Migrating from [KSWS+KEA] to [KES+built-in agent]

Support

Support for business applications

Kaspersky Endpoint Security 12 for Windows

KSWS to KES Migration Guide

Migrating from [KSWS+KEA] to [KES+built-in agent]

25 April 2024

ID 241365

When migrating from Kaspersky Security for Windows Server (KSWS) to Kaspersky Endpoint Security (KES), you can use the follow recommendations to configure server protection and optimize performance. Here we will look at an example of migration for a single organization.

Infrastructure of the organization

The company has the following equipment installed:

Kaspersky Security Center 14.2
The administrator manages Kaspersky solutions using the Administration Console (MMC). Kaspersky Endpoint Detection and Response Optimum (EDR Optimum) is also deployed

In Kaspersky Security Center, three administration groups are created, containing servers of the organization: two administration groups for SQL servers and an administration group for Microsoft Exchange servers. Each administration group is managed by its own policy. Database Update and On-demand scan tasks are created for all servers in the organization.

The KSWS activation key is added to Kaspersky Security Center. Automatic key distribution is enabled.
SQL servers with Kaspersky Security for Windows Server 11.0.1 and Kaspersky Endpoint Agent 3.11 installed. The SQL servers are combined into two clusters.
KSWS is managed by SQL_Policy(1) and SQL_Policy(2) policies. Database Update, On-demand scan tasks are also created.
A Microsoft Exchange server with Kaspersky Security for Windows Server 11.0.1 and Kaspersky Endpoint Agent 3.11 installed.
KSWS is managed by the Exchange_Policy policy. Database Update, On-demand scan tasks are also created.

Planning the migration

The migration involves the following steps:

Migrating KSWS tasks and policies using the Policies and Tasks Batch Conversion Wizard.
Migrating the Kaspersky Endpoint Agent policy using the Policies and Tasks Batch Conversion Wizard.
Using tags to activate policy profiles in the properties of the new policy.
Installing KES instead of KSWS.
Activating EDR Optimum.
Confirming that KES is working.

The migration scenario is initially performed on one of the cluster of SQL servers. Then the migration scenario is performed on the other cluster of SQL servers. Then the migration scenario is performed on the Microsoft Exchange.

Migrating KSWS tasks and policies using the Policies and Tasks Batch Conversion Wizard

To migrate KSWS tasks, you can use the Policies and Tasks Batch Conversion Wizard (the migration wizard). As a result, instead of the SQL_Policy(1), SQL_Policy(2), and Exchange_Policy policies, you will get a single policy with three profiles for SQL and Microsoft Exchange servers respectively. The new policy profile with KSWS settings will be named UpgradedFromKSWS <Name of the Kaspersky Security for Windows Server policy>. In profile properties, the migration wizard automatically selects the UpgradedFromKSWS device tag as the triggering criterion. Thus the settings from the policy profile are applied to servers automatically.

Migrating the Kaspersky Endpoint Agent policy using the Policies and Tasks Batch Conversion Wizard

To migrate Kaspersky Endpoint Agent policies, you can use the Policies and Tasks Batch Conversion Wizard. The Policy and Task Migration Wizard for Kaspersky Endpoint Agent is only available in the Web Console.

Using tags to activate policy profiles in the properties of the new policy

Select the device tag that you assigned earlier as the profile activation condition. Open policy properties and select General rules for policy profile activation as the profile activation condition.

Installing KES instead of KSWS

Before installing KES, you must disable Password protection in KSWS policy properties.

Installing KES involves the following steps:

Prepare the installation package. In installation package properties, select the Kaspersky Endpoint Security for Windows 12.0 distribution kit and select the default set of components.
Create a Install application remotely task for one of the SQL server administration groups.
In task properties, select the installation package and the license key file.
Wait until the task successfully completes.
Repeat KES installation for remaining administration groups.

Kaspersky Security Center automatically adds the UpgradedFromKSWS tag to names of computers on the console after the KES installation is complete.

To check the KES installation, you can use the Report on protection deployment. You can also check the device status. To confirm application activation, you can use the Report on usage of license keys.

Activating EDR Optimum

You can activate EDR Optimum functionality using a stand-alone Kaspersky Endpoint Detection and Response Optimum Add-on license. You must confirm that the EDR Optimum key is added to the Kaspersky Security Center repository and the automatic license key distribution functionality is enabled.

To check EDR Optimum activation, you can use the Report on status of application components.

Confirming that KES is working

To confirm that KES is working, you can check and see that no errors are reported. The device status must be OK. Update and malware scan tasks and successfully completed.

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.