Kaspersky Endpoint Security 12.3 for Windows

Kaspersky Endpoint Security for Windows (hereinafter also referred to as “the application” or as “Kaspersky Endpoint Security”) gives corporate users all-in-one protection against known digital threats.

WHAT'S NEW IN KASPERSKY ENDPOINT SECURITY
Kaspersky Endpoint Security 12.3 for Windows offers the following features and improvements:
	1. Now you can install the application in the Endpoint Detection and Response Agent configuration (https://support.kaspersky.com/help/KESWin/12.3/en-US/256811.htm). This configuration allows installing the application with a set of components required by Detection and Response solutions by Kaspersky: Kaspersky Managed Detection and Response, and Kaspersky Anti Targeted Attack Platform (EDR). You can install the application in this configuration alongside third-party solutions (for example, Dr.Web, Dallas Lock, ESET). This lets you use third-party infrastructure security tools alongside Detection and Response by Kaspersky.
	2. Kaspersky Endpoint Security operation with Bluetooth devices has been improved (https://support.kaspersky.com/help/KESWin/12.3/en-US/255732.htm). Now you can configure exclusions and restrict access to all Bluetooth devices except input devices (wireless keyboards, mice, etc).
	3. The operation of Application Control component with the database of executable files has been optimized. Kaspersky Endpoint Security now automatically removes file information from the database if the file is deleted from the computer. This allows keeping the database up to date and saving Kaspersky Security Center resources.
	4. The level of computer protection requirements has been increased. The high protection level now requires enabling Password protection (https://support.kaspersky.com/help/KESWin/12.3/en-US/123303.htm). Check the protection level indicator in the upper part of the policy window (https://support.kaspersky.com/help/KESWin/12.3/en-US/176976.htm). If you have a medium or low protection level, you can enable Password protection in the protection level indicator recommendation window. 

MINIMUM HARDWARE AND SOFTWARE REQUIREMENTS
To ensure proper operation of Kaspersky Endpoint Security, your computer must meet the following requirements:
Minimum general requirements:
	- 2 GB of free disk space on the hard drive;
	- CPU:
		- Workstation: 1 GHz;
		- Server: 1.4 GHz;
		- Support for the SSE2 instruction set.
	- RAM:
		- Workstation (x86): 1 GB;
		- Workstation (x64): 2 GB;
		- Server: 2 GB.

Workstations
Supported operating systems for workstations:
	- Windows 7 Home / Professional / Ultimate / Enterprise Service Pack 1 or later;
	- Windows 8 Professional / Enterprise;
	- Windows 8.1 Professional / Enterprise;
	- Windows 10 Home / Pro / Pro for Workstations / Education / Enterprise / Enterprise multi-session;
	- Windows 11 Home / Pro / Pro for Workstations / Education / Enterprise.

For details about support for the Microsoft Windows 10 operating system, please refer to the Technical Support Knowledge Base (https://support.kaspersky.com/common/compatibility/13036).
For details about support for the Microsoft Windows 11 operating system, please refer to the Technical Support Knowledge Base (https://support.kaspersky.com/common/compatibility/15778).

Servers
Kaspersky Endpoint Security supports core components of the application on computers running the Windows operating system for servers. You can use Kaspersky Endpoint Security for Windows instead of Kaspersky Security for Windows Server on servers and clusters of your organization (Cluster Mode). The application also supports Core Mode (see known issues).
Supported operating systems for servers:
	- Windows Small Business Server 2011 Essentials / Standard (64-bit);
	  Microsoft Small Business Server 2011 Standard (64-bit) is supported only if Service Pack 1 for Microsoft Windows Server 2008 R2 is installed.
	- Windows MultiPoint Server 2011 (64-bit);
	- Windows Server 2008 R2 Foundation / Standard / Enterprise / Datacenter Service Pack 1 or later;
	- Windows Web Server 2008 R2 Service Pack 1 or later;
	- Windows Server 2012 Foundation / Essentials / Standard / Datacenter (including Core Mode);
	- Windows Server 2012 R2 Foundation / Essentials / Standard / Datacenter (including Core Mode);
	- Windows Server 2016 Essentials / Standard / Datacenter (including Core Mode);
	- Windows Server 2019 Essentials / Standard / Datacenter (including Core Mode);
	- Windows Server 2022 Standard / Datacenter / Datacenter: Azure Edition (including Core Mode).

For details about support for the Microsoft Windows Server 2016 and Microsoft Windows Server 2019 operating systems, please refer to the Technical Support Knowledge Base (https://support.kaspersky.com/common/compatibility/13036).
For details about support for the Microsoft Windows Server 2022 operating system, please refer to the Technical Support Knowledge Base (https://support.kaspersky.com/common/compatibility/15778).
Unsupported operating systems for servers:
	- Windows Server 2003 Standard / Enterprise / Datacenter SP2 or later;
	- Windows Server 2003 R2 Foundation / Standard / Enterprise / Datacenter SP2 or later;
	- Windows Server 2008 Standard / Enterprise / Datacenter SP2 or later;
	- Windows Server 2008 Core Standard / Enterprise / Datacenter SP2 or later;
	- Microsoft Small Business Server 2008 Standard / Premium SP2 or later.

Virtual platforms
Supported virtual platforms:
	- VMware Workstation 17.0.2 Pro;
	- VMware ESXi 8.0 Update 1c;
	- Microsoft Hyper-V Server 2019;
	- Citrix Virtual Apps and Desktops 7 2305;
	- Citrix Provisioning 2305;
	- Citrix Hypervisor 8.2 (Cumulative Update 1).

Terminal servers
Supported terminal server types:
	- Microsoft Remote Desktop Services based on Windows Server 2008 R2 SP1;
	- Microsoft Remote Desktop Services based on Windows Server 2012;
	- Microsoft Remote Desktop Services based on Windows Server 2012 R2;
	- Microsoft Remote Desktop Services based on Windows Server 2016;
	- Microsoft Remote Desktop Services based on Windows Server 2019;
	- Microsoft Remote Desktop Services based on Windows Server 2022.

The limitations on support for server and virtual platforms are presented in the user documentation (https://support.kaspersky.com/help/KESWin/12.3/en-US/201943.htm).

APPLICATION COMPATIBILITY WITH THE KASPERSKY SECURITY CENTER REMOTE ADMINISTRATION SYSTEM

Kaspersky Security Center support
Kaspersky Endpoint Security supports operation with the following versions of Kaspersky Security Center:
	- Kaspersky Security Center 12
	- Kaspersky Security Center 13
	- Kaspersky Security Center 13.1
	- Kaspersky Security Center 13.2
	- Kaspersky Security Center 13.2.2
	- Kaspersky Security Center 14
	- Kaspersky Security Center 14.1
	- Kaspersky Security Center 14.2
	- Kaspersky Security Center Linux 14.2
	- Kaspersky Security Center Linux 15

The administration web plug-in for Kaspersky Endpoint Security for Windows version 12.3 is compatible with Kaspersky Security Center Web Console version 13 or later.
To manage the application remotely via Kaspersky Security Center:
	1. Install Network Agent on the computer.
	For more details about installing the Network Agent, please refer to the Kaspersky Security Center Help (https://support.kaspersky.com/help/KSC/14.2/en-US/index.htm).
	2. Install the Management Plug-in for Kaspersky Endpoint Security for Windows in the Kaspersky Security Center Administration Console.
	The installation package for the Kaspersky Endpoint Security Management Plug-in is included in the distribution package.
	The web plug-in installation package is available for download on the website and in the plug-in management window of Kaspersky Security Center Web Console (https://www.kaspersky.com/small-to-medium-business-security/downloads/endpoint). To install the web plug-in version 12.3, you should first remove the previous version of the web plug-in.

INSTALLATION
To install the application locally, run the setup_kes.exe file from the full distribution package and follow the Setup Wizard instructions. You can read more about how to install the application in the user documentation (https://support.kaspersky.com/help/KESWin/12.3/en-US/50360.htm).
During installation, Kaspersky Endpoint Security for Windows detects applications on the computer that, when used together, could potentially reduce computer performance or lead to other compatibility problems (even resulting in complete inoperability). The full list of incompatible software is available in the user documentation (https://support.kaspersky.com/help/KESWin/12.3/en-US/182030.htm).
You can upgrade the following applications to Kaspersky Endpoint Security for Windows version 12.3 when installing from the full distribution package:
	- Kaspersky Endpoint Security 11.7.0 for Windows (build 11.7.0.669).
	- Kaspersky Endpoint Security 11.8.0 for Windows (build 11.8.0.384).
	- Kaspersky Endpoint Security 11.9.0 for Windows (build 11.9.0.351).
	- Kaspersky Endpoint Security 11.10.0 for Windows (build 11.10.0.399).
	- Kaspersky Endpoint Security 11.11.0 for Windows (build 11.11.0.452).
	- Kaspersky Endpoint Security 12.0 for Windows (build 12.0.0.465).
	- Kaspersky Endpoint Security 12.1 for Windows (build 12.1.0.506).
	- Kaspersky Endpoint Security 12.2 for Windows (build 12.2.0.462).

When you update Kaspersky Endpoint Security for Windows, consider the following:
	- If the Full Disk Encryption (FDE) or File Level Encryption (FLE) components are installed on the computer, you must use the distribution package with the same key length to upgrade the application to version 12.3:
		- keswin_12.3.<XXXX>_<localization>_aes256 if you are upgrading an application that was installed from the AES256 distribution package;
		- keswin_12.3.<XXXX>_<localization>_aes56 if you are upgrading an application that was installed from the AES56 distribution package.
	  Upgrading the application using a distribution package with a different key length is not supported.
	- If data encryption components (FDE or FLE) are not installed on the computer, you can use a distribution package with any key length to upgrade the application to version 12.3.
	- Upgrading Kaspersky Endpoint Security for Windows from beta versions to version 12.3 is not supported.

UPDATING VIA THE KASPERSKY UPDATE SERVICE
Kaspersky Endpoint Security 12.3 for Windows can be installed via the Kaspersky update service.
Through the Kaspersky update service, you can update the following applications:
	- Kaspersky Endpoint Security 11.7.0 for Windows (build 11.7.0.669).
	- Kaspersky Endpoint Security 11.8.0 for Windows (build 11.8.0.384).
	- Kaspersky Endpoint Security 11.9.0 for Windows (build 11.9.0.351).
	- Kaspersky Endpoint Security 11.10.0 for Windows (build 11.10.0.399).
	- Kaspersky Endpoint Security 11.11.0 for Windows (build 11.11.0.452).
	- Kaspersky Endpoint Security 12.0 for Windows (build 12.0.0.465).
	- Kaspersky Endpoint Security 12.1 for Windows (build 12.1.0.506).
	- Kaspersky Endpoint Security 12.2 for Windows (build 12.2.0.462).

Upgrading Kaspersky Endpoint Security for Windows from beta versions to version 12.3 is not supported.
The following special considerations should be taken into account when updating through the Kaspersky update service:
	- After installing the update, you cannot roll back to the previous version of the application.
	- This update is available only for application with valid license.
	- Management of Kaspersky Disk Encryption technology (FDE) is unavailable until installation of the application update is complete.
	- To complete the update installation, you must restart your computer.
	- To complete the update on a computer with hard drives that were encrypted using Kaspersky Disk Encryption (FDE), you will need to restart the computer twice.
	- During installation, Kaspersky Endpoint Security for Windows detects applications on the computer that, when used together, could potentially reduce computer performance or lead to other compatibility problems (even resulting in complete inoperability). There is no option to skip scan for incompatible software. If you wish to disable scan for incompatible software, you need to use another application installation method, such as Install application remotely task. The full list of incompatible software is available in the user documentation (https://support.kaspersky.com/help/KESWin/12.3/en-US/182030.htm).
	- Installing and updating Kaspersky Endpoint Agent (also Endpoint Agent) through the Kaspersky update service is not supported.
	- If you are using Kaspersky Update Utility to update application modules and databases, enable support for Kaspersky Endpoint Security 12.3 in the utility settings.

COMPATIBILITY WITH KASPERSKY ENDPOINT AGENT
Kaspersky is switching all Detection and Response to working with the Kaspersky Endpoint Security built-in agent instead of Kaspersky Endpoint Agent. Starting with version 12.1, the application supports all Detection and Response solutions. In addition, starting with version 12.1, the application is no longer compatible with Kaspersky Endpoint Agent, and installing both applications side by side on the same computer is no longer possible.

LIST OF BUGS FIXED AND PRIVATE PATCHES INCLUDED IN THE RELEASE
The list of fixed issues and private patches included in the release is available on the Technical Support website (https://support.kaspersky.com/kes12/troubleshooting/other/15959).

MAIN KNOWN ISSUES
The list of limitations and known issues is available in the user documentation (https://support.kaspersky.com/help/KESWin/12.3/en-US/201943.htm).
© 2023 AO Kaspersky Lab