The following settings are saved and imported without changing their values:  

• Component and task settings 
• Task logs and system audit logs 
• The contents of Quarantine and Backup
• Accounts whose rights are used to launch tasks 
• Rights to control the Kaspersky Security service and application 
• Task notifications 

When migrating to the new version, the following settings are reset:

• All counters, including the statuses of anti-virus databases and whether updates are needed
• Information about installed software module and anti-virus database updates
• Task execution statuses
• Application and component settings configured through the registry
• Application and component settings changed and configured as a result of the installation of critical fixes

Applications Launch Control rules

When migrating to the new version, the application saves your lists of applications launch control rules without changing them. You don’t need to generate the lists again from scratch. An administrator can also import a configuration file created from rules used in previous versions into the Applications Launch Control task settings in the new version of Kaspersky Security for Windows Server.

When migrating to the new version, we recommend that you stop the Applications Launch Control task if it is running in Active mode, or switch the task to Statistics Only mode. After the migration is complete, we recommend that you use the Statistics Only mode to check the updated lists of rules and verify they work as expected.

List of untrusted computers

The new versions of the application (10.1.0.622, 10.1.1.746) change the mechanism used to block client computers exhibiting harmful file activity or encryption activity: 

• The new versions eliminate the Untrusted Hosts Blocking task.
• Blocking is now implemented by a change in the way the Real-Time File Protection and Anti-Cryptor tasks run.
• Lists of compromised client computers are saved in the Blocked Hosts storage.
• Settings for automatically unblocking a compromised client computer are configured in the properties for the Blocked Hosts storage.

After migration from version 10.0.0.486, lists of compromised client computers are not saved. Immediately after migrating and starting real-time protection tasks and the Anti-Cryptor task, the application automatically blocks access to network file resources according to the default settings for protection tasks using the Blocked Hosts storage.

Settings for automatically unblocking access to blocked network file resources are preserved during the migration process.

Changes concerning new application features after migration

• WMI: after upgrading to version 10.1.1, the WMI Provider component is registered in the system.
• AMSI: after upgrading to version 10.1.1, the Script monitoring component registers the AMSI Provider module and starts working through the IAntimalwareProvider interface on a computer running Microsoft Windows Server 2016 and later. If the Script monitoring component was not installed in the old version and was not selected for installation during upgrade, then the AMSI Provider module will not be registered.
• Software Distribution Control (the Application Launch Control subsystem): after upgrading to version 10.1.1, the checkbox Allow launching to all files from this distribution package extraction chain appears. This checkbox is cleared by default.
• PPL and ELAM: by default, the KAVFS service is not registered as PPL immediately after the installation. After upgrading to version 10.1.1 with default parameters, the KAVFS service will continue running without the PPL attribute.
• Compact Diagnostic Interface: after upgrading to 10.1.1, you can open the Compact Diagnostic Interface without entering password even if the password-protection feature is on. The Informational structure that is displayed in the Compact Diagnostic Interface is expanded: a new Statistics tab is available.  

Console 

When installing the Administration Tools and MMC snap-in of the 10.1.1 version on top of the previous version, automatic update is performed. Migration can be performed from all supported updatable versions including versions, that are a part of integrated critical fixes (e.g. KB14496).

It is recommended to install the Administration Tools of a new version along with the application of the same version, as there might be issues displaying application configuration and managing it, if the Application Console versions do not coincide.

Administration Plug-in

• The application supports upgrading Kaspersky Security Center Administration Plug-in to the version 10.1.1 only from major 10.1 versions of the plug-in.  
• The application supports upgrading within a major version.
• The application supports Kaspersky Security Center policies creation based on already existing policies of any previous versions of the Kaspersky Anti-Virus for Windows Server Enterprise Edition and Kaspersky Endpoint Security for Windows Server.
• The application allows to reuse policies that are already configured for updatable application version.

The terms of the Kaspersky Security Network Statement for Kaspersky Security 10.1.1 for Windows Server differ from the terms stipulated for previous versions of the application. To continue using the KSN cloud infrastructure to protect your server after you migrate to Kaspersky Security 10.1.1 for Windows Server, you must read and accept the terms of the new version of the Kaspersky Security Network Statement.

If the license keys of the versions being updated have not expired when you migrate, the application automatically accepts the them and activates. 

When version 10.1.1 activates using a license from a previous version of the application, a subset of the new components is available.

Any key used to activate previous versions of the application grants the right to use the following new components:

• Automatic Exploit Prevention
• Firewall Management

The availability of the following new components depends on the solution you are using:

• The File Integrity Monitor and Log Inspection components are available in solutions for file servers.
• The Device Control component is available in Advanced and Total solutions for file servers and network storages.
• The Traffic Security component (including the Microsoft Outlook extension) is available in Advanced and Total solutions and for file servers.
• The Traffic Security component is available for external proxy servers in the Total solutions for network storages.
• The Anti-Cryptor for NetApp component is available in the solution for network storages.

You do not have to restart your computer when installing over a previous version.

By default, the application creates a new installation folder based on the path to the existing installation folder: if possible, the application creates a folder using the name of the new version, while using the same folder path. An administrator can manually enter a new path for the installation folder.