Managing private patches for Kaspersky Endpoint Security for Windows
Show applications and versions that this article concerns
- Kaspersky Endpoint Security 12.5 for Windows (version 12.5.0.539)
- Kaspersky Endpoint Security 12.4 for Windows (version 12.4.0.467)
- Kaspersky Endpoint Security 12.3 for Windows (version 12.3.0.493)
- Kaspersky Endpoint Security 12.2 for Windows (version 12.2.0.462)
- Kaspersky Endpoint Security 12.1 for Windows (version 12.1.0.506)
- Kaspersky Endpoint Security 12 for Windows (version 12.0.0.465)
- Kaspersky Endpoint Security 11.11 for Windows (version 11.11.0.452)
- Kaspersky Endpoint Security 11.10 for Windows (version 11.10.0.399)
- Kaspersky Endpoint Security 11.9 for Windows (version 11.9.0.351)
- Kaspersky Endpoint Security 11.8 for Windows (version 11.8.0.384)
- Kaspersky Endpoint Security 11.7 for Windows (version 11.7.0.669)
How to download the latest cumulative patch
- Sign in to your account on Kaspersky CompanyAccount.
- Click New request.
- Select Submit a request to technical support.
- Fill out the fields: Protection scope, Product, Product version.
If a cumulative patch is available for your application version, you will be recommended to download and install it.
How to create an installation package with a patch
- Download the required version of Kaspersky Endpoint Security for Windows from the Kaspersky Security Center network folder or the Kaspersky website.
- Unpack the application installation package if it was downloaded from the Kaspersky website.
- Depending on how you create the installation package, do the following:
- If you create the installation package based on the downloaded package, put a patch with the .msp extension in the folder together with Kaspersky Endpoint Security for Windows.
- If you create the installation package based on the existing application package in Kaspersky Security Center, copy the patch file to the exec folder.
- Create a new installation package based on the KUD file in the folder where the patch is located.
- Create a task to install the application together with the patch.
The installation package with the patch will be created.
You can download the patch with the .msp extension for your application version in Kaspersky CompanyAccount using these instructions.
How to create a patch installation package
- Open Kaspersky Security Center.
- Go to Advanced → Remote installation → Installation packages.
- Click Create installation package.
- Select Create an installation package for the specified executable file.
- Enter the name for the package and click Next.
- Click Browse and specify the path to the patch installation file.
- In the Executable file command line (optional) field, enter:
- Click Next.
- Click Done.
How to install the patch
Locally through the Installation wizard
- Run the executable file of the patch.
- Follow the instructions in the Installation Wizard.
Locally through the command line in the silent mode
- Open the command line on the managed device.
- Run the command:
Remotely through Kaspersky Security Center
- Open Kaspersky Security Center.
- Go to Advanced → Remote installation → Installation packages.
- Open the context menu of the created package and select Install application.
- Choose one of the options:
- Install on group of managed devices. Choose this option if you have already included devices in the administration groups.
- Select devices for installation. Choose this option if you have no devices in administration groups or if you need to install the application to specific devices.
- Select the devices or groups of devices on which the patches will be installed. Click Next.
- Select the Do not re-install application if it is already installed check box. Click Next.
- Follow the steps of the remote installation wizard.
- At the Select accounts to access devices step, add the user account with the administrator permissions on selected devices. Click Next.
- Click Next → Finish.
- Run the patch installation task.
How to get a patch installation or removal log
To troubleshoot issues that may occur during installation or removal of the patch, get a log file:
- On the managed device, open:
- The system folder where temporary files are located (during remote installation)
e.g. C:\Windows\Temp - The folder where user’s temporary files are located (during local installation)
e.g. C:\Users\Username\App Data\Local\Temp
- The system folder where temporary files are located (during remote installation)
- Save the msi****.log files.
How to check if the patches are installed on managed devices
Locally
To get the list of patches installed on a managed device:
- Right-click the Kaspersky Endpoint Security icon on Windows taskbar.
- In the context menu, select About.
- Go to Start → Control Panel → Programs and Features and click View installed updates in the upper-left corner.
Remotely through Kaspersky Security Center
To get the list of patches installed in the network:
- Open Kaspersky Security Center.
- Open the Reports tab.
- Right-click Kaspersky Lab software version report and select Properties.
- Select one of the following sections:
- Fields if you are using Kaspersky Security Center 13 or later.
- Fields for report if you are using Kaspersky Security Center 12.
- Select the Updates installed check box in the Details fields and click OK.
- Right-click Kaspersky Lab software version report and select Show report.
In the report, you will see the list of patches installed on the devices in the network.
To get the list of patches installed on a managed device:
- Open Kaspersky Security Center and go to Managed devices.
- Open the properties of the device.
- Go to Applications, select Kaspersky Security for Windows and open its properties.
Information about installed patches will be displayed in the list.
To view the list of devices on which a patch is installed:
- Open Kaspersky Security Center and go to Device selections.
- Click Advanced → Create a selection.
- Enter a name for the selection and click ОК.
- Click Selection properties.
- Go to Conditions, choose the created selection and click Properties.
- Go to Application and specify the Critical update name. Click ОК.
The search results will appear in the list of devices.
How to remove the patch
Locally through the installation wizard
- Go to Control Panel → Programs and Features.
- Click View installed updates in the upper-left corner.
- In the context menu of the patch, click Delete.
Locally through the command line
- Open the command line on the client device.
- Run the command:
- To remove the patch:
msiexec /i <GUID KES> MSIPATCHREMOVE={GUID PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn - To remove the patch and install an update:
msiexec /i <GUID KES> MSIPATCHREMOVE={GUID PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn;
{GUID PrivateFix} PATCH=<path to the .msp file with the patch> EULA=1 PRIVACYPOLICY=1 /qn
- To remove the patch:
Remotely through Kaspersky Security Center
To remove a patch from all devices in the network:
- In the Administration Console, go to Advanced → Application management → Software updates.
- Open the properties of the patch to remove.
- Select the status Declined in the Update approval drop-down list.
After running an update task, the patch will be removed from all devices in the network.
To remove a patch from a specific device or a group of devices:
- In the Administration Console, go to Advanced → Remote installation → Installation packages.
- In the right frame, click Create installation package.
- Select Create an installation package for the specified executable file.
- Enter the name for the package and click Next.
- Click Browse and specify the path to the .msp file with the patch. The file must be located in the folder with .msp and .msi files of the major application version.
- In the Executable file command line field type:
- To remove the patch:
/i <GUID KES> MSIPATCHREMOVE={GUID of PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn - To remove the patch and install an update:
/i <GUID KES> MSIPATCHREMOVE={GUID of PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn;
{GUID PrivateFix} PATCH=<name of the .msp file with the patch> EULA=1 PRIVACYPOLICY=1 /qn
- To remove the patch:
- Click Next → Finish.
- Create a remote installation task with this installation package for a device or a group of devices.
- Run the task to remove the patch.
How to get a GUID of the patch
Patch GUID
To view the GUID from the patch file:
- Open the properties of the installation file of the patch.
- Go to the Details tab.
Information about GUID will be displayed in the Edition line.
To view GUID on the device:
- Go to Control Panel → Programs and Features.
- Click View installed updates in the upper-left corner.
- Press Alt.
- Go to View → Choose details.
- Select the Update ID check box and click OK.
Information about GUID will be displayed in the list.
GUID KES
To learn Kaspersky Endpoint Security for Windows GUID, run the command below on the device with Kaspersky Endpoint Security installed:
You can also learn GUID for your version of Kaspersky Endpoint Security for Windows in this article.