Contents
Installing Kaspersky Endpoint Security for Android
There are several methods to deploy the Kaspersky Endpoint Security for Android app. You can use the most suitable installation scenario for your company or combine several installation scenarios.
The installation methods include the following:
- Installation via Kaspersky Security Center using one of the installation sources:
- Kaspersky website (for corporate device operating mode only)
- Installation package (for all operating modes)
- Manual installation
Creating the Kaspersky Endpoint Security for Android installation package
The Kaspersky Endpoint Security for Android app can be deployed using the installation package.
You can use this installation method if mobile devices in your company have no access to the internet.
For this installation method, you need to create a Kaspersky Endpoint Security for Android installation package before connecting Android devices to Kaspersky Security Center. The installation package will be downloaded from Kaspersky Security Center and updated via Kaspersky Security Center using policy settings.
The Kaspersky Endpoint Security for Android installation package is an archive that contains the files required for installing the Kaspersky Endpoint Security for Android app:
installer.iniConfiguration file that contains Administration Server connection settings.
KES10_<version>.apkAndroid package file of the Kaspersky Endpoint Security for Android app.
kesa.kpdApplication description file.
eula/Folder with End User License Agreements in different languages in TXT format.
kpd.loc/INI files specifying paths to End User License Agreements.
To create the Kaspersky Endpoint Security for Android installation package:
- In the main window of Kaspersky Security Center Web Console, select Operations > Repositories > Installation packages.
- In the list of installation packages that opens, click Add. The New package wizard starts. Follow the instructions of the wizard as described in the Kaspersky Security Center Help to create an installation package from a file or create a stand-alone installation package.
To configure the Kaspersky Endpoint Security for Android installation package:
- In the main window of Kaspersky Security Center Web Console, select Operations > Repositories > Installation packages.
- In the list of installation packages that opens, click the Kaspersky Endpoint Security for Android installation package you want to configure.
- In the installation package properties window, select the Settings tab.
- In the Connection to the Administration Server group of settings, configure the following values:
- Server address. Specify the address of the server to which the Android devices will connect.
- SSL port for devices synchronization. Specify the number of the port opened on the Administration Server for connecting mobile devices. Port 13292 is used by default.
- For stand-alone installation packages, in the Subgroup name field of the Subgroup in Unassigned devices group of settings, specify the name of the group to which Android devices will be added after the first synchronization with the Administration Server. KES10 is used by default.
- In the Actions during installation on device group of settings, click the Prompt user for email address check box if you want Kaspersky Endpoint Security for Android to ask users to provide their corporate email address when the app is started for the first time.
User email address is used to form the name of the mobile device when it is added to the administration group.
- In the Connection to the Administration Server group of settings, configure the following values:
- Click Save.
The Kaspersky Endpoint Security for Android installation package is configured.
Page topManual installation of Kaspersky Endpoint Security for Android
You can manually install Kaspersky Endpoint Security for Android from the Kaspersky website, HUAWEI AppGallery, Samsung Galaxy Store, RuStore, or Xiaomi GetApps.
Installing the app
To install the app from an app store, follow the standard installation procedure for the Android platform.
To install Kaspersky Endpoint Security for Android from the Kaspersky website:
- Go to the Kaspersky website.
- Find Kaspersky Security for Mobile on the website.
- Tap Show Downloads.
- Select a version of the app and tap Download.
- Open the downloaded APK file and follow the instructions on the screen.
You may need to allow your browser to install apps from sources other than Google Play in the Apps → Special app access → Install unknown apps section in device settings. The location of these settings may differ on devices from different vendors.
The app will be installed on the device.
Configuring the app
After installing Kaspersky Endpoint Security for Android, you must manually configure the app. The configuration procedure depends on whether the administrator sent you a server address or a link for downloading the app.
To configure Kaspersky Endpoint Security for Android using a link for downloading the app:
- Open Kaspersky Endpoint Security for Android.
- Read the End User License Agreement. If you accept the End User License agreement, select the corresponding check box and tap Continue.
- Tap Continue and grant the app the required permissions.
- In the Server field, specify the link that you received from the administrator.
- Tap Continue.
Kaspersky Endpoint Security for Android is configured.
To configure Kaspersky Endpoint Security for Android using a server address:
- Open Kaspersky Endpoint Security for Android.
- Read the End User License Agreement. If you accept the End User License agreement, select the corresponding check box and tap Continue.
- Tap Continue and grant the app the required permissions.
- In the Server field, specify the Administration Server address provided by the administrator.
- Tap Continue.
- Tap Enable to enable the app as the device administrator.
- Tap Allow and grant the app the required permissions.
Kaspersky Endpoint Security for Android is configured.
Internet access must be enabled on the mobile device for synchronization with the Administration Server.
Page topInstalling Kaspersky Endpoint Security for Android on corporate devices in a closed network
When deploying Kaspersky Endpoint Security for Android in corporate device operating mode via QR code on devices with pre-installed Google Mobile Services (GMS), their Wi-Fi connectivity to certain Google endpoints is checked. If a Wi-Fi network has no access to the internet, the connectivity check fails and the deployment finishes with an error.
To avoid the connectivity check, you can deploy the Kaspersky Endpoint Security for Android app on corporate devices in a closed network by using a Proxy Auto-Configuration (PAC) file.
To use a PAC file to deploy the Kaspersky Endpoint Security for Android app:
- Create a PAC file (for example, proxy.pac) with the following contents:
function FindProxyForURL(url, host) {
return "DIRECT";
} - Publish the created PAC file on a resource that will be available in the closed network (for example, on an IIS Web server).
Save a link to the PAC file (for example, https://intranet.mycompany.com/files/proxy.pac).
- Make sure the APK file of the Kaspersky Endpoint Security for Android app being deployed is available within the closed network. To do this, use one of the methods below:
- Download the app installation package from the Kaspersky Security Center server. If the server is accessible, the installation packages will be available there.
- Download the APK installation file from the Kaspersky website and upload it to the closed network.
Choose the general version of the app as the source.
- Send the app installation link and QR code to the user by following the instructions of Mobile device connection wizard.
On the Operating systems step of the wizard, in the Installation settings section, you will be asked to specify the network for downloading the Kaspersky Endpoint Security for Android app. At this step, configure the use of the previously created PAC file for network connection by linking it to the Wi-Fi network settings on a device. To do this, use one of the methods below:
- In the Installation network settings section, choose Prompt the user to select a Wi-Fi network on device. While deploying the app, the user will need to specify the link to the PAC file (step 2) in the network settings when choosing a Wi-Fi network on the device. After the connection is established, the user will be able to continue the device setup and activate the app by following the instructions of the app's Initial Configuration Wizard.
- In the Installation network settings section, choose Only use the specified Wi-Fi network (Android 9 or later), click the Select network button, and then insert the link to the previously created PAC file (step 2) in the PAC file URL field.
If the APK installation file has been downloaded from the Kaspersky website (step 3), you need to replace the link in the QR code with the address of the closed network link.
When deploying the app via an installation package downloaded from Kaspersky Security Center, after the device is reset to factory settings and the QR code is scanned, a Blocked by Play Protect message may appear on the device. The issue is caused by the installation package's signing certificate being different from the one specified in Google Play. The user should continue the installation by choosing Install anyway. If OK is selected, the installation process will be interrupted and the device will be reset to factory settings.
The Kaspersky Endpoint Security for Android app is installed on a device in corporate device operating mode in a closed network.
Page top