How to install patches on password-protected KEA [Kaspersky Endpoint Agent]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

As the first step of troubleshooting of KEA, we recommend installing the latest core patch.

However, sometimes such installation will fail. There are two popular causes of this:

1. EULA is not accepted;
2. KEA installation is protected with a password.

This guide addresses both of these issues.

# in Password Symbol

Due to limitations in KSC, when creating a custom package for remote deployment in KSC, or editing package configuration file (.kpd) directly, if password contains "#"  symbol, it won't work. Examination of saved package shows everything afterwards and including # is lost from command line. This is because in (.kpd) configuration files # is a sign of a single string comment. Thus # is invalid symbol and cannot be used in command line. Behavior is expected from KSC side and cannot be changed. We recommend not to use # in password.

Step-by-step guide

The following options need to be provided to the installer:

disclaimer=1

This instructs the installer to accept the EULA. 

UNLOCK_PASSWORD=password

This is required if the installation of KEA is protected with a password. Replace "password" with the actual value of the password.

Local installation

The resulting line for local installation may look like this:

msiexec /p critical_fix_core9(private).msp disclaimer=1 UNLOCK_PASSWORD=password

Remote installation

The same options can be used when deploying remotely via KSC. Specify them as follows: