23/07/2025, 13:05 KL 047.12.6.

Kaspersky Next EDR Optimum

KL 047.12.6.
Kaspersky Next
EDR Optimum

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 1/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Table of contents
Glossary
Lab 1. Preparing the environment
Lab 2. Preparing Endpoint Detection and Response Optimum for use
Lab 3. Incident response
Lab 4. Eradication
Lab 5. How to scan devices for vulnerabilities and required updates
Lab 6. How to install critical Windows updates on workstations
Lab 7. How to fix vulnerabilities on multiple operating systems
Lab 8. How to install only approved updates for third-party software in a group of computers
Lab 9. How to automatically update all browsers on client computers
Lab 10. How to fix vulnerabilities in all programs except, for example, Java
Lab 11. How to install all available third-party updates in a group of computers
Lab 12. How to install a third-party application using the Kaspersky database

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 2/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Glossary
KES
Kaspersky Endpoint Security

EDR
Endpoint Detection and Response

IoC
Indicator of compromise

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 3/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 1. Preparing the environment

Scenario. In this lab, you will prepare the environment for other labs.

Contents. In this lab, we will:

1. Create a Kaspersky Endpoint Security for Windows policy

2. Create a group structure

3. Create installation packages

4. Install Network Agent

5. Create a connection gateway

6. Install Kaspersky Endpoint Security for Windows

7. Create an update task

8. Check the activation status

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 4/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Create a Kaspersky Endpoint Security for

Windows policy
To begin the preparation, we will create a policy for Kaspersky Endpoint Security for Windows. This step is
best performed before installation to ensure that the correct settings are applied as soon as Endpoint Security
for Windows is deployed.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 5/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

In these labs, you will work with the Kaspersky Next Expert Console console on the
Admin machine.
The Alex and Admin machines must be powered on.

1. Go to https://ksc.kaspersky.com and sign in using your account

2. Click the Go to workspace link

3. Select the check boxes of the agreements and click I ACCEPT THE TERMS

4. Select the check box to confirm you have read the Hardening Guide, then click Accept

5. In the Kaspersky Next Expert Console console, go to Assets (Devices) | Policies &

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 6/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

profiles
6. Click + Add

7. Select Kaspersky
Endpoint Security for
Windows (12.6.0) and
click Next

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 7/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

8. Agree to use KSN and click

Next

9. Select Standard mode to

protect workstations
and servers and click
Next

10. On the Exclusions page, click Next without making any changes

11. Click Save

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 8/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Create a group structure

Create two subgroups in Managed devices: Group A and Group B.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 9/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

12. Go to Assets (Devices) | Hierarchy of groups

13. Select the Managed devices group and click +Add

14. Name the group Group A

and click Add

15. Select the Managed devices group again and click +Add

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 10/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

16. Name the group Group B

and click Add

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 11/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task С: Create installation packages

Create installation packages for Network Agent and Kaspersky Endpoint Security for Windows.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 12/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The task is performed on Admin.

17. Go to Discovery & deployment | Deployment & assignment | Installation packages

18. Click +Add

19. Leave the default option

Create an installation
package for a
Kaspersky application
unchanged and click Next

20. Click Filter

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 13/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

21. Click +Add

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 14/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

22. Specify the following:

Property Language

Condition =

Value English

23. Click + Add and specify the

following:

Property Operating
system

Condition =

Value Windows

24. Click Apply

25. Click the cross icon to close

the window

26. Click the link Kaspersky Security Center Network Agent for Windows

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 15/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

27. Click Download and

create installation
package

28. Wait for the download to

complete

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 16/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

29. When prompted to accept

the End User License
Agreement, click Show
EULA

30. In the window that opens,

accept the EULA terms

31. Close the package download

window

32. Click the link Kaspersky Endpoint Security for Windows (12.6.0) (English) (Lite encryption)

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 17/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

33. Click Download and

create installation
package

34. Wait for the download to

complete

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 18/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

35. Close the window

36. Close the window with the list of applications

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 19/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task D: Install Network Agent

Install Network Agent on the Admin device. To do so, download the Network Agent distribution from
Kaspersky Next Expert Console and install it manually. You must get the Network Agent distribution
from the Console because the HDS server address and the workspace ID are specified in that distribution,
which lets the Agent get the address of the Administration Server from the HDS server.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 20/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The task is performed on Admin.

37. On the Discovery & deployment | Deployment & assignment | Installation packages
page, select the Network Agent package

38. Click +Deploy

39. Select Using a stand-

alone package

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 21/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

40. Do not change anything on

the Move…​page and click
Next

41. Click Download stand-

alone installation
package

42. Wait for the package to

download and click Finish

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 22/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

43. Run the downloaded

installer.exe file from the
Downloads folder

44. In the window that opens,

click Start installation

45. Click OK to close the

window

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 23/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task E: Create a connection gateway

Assign the distribution point role to the Network Agent installed on the Admin machine. After this, you will
be able to assign the connection gateway role to it. The connection gateway will facilitate interaction between
the administration server and clients, because a connection gateway maintains communication with
Kaspersky Security Center Cloud Console to quickly receive commands and new settings.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 24/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

46. Go to Discovery & deployment | Unassigned devices

47. Select the check box for the Admin device and click Move to group

48. Under Managed devices

, select Group A and click
Move

49. Click Assign distribution point in the upper-right corner of the window

50. The link takes you to the Assets (devices) | Distribution points section. Click Assign

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 25/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Assets (devices) | Distribution points section may be missing. Make

sure some group is specified as the Current path in the Assets (devices) |
Managed devices section, rather than the root node of the Administration
Server (in your console, it is named StudentN, where N is the number of your
virtual Administration Server)

51. Expand Group A and select

the check box for the
ADMIN device

The
scope
of this
distribu
tion
point
will be
the
root
group
(Mana
ged
devic
es)

52. Click OK

53. To see the new distribution point, click the Current path line and select Group A in the menu on
the left

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 26/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

54. Click the ADMIN device

55. In the distribution point

properties window that
opens, switch to the
Connection gateway
section and enable the
Connection gateway
option

56. Click OK

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 27/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task F: Install Kaspersky Endpoint Security for

Windows
Install the Network Agent on the Alex device and Kaspersky Endpoint Security for Windows on both devices
(Admin and Alex). You can do this using a single task.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 28/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

57. Go to Discovery & deployment | Deployment & assignment | Installation packages

58. Click the package Kaspersky Endpoint Security for Windows (12.6.0) (English) (Lite encryption)

59. In the package properties, open the Settings tab, select the check box of the Endpoint Detection
and Response Optimum component and click Save

60. Go to Discovery & deployment | Deployment & assignment | Protection deployment

wizard

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 29/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

61. Select the package Kaspersky

Endpoint Security for Windows
(12.6.0) (English) (Lite encryption)
and click Next

62. Select the available Network Agent

package and click Next

63. Click Select devices for

installation

64. Select the IP addresses option

65. Click Add and add address

10.28.0.100

66. Click Add one more time and add

address 10.28.0.200

67. Click Next

68. Enter the task name: Deploy

Kaspersky Endpoint Security for
Windows (12.6.0)

69. Select the checkbox Using

operating system resources
through distribution points
and click Next

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 30/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

70. On the next two pages, click Next

without changing anything

71. On the Move…​page, select Move

unassigned devices to group,
specify Group B, and click Next

72. Select Account required

(Network Agent is not used)
and click Add

Network
Agent is
already
installed on
the ADMIN
connection
gateway, and
this option is
relevant only
for the other
device, Alex.

73. Add the following account

Type Local account

Account Administrator

Password Ka5per$Ky

and click OK

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 31/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

74. Click Next

75. Select the checkbox Run the task

after wizard finishes and click
Next

76. Switch to the Assets (Devices) | Tasks tab

77. Click the installation task of Kaspersky Endpoint Security for Windows

78. Switch to the Results tab

79. Make sure the task has completed successfully and close the task properties

The task completes in 20-30 minutes

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 32/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 33/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task G. Create an update task

Create an update task for the Managed devices group. Schedule it to run every 3 hours.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 34/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

80. Go to Assets (Devices) | Tasks

81. Click Add

82. Select Kaspersky Endpoint

Security for Windows (12.6.0)

83. Select Update for the task type

and click Next

84. Select the Managed devices

group

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 35/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

85. On the next page, click Next

86. On the last page of the wizard, click

Finish

The Open
task details
when
creation is
complete
checkbox is
selected, so a
window with
the task
settings will
open.

87. In the task settings, switch to the

Schedule tab

88. Specify the following:

Start task Every N hours

Interval 3

89. Click Save

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 36/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task H. Check the activation status

We do not activate endpoint devices manually, they are activated automatically by a key distributed from the
primary Administration Server.

90. Go to Operations | Kaspersky licenses

91. Make sure a license is displayed on the page

92. Click the license

93. Switch to the Devices tab and make sure both devices are displayed there, which means that they
have been activated

Conclusion
In this lab, you set up a minimal environment with a policy, a group structure, and two clients protected by
Kaspersky Next Expert Console.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 37/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 2. Preparing Endpoint Detection and

Response Optimum for use
Scenario. Your company has already activated Kaspersky Next EDR Optimum with the corresponding
activation key. However, EDR component is disabled by default. Now you need to enable the Endpoint
Detection and Response Optimum component on computers with Kaspersky Endpoint Security.

Contents. In this lab, we will:

1. Add the Alerts widget

2. Enable the Endpoint Detection and Response Optimum component

3. Check health of the Endpoint Detection and Response Optimum component

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 38/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Add a widget and select to display alerts

In this task, you will prepare Kaspersky Next Expert Console for work with enriched detection events: add
the Alerts widget.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 39/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

1. Open Kaspersky Next Expert Console

2. On the side menu, select Monitoring & reporting | Dashboard

3. Add a new widget. Click Add or restore web widget

4. Type alerts in the search box, then

expand Threat statistics

5. Select the Alerts widget and click Add

6. To place the widget to a specific

location, click the three-dot menu in the
top right corner and select Move

7. Open the interface settings: click Settings in the lower left corner

8. Select Interface options and make sure the Show EDR alerts option is enabled. This option
shows the Alerts sub-section in the Monitoring & reporting section of the menu

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 40/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 41/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Enable the Endpoint Detection and Response

Optimum component
By default, Endpoint Detection and Response Optimum is not active, i.e. is disabled. In this task, you will
enable Endpoint Detection and Response Optimum.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 42/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

9. Open Assets (Devices) | Policies & profiles

10. Open the properties of the Kaspersky Endpoint Security for Windows policy

11. Switch to the Application settings

12. Open the Essential Threat

Protection section

13. Make sure the Firewall component is

enabled

The Firewall
component enables
Endpoint Detection
and Response
Optimum to collect
telemetry about
network
connections.

14. Go to Detection and Response

15. Click Endpoint Detection and

Response

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 43/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

16. Enable the Endpoint Detection and

Response functionality

17. Click OK

18. Save the policy

Switch to the Admin machine.

19. Log on to Admin as Administrator

with the password Ka5per$Ky

20. Open Kaspersky Endpoint Security for

Windows application interface to check
the status of Endpoint Detection and
Response protection component

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 44/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task C: Check health of the Endpoint Detection and

Response component
In this task, you will run a test file that emulates steps of a complex attack on an enterprise network to check
health of the EDR component and get an enriched detection event (an alert card).

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 45/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The task is performed on Admin.

21. Start the Google Chrome browser.

22. Download an archive with an executable

file that simulates malicious activity
from https://kas.pr/edro_sample

23. Open the folder with the file

24. Unpack the archive sw_test.zip

Password: infected

25. Run the executable file sw_test.exe as

administrator

26. In Kaspersky Next Expert Console, open

the dashboard. Switch to Monitoring &
reporting | Dashboard

27. Find the Alerts widget. Notice that an

enriched event has appeared: the
Enriched counter is non-zero

28. Click the link Enriched

29. Click More details

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 46/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

30. Make sure the File Threat Protection

component has blocked the threat

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 47/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
The Endpoint Detection and Response functionality is a core part of the Endpoint Detection and Response
Optimum solution. In this lab, we added the Endpoint Detection and Response component to Kaspersky
Endpoint Security, configured Kaspersky Next Expert Console for further response actions, and verified that
Endpoint Detection and Response handles incidents correctly. In the following labs, we will look at how you
can block the development of an attack and recover from the impact.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 48/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 3. Incident response

Scenario. You have enabled Endpoint Detection and Response Optimum in event enrichment mode and got
a malicious activity alert card. Now you need to isolate the attacked computer from the network, examine the
files left after the attack and configure automatic prevention of such threats.

Contents. In this lab, we will:

1. Create network isolation exclusions in task settings

2. Isolate the Admin computer from the network

3. Create a prevention rule

4. Terminate a process

5. Quarantine a file

6. Examine the files created by the malware

7. Create network isolation exclusions in the policy

8. Create an IoC scan task

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 49/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Create network isolation exclusions in task

settings
In this task, you will create exclusions for RDP connections in the properties of the "Network isolation" task
to make it possible to connect to this computer while isolation is active.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 50/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Exclusions specified in computer properties are applied when Network isolation is

turned on manually in the device properties or from alert details.

The Alex and Admin machines must be powered on.

1. Open Kaspersky Next Expert Console

2. Go to Assets (Devices) | Managed Devices and click Admin

3. Switch to the Tasks tab and click the Network isolation task

4. Switch to the Application settings

tab

5. Click Network isolation exclusions

6. Click Add from profile

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 51/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

7. Select Remote Desktop Services,

click OK twice and save the task settings

8. Close the properties of the Admin

computer

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 52/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Isolate the Admin computer from the network

We recommend that you isolate a compromised computer prior to analyzing an incident.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 53/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

9. Open Monitoring & reporting |

Alerts

10. In the Alerts web widget, click the link

Enriched

11. Click More details

12. To enable network isolation for the Admin computer, click Isolate device from the network

13. Confirm isolating the computer

14. Go to Assets (Devices) | Tags | Device tags

15. Click View devices to see which computers have been tagged ISOLATED FROM NETWORK

If the tag has not appeared yet, wait 3-5 minutes and refresh the page.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 54/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

16. Notice that Admin has automatically

received the tag Isolated from
network

This tag is assigned to all computers that get isolated from the network, whether
manually or automatically.

Switch to the Admin machine.

17. Log on to the Admin machine as Administrator with the password Ka5per$Ky using RDP
connection

18. Make sure network isolation has been

applied to the Admin computer. Click
OK in notification window

The notification
window of Kaspersky
Endpoint Security may
have disappeared
already. Don’t worry;
proceed to further steps.

19. Open the command line interface

20. Check accessibility of the public DNS

server 8.8.8.8

Use the Ping

command.

21. Make sure network isolation works and

the public DNS server is inaccessible

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 55/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task C: Create a prevention rule

In this task, you will create a prevention rule for the sw_test.exe file and enable the Execution
Prevention functionality.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 56/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

22. Return to the alert card that shows

malicious activity on the Admin
computer

23. Click the sw_test.exe file that was not

blocked

24. Click Prevent execution

25. In the message that opens, click OK

26. Close the alert card

27. Open Assets (Devices) | Policies & profiles

28. Open the Kaspersky Endpoint Security for Windows policy

29. Switch to the Application settings

tab and open Detection and
Response

30. Click Endpoint Detection and

Response

31. Enable Execution Prevention

32. Select Block and write to report

33. In the Execution prevention area,

verify that a rule that blocks the
sw_test.exe file has been added to the
table

34. Open the rule properties

35. Notice that the rule is based on the file’s

MD5 checksum

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 57/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

You can use the file

path and/or its
checksum in
prevention rules.
You can create
prevention rules for
executables, scripts
and Microsoft
Office documents.

36. Click OK twice and save the policy

Switch to the Admin machine.

37. In Windows Explorer, open

C:\Users\Public\Downloads\ folder

38. Unpack the sw_test.zip archive.

Password: infected

39. Run the file sw_test.exe as

administrator

40. Make sure Kaspersky Endpoint Security

blocks the sw_test file

Notice that
Kaspersky
Endpoint Security
does not delete the
file; it only
prevents it from
running.

41. Close the window that informs you that

the file cannot be started

42. Open Kaspersky Next Expert

Console

43. On the side menu, select Monitoring &

reporting | Event selections

44. Click Critical events

45. The last event in the list of critical events indicates detection and blocking of an attempt to execute a

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 58/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

file from the denylist.

46. Return to the Admin computer

47. Open Task Manager by typing "Task…​"

in search box on the taskbar

48. Find a process "TestSample4EDRO (32

bit)". We will terminate this malicious
process in the next task

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 59/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task D: Terminate a process

In this task, you will create a task to terminate a process that was started by a malicious file.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 60/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

49. Return to the alert card that shows malicious activity on the Admin computer

50. Click the sw_test.exe file

51. Copy full process path to the clipboard

(we will need it later)

52. Go to Assets (Devices) | Tasks

53. Click Add

54. In the task creation wizard, specify the

following:

Application: Kaspersky Endpoint

Security for Windows

Task type: Terminate Process

Task name: Terminate sw_test.exe

55. Select Specify device addresses

manually or import addresses
from a list and click Next

56. Click Add devices

57. On the drop-down list, choose Select

networked devices detected by
Administration Server

58. Expand the group Managed devices /

Group A

59. Select the Admin computer and click

Add

60. On the subsequent two pages, click

Next

61. Select the checkbox Open task

details when creation is complete
and click Finish

62. Switch to the Application settings

tab

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 61/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

63. In the Full file path field, paste the

copied path to sw_test.exe and
click Save

64. Run the Terminate sw_test.exe task

and wait for the task to complete
successfully

65. Return to the Admin computer

66. Open Task Manager to make sure the

process "TestSample4EDRO (32 bit)" is
no longer there among running
processes

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 62/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task E: Quarantine a file

In this task, you will quarantine a file by sending it to a special repository on the Administration Server.

67. Return to the alert card that shows malicious activity on the Admin computer

68. Click the sw_test.exe file

69. Click Move to Quarantine

70. Confirm moving file to quarantine

71. Go to Operations | Repositories | Quarantine

72. On this page, you can download a file to the administrator’s computer, consult information about a
file in Kaspersky Open Threat Intelligence Portal, restore a file after analysis, or delete it from the
quarantine

Files appear in the quarantine 1-2 minutes after a task is created.

73. Working on you own, quarantine the other executable file from the malicious activity detection card
(kngsv.exe)

The file name of a child process is randomly generated and may differ from our
example.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 63/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task F: Examine the files created by the malware

In this task, you will use a Get file task to retrieve a non-executable droppedfile1 and study it.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 64/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

74. Return to the alert card that shows

malicious activity on the Admin
computer

75. To open the list of files created by

blocked process kngsv.exe, click File
creation

76. View the list of created files

77. Click the link

C:\Users\Administrator\AppData\Local\
Temp\2\droppedfile1

78. Copy the full path to the file from the

Name field to the clipboard (we will
need it later)

Since droppedfile1
is not an executable
file, Kaspersky
Endpoint Security
doesn’t calculate its
checksum.

79. Close the File creation pane

80. Close the window with the list of files

81. Close the alert card

82. Open Assets (Devices) | Tasks

83. Click Add

84. In the task creation wizard, specify the

following:

Application: Kaspersky Endpoint

Security for Windows

Task type: Get file

Task name: Get droppedfile1

85. Select Specify device addresses

manually or import addresses
from a list and click Next

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 65/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

A Get file task places a

copy of the file into
the quarantine, leaving
the original file in
place.

86. Click Add devices

87. On the drop-down list, choose Select

networked devices detected by
Administration Server

88. Expand the group Managed devices /

Group A

89. Select the Admin computer and click

Add

90. On the subsequent two pages, click

Next

91. Select the checkbox Open task

details when creation is complete
and click Finish

92. Switch to the Application settings

tab

93. Click Add

94. In the Full file path field, paste the

copied path to droppedfile1 and
click OK

95. Save the settings

96. Run the Get file task

97. Wait for the task to complete

successfully

98. Go to Operations | Repositories | Quarantine

99. Select droppedfile1 and click Download

100. Open the folder with the file

101. Select the saved file and open it with

Notepad

102. Close the Notepad window

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 66/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task G: Create network isolation exclusions in the

policy
In this task, you will create network isolation exclusions for RDP connections in the Kaspersky Endpoint
Security for Windows policy to make it possible to connect to this computer while isolation is active.

Exclusions specified in policy properties are applied when Network isolation is turned
on automatically in response to a detected threat.

103. Return to the Kaspersky Next Expert Console

104. Go to Assets (Devices) | Policies & Profiles

105. Click the Kaspersky Endpoint Security for Windows policy

106. Switch to Application settings |

Detection and Response

107. Click Endpoint Detection and

Response

108. Switch to the Application settings

tab

109. In the Network isolation area, click

Exclusions

110. Click Add from profile

111. Select Remote Desktop Services,

click OK twice and save the policy
settings

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 67/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task H: Create an IoC scan task

In this task, you will use information from an alert card to create an indicator of compromise and a scan task
for this indicator.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 68/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The task is performed on Alex.

112. Log on to Alex as Administrator with

the password Ka5per$Ky

113. Start the Mozilla Firefox browser.

114. Download an archive with an executable

file that simulates malicious activity
from https://kas.pr/edro_sample

115. Open the folder with the file

116. Unpack the archive sw_test.zip (don’t

run the file, just unpack)

Password: infected

117. Return to the alert card that shows malicious activity on the Admin computer

118. Switch to the tab All alert events

119. Type sw_test in the search box

120. Select the checkboxes next to both events related to C:\Users\Public\Downloads\sw_test.exe process
start and \registry\user\s registry branch

121. Click Create IOC

122. Choose the OR condition

123. Click Export IOC collection and save

the zip archive on the Admin computer
into the Downloads folder

124. Close the IOC creation window

125. Close the incident card

126. Go to the Downloads folder and unzip

the archive with the exported IOC file

127. Return to Kaspersky Next Expert Console

128. On the side menu, select Assets (Devices) | Tasks

129. Click Add

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 69/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

130. In the task creation wizard, specify the

following:

Application: Kaspersky Endpoint

Security for Windows

Task type: IOC Scan

Task name: IOC Scan

131. Click Next

132. Select Managed devices

133. Click Next twice

134. Select the checkbox Open task

details when creation is complete
and click Finish

135. In Application settings | IOC scan

settings, click Redefine IOC files

136. Click Add IOC files

137. Go to the folder with the unpacked IOC

file and select it

138. Click OK

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 70/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

139. Select Take response after an IOC

is found, then select the following
options:

Isolate computer from the

network

Move copy to Quarantine,

delete object

140. Click Save

In practice, it makes
sense to isolate a
computer from the
network only if both
indicators of
compromise — the file
and the key — are
found on the computer
at the same time. In this
lab, we will block
computers that have at
least one indicator of
compromise.

141. Start the task and wait for it to complete

142. Open the task properties

143. On the Application settings tab,

switch to IOC Scan Results

144. In the row of the Alex computer, click

the IOC detected link

145. Click the link matched

146. Check the result of searching for the indicator of compromise on the Alex computer

147. Go to Operations | Repositories | Quarantine

148. Make sure the IOC scan task has quarantined the detected files

149. Go to Assets (Devices) | Tags | Device tags

150. Click View devices

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 71/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

151. Make sure the IOC scan task has isolated

Alex from the network and assigned the
respective tag to it

152. Return to the Alex computer

153. Open the command line interface

154. Check accessibility of the public DNS

server 8.8.8.8

Use the Ping

command.

155. Make sure network isolation works and

the public DNS server is inaccessible

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 72/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
This lab demonstrates how to respond to a detected security incident.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 73/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 4. Eradication
Scenario. You have completed the response to the detected threat by taking the necessary steps to isolate the
attacked computers on the network and by configuring automatic prevention of such threats. Now you need
to restore the computers and recover from the impact of the infection.

Contents. In this lab, we will:

1. Delete files used in the attack

2. Check system files

3. Stop isolating the computers from the network

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 74/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Delete files used in the attack

In this task, you will delete files that were created by malware on the Admin computer.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 75/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Alex and Admin machines must be powered on.

1. Return to the alert card that shows

malicious activity on the Admin
computer

2. Click File creation

3. Copy the full path to the

droppedfile1 file to the clipboard
(we will need it later)

4. Open Assets (Devices) | Tasks

5. Click Add

6. In the task creation wizard, specify the

following:

Application: Kaspersky Endpoint

Security for Windows

Task type: Delete file

Task name: Delete droppedfile

7. Select Specify device addresses

manually or import addresses
from a list and click Next

8. Click Add devices

9. On the drop-down list, choose Select

networked devices detected by
Administration Server

10. Expand the group Managed devices /

Group A

11. Select the Admin computer and click

Add

12. On the subsequent two pages, click

Next

13. Select the checkbox Open task

details when creation is complete
and click Finish

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 76/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

14. Switch to the Application settings

tab

15. In the Full file path field, paste the

copied path to droppedfile1 and
click Save

16. Run the Delete droppedfile task

17. Wait for the task to complete

successfully

18. Working on your own, delete the other

file (droppedfile2) and make sure both
files have been deleted from the
C:\Users\Administrator\AppData\Local\
Temp\2\ folder

Log on to the Admin

machine using RDP
connection (because
network isolation is still
active).

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 77/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Check system files

In this task, you will remotely run a special utility to check integrity of system files.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 78/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

19. Return to Kaspersky Next Expert Console

20. Open Assets (Devices) | Tasks

21. Click Add

22. In the task creation wizard, specify the

following:

Application: Kaspersky Endpoint

Security for Windows

Task type: Start process

Task name: Start process (SFC)

23. Select Assign task to an

administration group and click
Next

24. Select Managed devices and click

Next

25. On the next page, click Next

26. Select the checkbox Open task

details when creation is complete
and click Finish

27. Switch to the Application settings

tab

28. In the task settings, specify the

following:

Executable command: SFC

Command line arguments

(optional): /scannow

29. Click Save

System File Checker

(SFC) is a Microsoft
Windows utility that
lets you find and repair
corrupted Windows
system files.

30. Run the Start process (SFC) task

31. Wait for the task to complete successfully

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 79/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

32. Log on to the Admin machine as Administrator with the password Ka5per$Ky using RDP
connection

33. Open the log file created by SFC C:\Windows\Logs\CBS\CBS.log and check the results

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 80/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task C: Stop isolating computers from the network

In this task, you will remove network isolation from the Admin and Alex computers.

34. Go to Assets (Devices) | Managed Devices and click Admin

35. Switch to the Applications tab

36. Open the properties of Kaspersky

Endpoint Security for Windows

37. Switch to the Application settings

tab and open Detection and
Response

38. Click Endpoint Detection and

Response

39. To stop isolating the Admin computer

from the network, click Unblock
computer isolated from the
network

40. Stop isolating the Alex computer in a

similar manner

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 81/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
This lab demonstrates how to recover a system after an attack and eradicate the discovered infection.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 82/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 5. How to scan devices for vulnerabilities

and required updates
Scenario. Kaspersky Next Expert Console is used for managing client computers at ABC Inc. Kaspersky
Next Expert Console can scan managed computers for vulnerabilities, check for the latest Windows updates,
automatically fix the discovered vulnerabilities and install the necessary updates. You need to scan managed
computers for vulnerabilities and required updates and consult the results.

Contents. In this lab, we will:

1. Scan client computers for vulnerabilities and application updates

2. Study information about vulnerabilities and updates on the Administration Server

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 83/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Scan client computers for vulnerabilities and

application updates
In this task, you will run the ‘Find vulnerabilities and required updates’ task.

The Alex and Admin machines must be powered on.

1. Open Kaspersky Next Expert Console

2. Open Assets (Devices) | Tasks for the root Managed devices group

3. Start the task Find vulnerabilities and required updates

4. Open the task properties and switch to the Results tab

5. Wait for the task to complete on all devices

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 84/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Study information about vulnerabilities and

updates on the Administration Server
Information about vulnerabilities and updates is displayed in the Software vulnerabilities and Software
updates sections respectively. You can see the vulnerabilities detected on the network computers and
applicable updates and install them. You can also filter data if necessary.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 85/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

6. Open Kaspersky Next Expert Console

7. Open Operations | Patch Management | Software Updates

8. Click Filter

9. Leave the first filter

unchanged (Not installed
on devices)

10. Create another filter: You

must accept the terms
of the License
Agreement

11. Click Apply

12. Click the highlighted line to accept the license agreements

13. Select ALL license agreements

14. Click Accept selected

15. Select the check box ‘I confirm that I have fully read…’

16. Click Accept

17. Repeat steps 13-16 until the

list becomes empty

18. Click Filter again

19. Leave the first filter

unchanged (Not installed
on devices)

20. Change the second filter to

Source and select =
Windows Update
updates

21. Create a third filter:

Category and specify =
Critical Updates

22. Click Apply

23. Click the magnifying glass icon to open the search box

24. In the search box, type Windows Server 2016 and press Enter to check how many critical updates for
Windows Server 2016 are not installed throughout the network

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 86/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

25. Make sure only the applicable Windows Server 2016 Critical Updates that have not yet been installed
are displayed now

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 87/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
In this lab, we used Kaspersky Next Expert Console to scan the client computers for vulnerabilities and
application updates. You can analyze the results using the information available in the Software
vulnerabilities and Software updates sections, as well as reports.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 88/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 6. How to install critical Windows

updates on workstations
Scenario. Kaspersky Next Expert Console is used for managing client computers at ABC Inc. Kaspersky
Next Expert Console can scan managed computers for vulnerabilities, check for the latest Windows updates,
automatically fix the discovered vulnerabilities and install the necessary updates. You scanned managed
computers for vulnerabilities and required updates and consulted the results. Now, you need to install critical
Windows updates on workstations running Windows 2016.

Contents:

1. Create a task that will install critical Windows updates

2. Run the task and check the results

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 89/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Create a task that will install critical Windows

updates
Now, we will create a task Install required updates and fix vulnerabilities. This task is based on
rules; therefore, we will also need to add a rule for critical Windows Updates.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 90/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Alex machine must be powered on.

1. Open Kaspersky Next Expert Console

2. In the Managed devices | Group B group, open Assets (Devices) | Tasks

3. Click Add

4. Select the Install required

updates and fix
vulnerabilities task type

5. Rename the task Install

required updates and
fix vulnerabilities –
Group B

6. Click Next

7. Make sure Group B is

selected and click Next

8. Click Add

9. Select Rule for Windows

Update

10. Click Next

11. Leave the default options

unchanged and click Next

12. Clear the check boxes

corresponding to all
Microsoft products except
Windows Server 2016

13. Click Next

14. Clear all categories except

Critical Updates

15. Click Next

16. Type the rule name:

Windows Server 2016 –
Critical Updates

17. Click Finish

18. Click Next

19. Click Next

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 91/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

20. Select the checkbox Open

task details when
creation is complete

21. Click Finish

22. Switch to the Application

settings tab and open the
Updates to install section

23. Consult the list of updates

that the task will install

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 92/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Run the task and check the results

Run the Install required updates and fix vulnerabilities task and make sure Kaspersky Next Expert
Console does not show any Windows Server 2016 critical updates ready for installation afterwards.

24. Open Kaspersky Next Expert Console

25. Start the task Install required updates and fix vulnerabilities

26. Open the task properties

27. Switch to the Results tab

28. Select ALEX and click Device history

29. To observe the task progress, click the Refresh button periodically

30. Wait for the task status to change to Completed successfully

31. Open Operations | Patch Management | Software Updates

32. Click Filter (the filter is always reset to the default value automatically)

33. Leave the first filter unchanged (Not installed on devices)

34. Change the second filter to Source and select = Windows Update updates

35. Create a third filter: Category and specify = Critical Updates

36. Click Apply

37. Make sure Kaspersky Next Expert Console does not show any uninstalled critical updates for
Windows Server 2016

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 93/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 7. How to fix vulnerabilities on multiple

operating systems
Scenario. Kaspersky Next Expert Console is used for managing client computers at ABC Inc. Kaspersky
Next Expert Console can scan managed computers for vulnerabilities, check for the latest Windows updates,
automatically fix the discovered vulnerabilities and install the necessary updates. You decided to check
whether the last updates are installed, and install them if not. Let us install the last Windows updates on
multiple operating systems.

Contents:

1. Check whether specific updates are installed

2. Create a task that will install updates on multiple Windows operating systems

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 94/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Check whether specific updates are installed

You want to install specific updates that fix vulnerabilities on several operating systems. You know that
Windows Server 2016 and Windows Server 2022 are used in the network. In this task, you will check for the
following updates:

(5041576) Servicing Stack Update for Windows Server 2016 for x64-based Systems

(5030186) Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating
system version 21H2 for x64

The Alex and Admin machines must be powered on.

1. Open Kaspersky Next Expert Console

2. Open Operations | Patch Management | Software Updates

3. Disable all filters

4. Click the magnifying glass icon to open the search box

5. In the search box, type 5041576 and press Enter to make sure the update has not been installed

6. Open the properties of the update

7. Switch to the Devices section

8. Make sure the update is applicable to the ALEX computer

9. Close the update properties

10. Click the magnifying glass icon to open the search box

11. In the search box, type 5030186 and press Enter to make sure the update has not been installed

12. Open the properties of the update

13. Switch to the Devices section

14. Make sure the update is applicable to the ADMIN computer

15. Close the update properties

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 95/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Create a task that will install updates on

several Windows operating systems
You’ve found out that the necessary updates have not been installed yet. Create a task that will install the two
necessary updates on the appropriate computers.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 96/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

16. Open Kaspersky Next Expert Console

17. Open Operations | Patch Management | Software Updates

18. Disable all filters

19. Click the magnifying glass icon to open the search box

20. In the search box, type 5041576 and press Enter

21. Select update 5041576

22. Click Install updates

23. Select New task

24. Click Next

25. Name the task Install

required updates and
fix vulnerabilities –
Managed Devices

26. Click Next

27. Select the Managed

devices group

28. Click Next

29. Make sure a new rule has

appeared in the task

30. Click Next

31. Click Next

32. Clear the checkbox Open

task details when
creation is complete

33. Click Finish

34. In the search box, type 5027544 and press Enter

35. Select update KB5027544

36. Click Install updates

37. Select Install update

(add rule to specified
task)

38. Click Next

39. Expand the Managed

devices group

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 97/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

40. Select the task Install

required updates and
fix vulnerabilities –
Managed Devices

41. Click Next

42. Click Save

43. Switch to the root Managed devices group and open Devices | Tasks

44. Start the task Install required updates and fix vulnerabilities – Managed Devices

45. Open the properties of the Install required updates and fix vulnerabilities – Managed
Devices task

46. Switch to the Results tab

47. To observe the task progress, click the Refresh button periodically

48. Wait for the task status to change to Completed successfully

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 98/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
In this lab, you decided to check whether necessary updates are installed on the managed computers. When it
turned out that some computers lack vital updates, you immediately created and run the Install required
updates and fix vulnerabilities task with the respective rules.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 99/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 8. How to install only approved updates

for third-party software in a group of
computers
Scenario. ABC Inc. uses Kaspersky Next Expert Console to manage network computers. Kaspersky Next
Expert Console can regularly scan client computers for vulnerabilities and required updates. With a special
license, Kaspersky Next Expert Console can also automatically fix found vulnerabilities and install required
updates.

Even within a single company, different requirements may exist for software updates on different computers.
For example, there is a group of critical servers where all updates must be approved before being installed.
You need to configure Kaspersky Next Expert Console to install only confirmed updates in Group B.

Contents:

1. Install only approved updates in Group B

2. Uninstall a third-party application using Kaspersky Next Expert Console

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 100/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Install only approved updates in Group B

We have already configured and run a special task that finds vulnerabilities and available software updates.
Now, Kaspersky Next Expert Console knows about all unfixed vulnerabilities and available updates. Let us
use this information.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 101/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Alex and Admin machines must be powered on.

1. Open Kaspersky Next Expert Console

2. In the Managed devices | Group B group, go to Assets (Devices) | Managed devices

3. Open the properties of the ALEX

4. Switch to the Advanced tab and select Software vulnerabilities

5. Click Filter

6. Create a Source filter and

specify = Third-party
developer

7. Click Apply

8. Make sure the list includes vulnerabilities of third-party applications:

KLA10492

9. Switch to the Available updates section

10. Click Filter

11. Create a Source filter and specify = Third-party updates

12. Click Apply

13. Open the properties of update 7-Zip (MSI installer) 24.08

14. Change the Update approval status to Approved

15. Click Save

16. Open the properties of update Oracle Java JRE 1.7.x

17. Change the Update approval status to Approved

18. Click Save

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 102/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

19. Go to Assets (Devices) | Managed devices

20. Open the properties of the ALEX device

21. Switch to the Tags tab

22. Click Add

23. Type Approved Only

24. Click Ok and then click

Save

25. Go to Assets (Devices) | Device selections

26. Click Add

27. Type the name: Approved

Only

28. Select Find managed

devices

29. Select New condition and

click Delete

30. Click Add

31. Type the Condition

name: Approved Only

32. Switch to the Tags section

33. Click Add

34. Type Approved Only

35. Select Must be included

36. Click Ok

37. Click Ok, then Save

38. When prompted "Do you

want to open the device
selection?", click Ok

39. Make sure the selection

contains the ALEX device
and close the selection

40. In the Managed devices | Group B group, open Assets (Devices) | Tasks

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 103/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

41. Select the task Install required updates and fix vulnerabilities – Group B and click Copy

42. Rename the task Install

required updates and
fix vulnerabilities –
Approved Only

43. Select Assign task to a

device selection

44. Click Next

45. Select the selection

Approved Only

46. Click Copy

47. Switch to the Application

settings tab

48. Clean out the list of rules

49. Click Add

50. Select Rule for third-

party updates

51. Click Next

52. Select Install approved

updates only

53. Click Next

54. Leave the default list of

products unchanged and
click Next

55. Type the rule name:

Approved Only

56. Click Finish

57. Click Save

58. Open Assets (Devices) | Tasks for the root Managed devices group

59. Select the task Install required updates and fix vulnerabilities – Approved Only and click
Move

60. Expand the Managed

devices group

61. Select Group B and click

Ok

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 104/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

62. Open the properties of the

created task

63. Switch to the Application

settings tab and open the
Updates to install section

64. Make sure there are two

approved updates on the list

65. Start the created task Install required updates and fix vulnerabilities – Approved Only (the
one without the Inheritance icon)

66. Open the properties of the created task

67. Switch to the Results tab

68. Select the ALEX device and click Device history

69. To observe the task progress, click the Refresh button periodically

70. Wait for the task to complete successfully

71. Make sure the updates have been installed successfully

72. Select the root Managed devices group and go to Assets (Devices) | Device selections

73. Open the Approved only selection

74. Open the properties of the ALEX computer

75. Switch to the Advanced tab and select Applications registry

76. Make sure new programs have been installed

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 105/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Uninstall a third-party application using

Kaspersky Next Expert Console
Now, we’ll run the task Uninstall application remotely to remove an unwanted program.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 106/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

77. Open Kaspersky Next Expert Console

78. Go to Operations | Third-party applications | Applications registry

79. Open the properties of Java™ 6 Update 11

80. Switch to the Devices section

81. Copy the silent uninstallation command

82. Open Assets (Devices) | Tasks for the root Managed devices group

When the Administration Server path is selected, ALL Kaspersky Next Expert
Console tasks are displayed.

1. Click Add

83. Select the task type

Uninstall application
remotely

84. Select Assign task to a

device selection

85. Click Next

86. Select the selection

Approved Only

87. Click Next

88. Select Uninstall

application from
applications registry

89. Start typing Java in the

Application to uninstall
field; a list of possible
matches will appear

90. Select Java™ 6 Update

11

91. Change the Uninstallation

mode to Specify
uninstallation command

92. Paste the copied

uninstallation command

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 107/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

93. Click Next

94. Click Next

95. Click Next

96. Click Finish

97. Start the task Uninstall application remotely

98. Open the properties of the task Uninstall application remotely

99. Switch to the Results tab

100. Select the ALEX device and click Device history

101. To observe the task progress, click the Refresh button periodically

102. Wait for the task to complete successfully

103. Open Assets (Devices) | Managed devices for the root Managed devices group

104. Open the properties of the ALEX device

105. Switch to the Advanced tab and select Applications registry

106. Make sure Java™ 6 Update 11 has disappeared from the list

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 108/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
This lab demonstrates another useful example of how Kaspersky Next Expert Console can fix discovered
vulnerabilities in third-party applications and install required updates. Kaspersky Next Expert Console can
also automatically uninstall applications installed on the network computers.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 109/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 9. How to automatically update all

browsers on client computers
Scenario. ABC Inc. uses Kaspersky Next Expert Console to manage network computers. Kaspersky Next
Expert Console can regularly scan client computers for vulnerabilities and required updates. With a special
license, Kaspersky Next Expert Console can also automatically fix found vulnerabilities and install required
updates.

Even within a single company, different requirements may exist for software updates on different computers.
For example, the company has a rule that browsers must always be updated on the client computers as soon
as a new version is released. You need to configure Kaspersky Next Expert Console to update all browsers
automatically on all client computers.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 110/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Update all browsers on all client computers

In this task, we will create a rule that will automatically update browsers on all network computers. When a
manufacturer releases a new version of a browser, Kaspersky experts add this information to the databases.
After Kaspersky Next Expert Console downloads this data during an update, it will be able to automatically
download the new version of the browser from the manufacturer’s website and deploy it to the client
computers.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 111/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Alex machine must be powered on.

1. Open Kaspersky Next Expert Console

2. Go to Operations | Third-party applications | Applications registry

3. Click the magnifying glass icon to open the search box

4. In the search box, type firefox and press Enter

5. Make sure various versions of the application are installed on the client computers

6. Open Assets (Devices) | Tasks

7. Click Add

8. Select the Install required

updates and fix
vulnerabilities task type

9. Rename the task Install

required updates and
fix vulnerabilities –
Browsers

10. Click Next

11. Select the Managed

Devices group and click
Next

12. Click Add

13. Select Rule for third-

party updates

14. Click Next

15. Leave the default options

unchanged and click Next

16. Clear all check boxes except

for the following:

Google Chrome

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 112/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Mozilla Firefox
17. Click Next

18. Type the rule name: All

Browsers

19. Click Finish

20. Click Next

21. Click Next

22. Clear the checkbox Open

task details when
creation is complete

23. Click Finish

24. Start the task Install required updates and fix vulnerabilities – Browsers

25. Open the properties of the task Install required updates and fix vulnerabilities – Browsers

26. Switch to the Results tab

27. To observe the task progress, click the Refresh button periodically

28. Wait for the task to complete and make sure updates have been installed successfully on all computers

29. Go to Operations | Third-party applications | Applications registry

30. Click the magnifying glass icon to open the search box

31. In the search box, type firefox and press Enter

32. Make sure the latest version of the application is installed on all client computers now

Pay attention to the Number of devices column: old versions of Mozilla Firefox
are no longer installed on any device.

33. Click Remove applications that are not installed

34. Make sure only the applications that are installed on the network computers are displayed now

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 113/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
This lab demonstrates another useful example of how Kaspersky Next Expert Console can fix discovered
vulnerabilities in third-party applications and install required updates.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 114/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 10. How to fix vulnerabilities in all

programs except, for example, Java
Scenario. ABC Inc. uses Kaspersky Next Expert Console to manage network computers. Kaspersky Next
Expert Console can regularly scan client computers for vulnerabilities and required updates. With a special
license, Kaspersky Next Expert Console can also automatically fix found vulnerabilities and install required
updates.

Even within a single company, different requirements may exist for software updates on different computers.
For example, a specific Java application is installed on some servers that requires a particular version of Java,
which must not be updated. You need to configure Kaspersky Next Expert Console not to update a particular
application automatically.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 115/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Fix vulnerabilities in all programs except Java

In our scenario, we are mostly concerned about fixing vulnerabilities rather than installing the latest versions
of applications: if a program has no vulnerabilities, it does not need to be updated. We will create a device
selection named ‘Except Java’ and move there computers running an application that works only with a
specific version of Java (and it is extremely important that Java must not be updated on these computers even
if it has vulnerabilities).

In this task, we will create a rule that will automatically fix vulnerabilities in all programs except Java.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 116/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Admin machine must be powered on.

1. Open Kaspersky Next Expert Console

2. Go to Assets (Devices) | Managed devices

3. Open the properties of the ADMIN device

4. Switch to the Tags tab

5. Click Add

6. Type Except Java

7. Click Ok and then click

Save

8. Go to Assets (Devices) | Device selections

9. Click Add

10. Type the name: Except Java

11. Select Find managed

devices

12. Select New condition and

click Delete

13. Click Add

14. Type the Condition

name: Except Java

15. Switch to the Tags section

16. Click Add

17. Type Except Java

18. Select Must be included

19. Click Ok

20. Click Ok, then Save

21. When prompted "Do you

want to open the device
selection?", click Ok

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 117/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

22. Make sure the selection

contains ADMIN

23. Open the properties of the

ADMIN computer

24. Switch to the Advanced tab and select Software vulnerabilities

25. Click Filter

26. Create a Source filter and specify = Third-party developer

27. Click Apply

28. Make sure the following vulnerabilities are displayed on the list:

KLA11411 — Mozilla Thunderbird

KLA10492 — Java

29. Switch to the Available updates section

30. Click Filter

31. Create a Source filter and specify = Third-party updates

32. Click Apply

33. Make sure the list contains 7-Zip

34. Open Assets (Devices) | Tasks for Group A

You can see that the task Install required updates and fix vulnerabilities –
Managed Devices has the Inheritance icon, which means that the task was created
in a parent group and you cannot change its settings here. Therefore, you need to
create a similar task in this group and configure it as necessary.

35. Select the task Install required updates and fix vulnerabilities – Managed Devices and
click Copy

36. Rename the task Install

required updates and
fix vulnerabilities –
Except Java

37. Select Assign task to a

device selection

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 118/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

38. Click Next

39. Select the Except Java

selection

40. Click Copy

41. Make sure the properties of the new task open

42. Switch to the Application

settings tab

43. Clean out the list of rules

44. Click Add

45. Select Rule for third-

party updates

46. Click Next

Each vulnerability is fixed by an update, but not every update fixes vulnerabilities. In
our scenario, there are vulnerabilities in Thunderbird and Java applications and there
are updates that fix them. At the same time, the currently installed version of 7-zip
has no vulnerabilities, but an update is available for it that simply installs a later
version.
By default, all available updates are installed; but if you want to update only those
programs that have at least one vulnerability, use the option Fix vulnerabilities
with a severity level equal to or higher than. This option potentially reduces
the number of applicable updates and installs only those of them that fix
vulnerabilities.

47. Select the check box Fix

vulnerabilities with a
severity level equal to
or higher than

48. Click Next

49. Clear the check box for

Oracle Corporation

50. Click Next

51. Type the rule name: Except

Java

52. Click Finish

53. Click Save

54. Start the created task Install required updates and fix vulnerabilities – Except Java (the
one without the Inheritance icon)

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 119/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

55. Open the properties of the task Install required updates and fix vulnerabilities – Except
Java

56. Switch to the Results tab

57. Select the ADMIN device and click Device history

58. To observe the task progress, click the Refresh button periodically

59. Wait for the task to complete successfully

60. Make sure the updates have been installed successfully

Note that only the update for Mozilla Thunderbird that fixes vulnerability
KLA11411 has been installed. Meanwhile, update 7-Zip has not been installed,
because it does not match the rule.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 120/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
This lab demonstrates another useful example of how Kaspersky Next Expert Console can fix discovered
vulnerabilities in third-party applications and install required updates.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 121/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 11. How to install all available third-party

updates in a group of computers
Scenario. ABC Inc. uses Kaspersky Next Expert Console to manage network computers. Kaspersky Next
Expert Console can regularly scan client computers for vulnerabilities and required updates. With a special
license, Kaspersky Next Expert Console can also automatically fix found vulnerabilities and install required
updates.

Even within a single company, different requirements may exist for software updates on different computers.
For example, there is a group of computers where the latest versions of third-party software must always be
installed. You need to configure Kaspersky Next Expert Console to update all third-party applications
automatically in this group.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 122/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Install all available updates on the client

computers in Group B
In this task, we will create a rule that will automatically install all available updates.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 123/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Alex machine must be powered on.

1. Open Kaspersky Next Expert Console

2. In the Managed Devices | Group B group, go to Assets (Devices) | Managed devices

3. Open the properties of the ALEX computer

4. Switch to the Advanced tab and select Available updates

5. Click Filter

6. Create a Source filter and specify = Third-party updates

7. Click Apply

8. Make sure the list contains updates for various third-party programs

9. In the Managed devices |

Group B group, open
Assets (Devices) |
Tasks

10. Open the task Install

required updates and
fix vulnerabilities –
Group B

11. Switch to the Application

settings tab

12. Open the properties of the

Windows Server 2016 -
Critical Updates rule

13. Clean out the list of rules

14. Click Add

15. Select Rule for third-

party updates

16. Click Next

17. Click Next

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 124/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

18. Click Next

19. Type the name: Everything

20. Click Finish

21. Click Save

22. Start the created task Install required updates and fix vulnerabilities – Group B (the one
without the Inheritance icon)

23. Open the properties of the task Install required updates and fix vulnerabilities – Group B

24. Switch to the Results tab

25. Select the ALEX device and click Device history

26. To observe the task progress, click the Refresh button periodically

27. Wait for the task to complete successfully

28. Note that updates have been installed

29. In the Managed Devices | Group B group, go to Assets (Devices) | Managed devices

30. Open the properties of the ALEX computer

31. Switch to the Advanced tab and select Available updates

32. Click Filter

33. Create a Source filter and specify = Third-party updates

34. Click Apply

35. Make sure the list does not contain any available updates for third-party software anymore

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 125/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
This lab demonstrates another useful example of how Kaspersky Next Expert Console can fix discovered
vulnerabilities in third-party applications and install required updates.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 126/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Lab 12. How to install a third-party

application using the Kaspersky database
Scenario. Kaspersky NEXT Expert Console is used for managing client computers at ABC Inc. It is
necessary to quickly install the Skype application on the client computers. Let us create an installation
package for Skype using the Kaspersky database of third-party applications and install it on the client
computers.

Contents:

1. Create an installation package for Skype

2. Run a remote installation task and check the results

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 127/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task A: Create an installation package for Skype

You can create an installation package in a few ways in Kaspersky Next Expert Console. For example, using
the Kaspersky application database. You do not need to go to the manufacturer’s site to download an
application or look for the command-line options to silently install it; everything is done automatically based
on the information available in the database.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 128/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

The Alex machine must be powered on.

1. Open Kaspersky Next Expert Console

2. Open Operations | Repositories | Installation packages

3. Click Add

4. Choose Select an
application from the
Kaspersky database to
create an installation
package

5. Click Next

6. Switch to the Search tab

7. In the search box, type skype

8. Click Apply

9. Select Skype for

Windows 8.x version
8.65

10. Click Next

11. Select the checkbox I

confirm that I have fully
read, understand, and
accept the terms and
conditions of this End
User License
Agreement

12. Click Accept all

13. Select the checkbox I

confirm that I have fully
read, understand, and
accept the terms and
conditions of this End
User License
Agreement

14. Click Accept all

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 129/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

15. Type Skype 8.65 for the

package name

16. Click Next

17. Wait for the package to be

created

18. Click Finish

19. Make sure the new package Skype 8.65 has appeared in the list of installation packages

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 130/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Task B: Run a remote installation task and check the

results
In this task, you will install the created installation package, wait for the task to complete and consult its
results.

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 131/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

20. Open Kaspersky Next Expert Console

21. Open Operations | Repositories | Installation packages

22. Select the installation package Skype 8.65

23. Click Deploy

24. Click Next

25. Click Select devices for

installation

26. Select the ALEX device in

Group B

27. Click Next

28. Type Deploy Skype 8.65 for

the task name

29. Click Next

30. Click Next

31. Click Next

32. Click Next

33. Select the check box Run

the task after the
Wizard finishes

34. Click Next

35. Open Assets (Devices) | Tasks for the root Managed devices group

When the root path is selected, ALL Kaspersky Next Expert Console tasks are
displayed.

36. Wait for the Deploy Skype 8.65 task to complete

37. In the Managed Devices | Group B group, go to Assets (Devices) | Managed devices

38. Open the properties of the ALEX computer

39. Switch to the Advanced tab and select Applications registry

40. Make sure Skype 8.65 has appeared among the installed programs

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 132/133
23/07/2025, 13:05 KL 047.12.6. Kaspersky Next EDR Optimum

Conclusion
In this lab, we learned how to create an installation package for third-party software based on the information
available in the Kaspersky database of applications. Then we installed a third-party program using standard
tools of Kaspersky Next Expert Console.
Last updated 2024-11-12 19:34:06 UTC

https://partners.kaspersky.com/upload/courses-materials/047.12.6/en/lab_guide/index.html 133/133