1. Download the required version of Kaspersky Endpoint Security for Windows from the Kaspersky Security Center network folder or the Kaspersky website.
2. Unpack the installation package if it was downloaded from the Kaspersky website.
3. Depending on how you create the installation package, do the following:
   • If you create the installation package based on the downloaded package, put a patch with the .msp extension in the folder together with Kaspersky Endpoint Security for Windows.
   • If you create the installation package based on the existing application package in Kaspersky Security Center, copy the file of the patch to the “exec” folder.
4. Create a new installation package based on the KUD file in the folder where the patch is located.
5. Create a task to install the application together with the patch.

The installation package with the patch will be created.

1. Open Kaspersky Security Center.
2. Go to Advanced → Remote installation → Installation packages.
3. Click Create installation package.
4. Select Create an installation package for the specified executable file.
5. Enter the name for the package and click Next.

6. Click Browse and specify the path to the executable file of the patch.
7. In the Executable file command line field enter the following:

8. Click Next.

9. Click Done.

The installation package has been created.

Locally through the Installation wizard

1. Run the executable file of the patch.
2. Follow the instructions in the Installation Wizard.

Locally through the command line in the silent mode

1. Open the command line on the managed device.
2. Run the following command:

Remotely through Kaspersky Security Center

1. Open Kaspersky Security Center.
2. Go to Additional → Remote installation → Installation packages.
3. In the context menu of the created package, select Install application.

4. Choose one of the options:
   • Install on group of managed devices. Choose this option if you have already included devices in the administration groups.
   • Select devices for installation. Choose this option if you have no devices in administration groups or if you need to install the application to specific devices.

5. Select the devices or groups of devices on which the patches will be installed. Click Next.
6. Select the checkbox Do not install application if it is already installed. Click Next.

7. Follow the steps of the installation wizard.
8. At the Select accounts to access devices step, add the user account with the administrator permissions on selected devices. Click Next.
9. Click Next → Finish.
10. Run the patch installation task.

The patch is installed on the selected devices.

To troubleshoot issues that may occur during installation or removal of the patch, get a log file:

1. On the managed device, open:
   • The system folder where temporary files are located (during remote installation)
     e.g. C:\Windows\Temp
   • The folder where user’s temporary files are located (during local installation)
     e.g. C:\Users\Username\App Data\Local\Temp 
2. Save the msi****.log files.

Locally

To get the list of patches installed on a device:

• Click the Kaspersky Endpoint Security icon on Windows taskbar.
• In the context menu, select About.
• Go to Control Panel → Programs and Features and click View installed updates in the upper-left corner.

Remotely through Kaspersky Security Center

To get the list of patches installed in the network:

1. Open Kaspersky Security Center.
2. Open the Reports tab.
3. Right-click Kaspersky Lab software version report and select Properties.

4. Select one of the following sections:
   • Fields if you are using Kaspersky Security Center 13 or later.
   • Fields for report if you are using Kaspersky Security Center 12.
5. Select the checkbox for Updates installed in the Details fields and click OK.

6. Right-click Kaspersky Lab software version report and select Show report.

In the report, you will see the list of patches installed on the computers in the network.

To get the list of patches installed on a managed computer:

1. Open Kaspersky Security Center and go to Managed devices.
2. Open the properties of the device.
3. Open Applications registry.
4. Select the checkbox Show updates.
5. Click OK.

Information about installed patches will be displayed in the list.

To view the list of devices on which a specific patch is installed:

1. Open Kaspersky Security Center and go to Device selections.
2. Click Advanced → Create a selection.

3. Enter a name for the selection and click OK.
4. Click Selection properties.
5. Go to Conditions, choose the created selection and click Properties.

6. Open Applications registry.
7. In the Application name field, set the parameter <patch name or its part(*)>.
8. Select the checkbox Find by update.

9. Click OK.

The search results will appear in the list of devices.

Locally through the installation wizard

1. Go to Control Panel → Programs and Features.
2. Click View installed updates in the upper-left corner. 
3. In the context menu of the patch, click Delete. 

Locally through the command line

1. Open the command line on the client device.
2. Run the following command:
   • To uninstall the patch:
     
     msiexec /i <GUID KES> MSIPATCHREMOVE={GUID PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn
   • To uninstall the patch and install a patch:
     
     msiexec /i <GUID KES> MSIPATCHREMOVE={GUID PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn;
     {GUID PrivateFix} PATCH=<path to the patch MSP file> EULA=1 PRIVACYPOLICY=1 /qn

Remotely through Kaspersky Security Center

To remove a patch from all devices in the network:

1. In the Administration Console, go to Advanced → Application management → Software updates.
2. Open the properties of the patch to remove.
3. Select the status Declined in the Update approval drop-down list.

After running an update task, the patch will be removed from all devices in the network.

To remove a patch from a specific device or a group of devices:

1. In the Administration Console, go to Advanced → Remote installation → Installation packages.
2. In the right frame, click Create installation package.
3. Select Create an installation package for the specified executable file.
4. Enter the name for the package and click Next.
5. Click Select and specify the path to the MSP file with the patch. The file must be located in the folder with MSP and MSI files of the major application version.
6. In the Executable file command line field enter the following:
   • To uninstall the patch:
     
     /i <GUID KES> MSIPATCHREMOVE={GUID of PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn
   • To uninstall the patch and install a patch:
     
     /i <GUID KES> MSIPATCHREMOVE={GUID of PrivateFix} EULA=1 PRIVACYPOLICY=1 /qn;
     {GUID PrivateFix} PATCH=<name of the MSPfile of the patch> EULA=1 PRIVACYPOLICY=1 /qn
7. Click Next→ Finish.
8. Create a remote installation task with this installation package for a device or a group of devices.
9. Run the task to remove the patch.

10.  

Patch GUID

To view the GUID from the patch file:

1. Open the properties of the installation file of the patch.
2. Go to the Details tab.

Information about GUID will be displayed in the Edition line.

To view GUID on the device:

1. Go to Control Panel → Programs and Features.
   
2. Click View installed updates in the upper-left corner.
3. Press Alt. 
4. Go to View → Choose details.
5. Select the checkbox for Update ID and click OK.

Information about GUID will be displayed in the list.

KES GUID

To learn Kaspersky Endpoint Security GUID, run the command below on the device with Kaspersky Endpoint Security installed: