Added:

• New verification algorithm for digital signatures of anti-virus databases and application modules that complies with GOST 34.10-2012 / 34.11-2012. The application checks the digital signature when running the Update and Integrity Check tasks.
• The possibility to display the names of the active policy and the Kaspersky Security Center administration group in the local interface of Kaspersky Endpoint Security for Windows
• The possibility to merge lists of exclusions (trusted devices, trusted programs, exclusions from scanning), which allows you to add items to the list of exclusions of a parent policy at child policy level
• The "Not supported by license" status for Kaspersky Endpoint Security components. You can view the statuses of components in the computer properties in Kaspersky Security Center.
• The possibility to exclude IP addresses from Encrypted connections scan 
• Password complexity check for Password protection
• The possibility to work in Kaspersky Security Center Cloud Console

Improved:

• Encryption:
  • Added the possibility to use portable mode for working with encrypted files on a removable drive in guest mode (for example, (on computers belonging to third-party entities that are protected by Kaspersky Endpoint Security and that use file encryption).
  • Automated adding full disk encryption (FDE) drivers to the Windows Recovery Environment (WinRE) to correctly restore Windows operating systems on encrypted devices.
  • Added the possibility to manage data encryption (Kaspersky Disk Encryption (FDE), BitLocker Drive Encryption (FDE), File Level Encryption (FLE), Encryption of removable drives) using the Kaspersky Endpoint Security web plug-in.

• Changed default Firewall settings. By default Kaspersky Endpoint Security now allows use of Remote Desktop Protocol (RDP).

Installing from the distribution package

To install the application locally, run the setup_kes.exe file from the full distribution package and follow the Setup Wizard instructions. For more information about the installation process, see Online Help.

During installation, Kaspersky Endpoint Security for Windows detects applications on the computer that, when used together, could potentially reduce computer performance or lead to other compatibility problems (even resulting in complete inoperability). The full list of incompatible software is available in this article.

Updating

You can update the following applications to Kaspersky Endpoint Security 11.3.0 for Windows during installation from the full distribution package:

• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 3 for Windows (version 10.2.5.3201). For details on installing the update on a computer that has AES Encryption Module installed, see the section below.
• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 4 for Windows (version 10.2.6.3733). For details on installing the update on a computer that has AES Encryption Module installed, see the section below.
• Kaspersky Endpoint Security 10 Service Pack 2 for Windows (10.3.0.6294)
• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 1 for Windows (version 10.3.0.6294)
• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 2 for Windows (version 10.3.0.6294)
• Kaspersky Endpoint Security 10 Service Pack 2 Maintenance Release 3 for Windows (version 10.3.3.275)
• Kaspersky Endpoint Security 11.0.0 for Windows (version 11.0.0.6499)
• Kaspersky Endpoint Security 11.0.1 for Windows (version 11.0.1.90)
• Kaspersky Endpoint Security 11.1.0 for Windows (version 11.1.0.15919)
• Kaspersky Endpoint Security 11.1.1 for Windows (version 11.1.1.126)
• Kaspersky Endpoint Security 11.2.0 for Windows (version 11.2.0.2254)
• Kaspersky Endpoint Security 11.2.0 Critical Fix 1 for Windows (version 11.2.0.2254)

If the Full Disk Encryption (FDE) or the File Level Encryption (FLE) components are installed on the computer, upgrading the application installed from a distribution kit with one key length using a distribution kit with a different key length is not supported. To install the update, use the distribution package version 11.3.0 that has the same effective key length as the version that is being updated. For example:

• keswin_11.3.0.773_<localization>_aes256 if you are upgrading an application that was installed from the AES256 distribution package
• keswin_11.3.0.773_<localization>_aes56 if you are upgrading an application that was installed from the AES56 distribution package

If no encryption component is installed on the computer, you can use a distribution kit with any key length to upgrade the application to version 11.3.0.

Updating via the Kaspersky Update Service

Kaspersky Endpoint Security 11.3.0 for Windows can be installed via the Kaspersky update service over the following versions:

• Kaspersky Endpoint Security 11.0.1 for Windows (version 11.0.1.90)
• Kaspersky Endpoint Security 11.1.0 for Windows (version 11.1.0.15919)
• Kaspersky Endpoint Security 11.1.1 for Windows (version 11.1.1.126)
• Kaspersky Endpoint Security 11.2.0 for Windows (version 11.2.0.2254)
• Kaspersky Endpoint Security 11.2.0 Critical Fix 1 for Windows (version 11.2.0.2254)

Special considerations when updating an application via the Kaspersky update service:

• The update is available only for applications with valid license.
• To complete the update installation, you must restart your computer.

All libraries required for encryption will be automatically installed in the following cases:

• When the application is installed for the first time, provided that the full disk encryption (FDE) or file level encryption (FLE) component is selected.
• When installing the update on a computer on which:
  • Kaspersky Endpoint Security for Windows version 10 Service Pack 2 or later is installed.
  • Сomponents for full disk encryption (FDE) or for file level encryption (FLE) are installed.
  • The update uses distribution kit 11.3.0 with the appropriate key length.
• When installing the update on a computer on which:
  • Kaspersky Endpoint Security for Windows version 10 Service Pack 2 or later as well as AES encryption module are installed.
  • The distribution package 11.3.0 used for updating has the appropriate key length and that updating is supported for the existing configuration.

For the installed AES encryption module to update automatically, use the appropriate distribution package for Kaspersky Endpoint Security 11.3.0:

• keswin_11.3.0.773_<localization>_aes256 – to upgrade an AES encryption module with a 256-bit effective key length
• keswin_11.3.0.773_<localization>_aes56 – to upgrade an AES encryption module with a 56-bit effective key length

Supported configurations that allow automatic update of an AES encryption module:

• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 3 (build 10.2.5.3201) and encryption module version 1.1.0.73
• Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 4 (build 10.2.6.3733) and encryption module version 1.1.0.73

Other configurations of Kaspersky Endpoint Security and AES encryption modules are not supported. Before starting an update of Kaspersky Endpoint Security, you must remove the installed encryption module or update it to version 1.1.0.73.

Before removing or updating the Encryption Module, you must decrypt all hard drives that have been encrypted using Kaspersky Disk Encryption technology. You will not be able to access the files that were encrypted using File Level Encryption after you remove the Encryption Module.

If you want to switch from your encryption method to encryption with a different key length, prior to updating the application to version 11.3.0 you must decrypt all encrypted objects and remove the AES Encryption Module that was used. After switching to encryption with a different key length, you will no longer be able to access objects that were encrypted prior to switching.

The application is compatible with Kaspersky Security Center 11 and 12. The administration web plug-in for Kaspersky Endpoint Security for Windows version 11.3.0 is compatible with Kaspersky Security Center Web Console version 12.

To manage the application remotely via Kaspersky Security Center:

1. Install Network Agent on the computer. For instructions, see Online Help.
2. Install the Management Plug-in for Kaspersky Endpoint Security 11.3.0 for Windows in the Kaspersky Security Center Administration Console or Kaspersky Security Center Web Console.
   The installation package for the Kaspersky Endpoint Security Management Plug-in is included in the distribution package. You can also download the web plug-in installation package from the list of Kaspersky Security Center plug-ins.

The installation package of the MMC plug-in is included in the distribution package of the application. 

The web plug-in installation package is available for download on the website and in the plug-in management window of Kaspersky Security Center Web Console.

For details, see this article.