing the target computers.

Installation process monitoring

The installation wizard uses the settings specified by the administrator to create and immediately start the product installation task on the selected computers. After that, it automatically opens the task page in the Administration Console.

The task page displays the task progress on the selected computers. An installation can be ready for execution, running, wait for reboot, complete successfully or return an error. The number of computers in every status is displayed on the pie chart and in the table.

To view complete task results, click the Details link under the statistics on the task page. The upper part of the results window contains the list of all tasked computers and the current task status for every of them; and the lower part shows the task log for the selected computer.

The task log contains the history of each task status changing on the computer. The status can be the same, while its description may vary. For example, an installation task log usually contains several records of the Running status, where the first one informs of starting file copying to the remote computer, the second one—of starting the installer, and the third one—of the installation completion.

The installation history of a computer shows that first the Network Agent is installed, and then Kaspersky Endpoint Security. To install the agent, its files are copied into the admin$ shared folder on the computer, and then the Administration Server waits for the connection with the installed agent to start the installation of the protection tools.

Back Back Next Next


Kaspersky Lab

Copyright © 1997-2017 Kaspersky Lab
Privacy Policy   |   Contact Us   |   About us

Stay connected