• Added support for Windows 10 November 2019 Update (19H2).
• Added support for AM-PPL (Antimalware Protected Process Light) technology for Windows Server 2019.
• Application settings are retained after upgrading from Windows 7, 8 or 8.1 to Windows 10.
• Automated capability to upgrade Windows 10 on computers encrypted with Kaspersky Disk Encryption technology.
• Integration with Kaspersky Sandbox.
• Added capability for remote data wipe on a user's computer at the request of the administrator.
• Added programming interface (REST API). REST API allows authorized third-party applications to configure application settings, start a scan, and perform other actions.  
• Optimized Device Control notifications when blocking access to CD/DVD.
• The settings of the Anti-Bridging component were moved to a separate block with a "lock".
• There is now the capability to save information about all websites visited by a user, including allowed websites.
• It is now allowed to perform installation, removal or recovery not only to the administrator but also to authorized users. There is also the capability to manage the permissions of users for other application functions.
• There is now support for changing the encryption bit rate when upgrading the application (AES256 to AES56 or AES56 to AES256). 

Installation from the distribution package

To install the application locally, run the setup_kes.exe file from the full distribution package and follow the Setup Wizard instructions. For more information about installation, see this Online Help page and this Knowledge Base article.

During installation, Kaspersky Endpoint Security for Windows detects applications that may affect the computer’s performance or cause other problems when running at the same time as the product. For the full list of incompatible software, see this article.

Upgrading

You can upgrade the following applications to Kaspersky Endpoint Security for Windows version 11.2.0 during installation from the full distribution package:

• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 3 for Windows (version 10.2.5.3201) See below for details on installing on a computer with the AES encryption module.
• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 4 for Windows (version 10.2.6.3733) See below for details on installing on a computer with the AES encryption module.
• Kaspersky Endpoint Security 10 Service Pack 2 for Windows (version 10.3.0.6294)
• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 1 for Windows (version 10.3.0.6294)
• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 2 for Windows (version 10.3.0.6294)
• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 3 for Windows (version 10.3.3.275)
• Kaspersky Endpoint Security for Windows 11.0.0 (version 11.0.0.6499)
• Kaspersky Endpoint Security for Windows 11.0.1 (version 11.0.1.90)
• Kaspersky Endpoint Security for Windows 11.1.0 (version 11.1.0.15919)
• Kaspersky Endpoint Security for Windows 11.1.1 (version 11.1.1.126)

If the Full Disk Encryption (FDE) or the File Level Encryption (FLE) components are installed on the computer, upgrading the application installed from a distribution kit with one key length using a distribution kit with a different key length is not supported. To install the update, use the distribution package 11.2.0 that has the same effective key length as the version that is being updated. For example:

• keswin_11.2.0.2254>_<localization>_aes256 if you are upgrading an application that was installed from the AES256 distribution package
• keswin_11.2.0.2254>_<localization>_aes256 if you are upgrading an application that was installed from the AES56 distribution package

If no encryption component is installed on the computer, you can use a distribution kit with any key length to upgrade the application to version 11.2.0.  

Upgrading Kaspersky Endpoint Security for Windows from beta versions to version 11.2.0 is not supported.

Updating via the Kaspersky Lab update service

Kaspersky Endpoint Security 11.2.0 for Windows can be installed via the Kaspersky update service.

You can update the following applications:

• Kaspersky Endpoint Security for Windows 11.0.1 (version 11.0.1.90)
• Kaspersky Endpoint Security for Windows 11.1.0 (version 11.1.0.15919)
• Kaspersky Endpoint Security for Windows 11.1.1 (version 11.1.1.126)

Updating from beta versions to Kaspersky Endpoint Security 11.2.0 for Windows is not supported.

Special considerations when updating an application via the Kaspersky Lab update service:

• After you install an update, you will not be able to roll back to the previous application version.
• This update is only available for applications with a valid license.
• You will not be able to manage full disk encryption (FDE) until the application update has finished installing.
• To complete the update installation, you must restart the computer.
• To complete the update on a computer that has hard drives encrypted using full disk encryption (FDE), you must restart the computer twice.
• During installation, Kaspersky Endpoint Security for Windows detects applications that may affect the computer’s performance or cause other problems when running at the same time as the product. For the full list of incompatible software, see this article.
• Installation of Kaspersky Endpoint Agent through the Kaspersky Lab update service is not supported. You must independently download and install Endpoint Agent for integration with Kaspersky Sandbox.

Starting with Kaspersky Endpoint Security 10 Service Pack 2 for Windows (version 10.3.0.6294), the encryption module is included in the application installation package. You do not need to install the encryption module separately.

The required encryption libraries will be automatically installed in the following cases:

• When the application is installed for the first time, provided that the full disk encryption (FDE) or file level encryption (FLE) components are selected. 
• When installing the update on a computer which has: 
  • Kaspersky Endpoint Security for Windows 10 Service Pack 2 or later is installed
  • Full disk encryption (FDE) or file level encryption (FLE) components are installed 
  • 11.2.0 installer with the suitable key length is used.  
• When installing the update on a computer which has: 
  • Version earlier than Kaspersky Endpoint Security for Windows 10 Service Pack 2 and the AES encryption module are installed
  • the distribution package 11.2.0 used for updating has the appropriate key length and that updating is supported for the existing configuration.

For automatic upgrade of an installed encryption module, use the appropriate distribution package for Kaspersky Endpoint Security 11.2.0:

• keswin_11.2.0.2254_<localization>_aes256 to upgrade an AES encryption module with a 256-bit effective key length.
• keswin_11.2.0.2254_<localization>_aes56 to upgrade an AES encryption module with a 56-bit effective key length.

Supported configurations that allow automatic update of an AES encryption module:

• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 3 (build 10.2.5.3201) and encryption module version 1.1.0.73
• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 4 (build 10.2.6.3733) and encryption module version 1.1.0.73

Other configurations of Kaspersky Endpoint Security and AES encryption modules are not supported. You must remove the encryption module or upgrade it to version 1.1.0.73 before running an upgrade.

Before removing or upgrading the encryption module, decrypt all hard drives that have been encrypted using Kaspersky Disk Encryption technology (FDE). You will not be able to access encrypted files after you remove the encryption module.

If you want to switch from the utilized encryption to encryption with a different key length, prior to upgrading the application to version 11.2.0 you must decrypt all encrypted objects and remove the utilized AES Encryption Module. After switching to encryption with a different key length, you will no longer be able to access objects that were encrypted prior to switching.

The application is compatible with Kaspersky Security Center 11 (version 11.0.0.1131). The administration web plug-in for Kaspersky Endpoint Security for Windows version 11.2.0 is compatible with Kaspersky Security Center Web Console version 11.1.144.

To manage the application remotely via Kaspersky Security Center:

1. Install Network Agent on the computer. See the Online Help page for instructions.
2. Install the Kaspersky Endpoint Security 11.2.0 for Windows management plug-in in the Kaspersky Security Center Administration Console or in the Kaspersky Security Center Web Console.
   The management plug-in installer is included in the application installation package. You can download the required plug-in version from the list of Kaspersky Security Center plug-ins.

The MMC plug-in installer is included in the application installation package. 

The Kaspersky Endpoint Security 11.2.1 for Windows plug-in is installed on top of the Kaspersky Endpoint Security 11.x.x plug-in. To return to the earlier version of the plug-in, you must first remove version 11.2.0.

The installation package of the web plug-in is available on the downloads page as well as in theapplication plug-in management window of Kaspersky Security Center Web Console.