Updating the application from a previous version

You can update Kaspersky Embedded Systems Security 3.3 for Linux to Kaspersky Embedded Systems Security 3.4 for Linux.

You need to prepare for installation before updating Kaspersky Embedded Systems Security.

The application update procedure involves the following steps:

1. Updating the Kaspersky Security Center Network Agent

   If you are managing Kaspersky Embedded Systems Security using Kaspersky Security Center, you must update the Network Agent on the protected devices. The update is performed by installing a new version of Network Agent.

   If the Network Agent is not updated, the application cannot be managed using Kaspersky Security Center.

   On a device running the Astra Linux Special Edition operating system, we recommend to update Network Agent remotely using Kaspersky Security Center, since updating using the command line in the Kaspersky Security Center administration console creates a new copy of the same managed device, and the old one becomes inaccessible.

   The application continues working correctly during the Network Agent update.

2. Updating the Kaspersky Embedded Systems Security management plug-in

   If you are managing Kaspersky Embedded Systems Security using Kaspersky Security Center, you must update the Kaspersky Embedded Systems Security administration web plug-in or MMC plug-in, depending on the console that you are using to manage Kaspersky Security Center.

3. Updating the application and graphical user interface on protected devices

   You must update the application installed on protected devices. If you are using the application GUI, you also need to update the GUI.

   You can update the application and the application's graphical user interface in the following ways:

   • Remotely using Kaspersky Security Center.
   • Locally from the command line.

If an error occurs while updating the application, the update is rolled back and the previous version of the application is started. In this case, an error message will be displayed, but the package manager (rpm/dpkg) will indicate the new version.

Even if Kaspersky Embedded Systems Security is launched before the update process start, if the update is completed successfully, a new application version is launched.

When you update the application to a newer version, the dump files of the previous version are deleted.

After updating the application, it is recommended to run the database update task.

About updating Kaspersky Embedded Systems Security management plug-ins

The management plug-in for Kaspersky Embedded Systems Security is updated by installing the new version of the management plug-in. Depending on the Kaspersky Security Center administration console that you use, you have to install:

• Kaspersky Embedded Systems Security administration web plug-in
• Kaspersky Embedded Systems Security administration MMC plug-in

Policies and tasks configured for Kaspersky Embedded Systems Security 3.3 for Linux are not compatible with the updated version of the application. If you use the Kaspersky Security Center Administration Console to manage the application, then after updating the administration MMC plug-in, you can convert policies and tasks using the Kaspersky Security Center Policies and Tasks Batch Conversion Wizard (see more details in the Kaspersky Security Center Help).

The converted policies and tasks have names "<Original policy/task name> (converted)".

For most settings, converted policies and tasks use the values configured for the previous version of the application. Some settings are assigned special values. The settings that were not configured in the policies and tasks of the previous version take default values in the converted policies and tasks.

The procedure for converting policies and tasks is not available in Kaspersky Security Center Web Console. If you use the Web Console to manage the application, you must create new policies and tasks for the application in Kaspersky Security Center. You can migrate some values of settings of policies and tasks from a previous version of a policy or task to a new one by exporting and importing settings.

Management plug-ins of the previous version continue to work after installing the new version of Kaspersky Embedded Systems Security management plug-ins. You can use them to manage the previous version of Kaspersky Embedded Systems Security.

If you have updated the application on all client devices, you can uninstall the Kaspersky Embedded Systems Security management plug-ins of the previous version.

Updating the application using Kaspersky Security Center

The application and graphical user interface are updated by remotely installing the new version of the application packages and graphical user interface on the protected device.

Updating using Kaspersky Security Center involves the following steps:

1. Creating an installation package.

   For the remote installation, Kaspersky Embedded Systems Security

   installation package

   A set of files created for remote installation of Kaspersky applications using Kaspersky Security Center. The installation package contains the settings required to install the application and ensure its operation immediately after the installation. The values of the settings correspond to the default values of the application settings. The installation package is created using the .kud file included in the application distribution kit.

   is used. You can create the installation package using the Kaspersky Security Center Web Console or the Administration Console.

2. Deploying the Kaspersky Embedded Systems Security application on devices in the corporate network.

   Kaspersky Security Center Web Console supports the following main deployment methods:

   • Installing the application using the Protection Deployment Wizard.
   • Installing the application using the remote installation task.

   The Kaspersky Security Center Administration Console supports the following main deployment methods:

   • Installing the application using the Remote Installation Wizard.
   • Installing the application using the remote installation task.

   For a description of the deployment procedures, see the Kaspersky Security Center Help.

Updating the application using the command line

Updating the application using the command line is performed by installing a new version of the application on the device from an RPM or DEB format package depending on the type of package manager.

If the conditions of the End User License Agreement and/or the Privacy Policy have changed in the new version of the application, you must accept the new conditions during the update. Read the new version of the End User License Agreement and/or the Privacy Policy:

• The new version of the End User License Agreement is located in the (~/.kess/<application version>/license.<language ID>) directory.
• The new version of the Privacy Policy is located in the (~/.kess/<application version>/license.<language ID>) directory.

If you do not accept the conditions of the End User License Agreement and/or the Privacy Policy, the application will not be updated.

If the terms of the Kaspersky Security Network Statement changed in the new version of the application, you need to accept or decline the new terms of use for participating in Kaspersky Security Network. Read the new version of the document located in the (~/.kess/<application version>/ksn_license.<language ID>) directory. Refusing to use Kaspersky Security Network will not halt the Kaspersky Embedded Systems Security update process. You can enable, disable, or change Kaspersky Security Network mode later.

If you used KSN and accepted the conditions of the Kaspersky Security Network Statement in a previous version of the application, you need to accept the conditions of the Kaspersky Security Network Statement when updating the application. Otherwise, use of KSN will be disabled.

To accept the terms of the new agreements during the upgrade, use the variables KESS_EULA_AGREED=yes, KESS_PRIVACY_POLICY_AGREED=yes, and KESS_USE_KSN=yes/no.

To update the application:

1. Install the application package using the following command, depending on the package manager. If you have the graphical user interface of the previous version of the application installed, then you also need to start the package containing the files of the graphical user interface.
   • for an RPM package.

     # [KESS_EULA_AGREED=yes] [KESS_PRIVACY_POLICY_AGREED=yes] [KESS_USE_KSN=yes/no] rpm -U --replacefiles --replacepkgs kess-3.4.0-<build number>.<arch>.rpm [kess-gui-3.4.0-<build number>.<arch>.rpm]

     where <arch> is the architecture type:

     • i386 – for 32-bit operating systems
     • x86_64 – for 64-bit operating systems

     On an operating system with a package manager of the RPM type, if the application package and the GUI package are both installed, we do not recommend updating only one of the packages without the other.

   • for a DEB package:

     # [KESS_EULA_AGREED=yes] [KESS_PRIVACY_POLICY_AGREED=yes] [KESS_USE_KSN=yes/no] apt-get install ./kess_3.4.0-<build number>_<arch>.deb [./kess-gui_3.4.0-<build number>_<arch>.deb]

     where <arch> is the architecture type:

     • i386 – for 32-bit operating systems
     • amd64 – for 64-bit operating systems

     On an operating system with a package manager of the dpkg type, if the application package and the GUI package are both installed, either of the packages cannot be updated without the other.

2. Kaspersky Embedded Systems Security restarts automatically.

If you use the command line to manage the application, then after upgrading, most application settings use the values configured for the previous version of the application. Some settings are assigned special values. Settings that were missing in the previous version of the application take on default values in the new version of the application.

Changes to the application settings made after the update is complete and before the application restarts are not saved.

Special considerations when setting parameter values when updating the application

If you use Kaspersky Security Center Administration Console to manage the application, you can convert policies and tasks to use the values of policy and task settings configured for the previous version of the application (for more information, see the Kaspersky Security Center Help). The procedure for converting policies and tasks is not available in Kaspersky Security Center Web Console.

After updating the application using the command line, most settings carry over from the previous version of the application. You can also migrate application settings by exporting settings to a file and then importing them from that file.

Default values are assigned to settings that did not exist in the previous version of the application. Some settings are assigned special values.

Kaspersky Security Network settings

After converting a policy in the MMC plug-in, the Kaspersky Security Network settings in the policy properties depend on whether you accepted or rejected the terms of the Kaspersky Security Network Statement in the Policies and Tasks Batch Conversion Wizard:

• If you accepted the terms of the Statement, the Extended KSN mode option is selected.
• If you rejected the terms of the Statement, the Do not use KSN option is selected.

The conversion of policies is not supported by the web plug-in.

After upgrading the application on the command line, the UseKSN setting is set to No if when updating you set KESS_USE_KSN=No, and UseKSN=Extended is applied if you set KESS_USE_KSN=Yes. In other cases, the value of the UseKSN setting does not change after the update.

Cloud mode settings

After converting a policy in the MMC plug-in, the Enable cloud mode check box is cleared.

The conversion of policies is not supported by the web plug-in.

After updating the application on the command line, the CloudMode setting is set to No.

Container scan settings

If you had Container Scan tasks created and configured in the previous version of the application, after updating the application, these tasks are unavailable and are not displayed.

Page top