• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.3.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.2.0 and 11.2.0 Critical Fix 1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact technical support for a private patch.
• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.1.1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.1.0 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1), Windows 10 October 2020 Update (20H2), Windows 10 May 2021 Update (21H1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1), Windows 10 October 2020 Update (20H2), Windows 10 May 2021 Update (21H1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.3.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.2.0 and 11.2.0 Critical Fix 1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact technical support for a private patch.
• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.1.1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.1.0 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1), Windows 10 October 2020 Update (20H2), Windows 10 May 2021 Update (21H1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1), Windows 10 October 2020 Update (20H2), Windows 10 May 2021 Update (21H1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.3.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.2.0 and 11.2.0 Critical Fix 1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact technical support for a private patch.
• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.1.1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact technical support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.1.0 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact technical support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1), Windows 10 October 2020 Update (20H2) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1), Windows 10 October 2020 Update (20H2) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.3.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.2.0 and 11.2.0 Critical Fix 1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.1.1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.1.0 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2), Windows 10 May 2020 Update (20H1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.3.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.2.0 and 11.2.0 Critical Fix 1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.1.1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.1.0 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1), Windows 10 November 2019 Update (19H2) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after updating the operating system.
• After updating the operating system, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.3.0, 11.2.0 and Critical Fix 1 installed:

• If KES 11.2.0 or 11.2.0 Critical Fix 1 with the FLE encryption component is installed on your computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.1.1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.1.0 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, then the application will be automatically restored after the upgrade to Microsoft Windows November 2019 Update (19H2).
• After upgrading to November 2019 Update (19H2), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES 11.0.0, KES 10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, then the application will be automatically restored after the upgrade to Microsoft Windows November 2019 Update (19H2).
• After upgrading to November 2019 Update (19H2), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line

• File Level Encryption (FLE) components are not supported.
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES10 SP1MR4 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5), Windows 10 May 2019 Update (19H1) is supported.
• If the FDE encryption component or the Device Control component is installed on the computer, November 2019 Update (19H2) is not supported.
• After upgrading to November 2019 Update (19H2), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If after installing November 2019 Update (19H2) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.3.0, 11.2.0 and Critical Fix 1 installed:

• If KES 11.2.0 or 11.2.0 Critical Fix 1 with the FLE encryption component is installed on your computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES 11.1.1 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line

Limitations of updating the operating system on computers with KES 11.1.0 installed:

• If the File Encryption component (FLE) is installed on the computer, the operating system update is not supported. Upgrade Kaspersky Endpoint Security to the latest version or contact Technical Support for a private patch.
• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, then the application will be automatically restored after the upgrade to Microsoft Windows May 2019 Update (19H1).
• After upgrading to May 2019 Update (19H1), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.
• File Level Encryption (FLE) is not supported.

Limitations of updating the operating system on computers with KES 11.0.0, KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, then the application will be automatically restored after the upgrade to Microsoft Windows May 2019 Update (19H1).
• After upgrading to May 2019 Update (19H1), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• File Level Encryption (FLE) components are not supported.
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.
• The installation and running of Kaspersky Endpoint Security in a Windows Sandbox environment is not supported.

Limitations of updating the operating system on computers with KES10 SP1MR4 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4), Windows 10 October 2018 Update (Redstone 5) is supported.
• If there are FDE encryption components or the Device Control component installed on the computer, the installation of the May 2019 Update (19H1) is not supported.
• After upgrading to May 2019 Update (19H1), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If after installing May 2019 Update (19H1) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the OS upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.

Limitations of updating the operating system on computers with KES 11.3.0, 11.2.0 and Critical Fix 1 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Case-sensitive file paths are supported with limitations:
  • Case-sensitive FLE paths are not supported.
  • HIPS / Firewall / Application Control. File paths in rules are not case-sensitive.

Limitations of updating the operating system on computers with KES 11.1.0 and 11.1.1 installed:

• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows October 2018 Update (Redstone 5).
• After upgrading to October 2018 Update (Redstone 5), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.

Limitations of updating the operating system on computers with KES 11.0.0, KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows October 2018 Update (Redstone 5).
• After upgrading to October 2018 Update (Redstone 5), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• File Level Encryption (FLE) components are not supported.
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• On Hyper-V virtual machines, the system may stop responding if the computer switches off or enters hibernation while encrypting a hard drive with FDE.

Limitations of updating the operating system on computers with KES10 SP1MR4, SP1MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3), Windows 10 April 2018 Update (Redstone 4) is supported.
• If there are FDE encryption components or the Device Control component installed on the computer, then the application will be automatically restored after the upgrade to Microsoft Windows October 2018 Update (Redstone 5).
• After upgrading to October 2018 Update (Redstone 5), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows October 2018 Update (Redstone 5) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Full Disk Encryption (FDE) is incompatible with Hyper-V platform components.
• The update task might not work properly, causing the application to stop responding on computers with Windows 10 April 2018 Update (Redstone 4, version 1803). To fix the issue, install the KB4340917 operating system update.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Full Disk Encryption (FDE) is incompatible with Hyper-V platform components.
• The update task might not work properly, causing the application to stop responding on computers with Windows 10 April 2018 Update (Redstone 4, version 1803). To fix the issue, install the KB4340917 operating system update.

Limitations of updating the operating system on computers with KES 11.3.0, 11.2.0 and Critical Fix 1 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Full Disk Encryption (FDE) is incompatible with Hyper-V platform components.
• The update task might not work properly, causing the application to stop responding on computers with Windows 10 April 2018 Update (Redstone 4, version 1803). To fix the issue, install the KB4340917 operating system update.

Limitations of updating the operating system on computers with KES 11.1.0 and 11.1.1 installed:

• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• Full Disk Encryption (FDE) is incompatible with Hyper-V platform components.

Limitations of updating the operating system on computers with KES 11.0.1, KES10 SP2MR4, SP2MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Spring Creators Update (Redstone 4).
• After upgrading to Spring Creators Update (Redstone 4), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in the Host Intrusion Prevention component are not supported ( Application Control Rules → Rights ). For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• Full Disk Encryption (FDE) is incompatible with Hyper-V platform components.

Limitations of updating the operating system on computers with KES 11.0.0 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Spring Creators Update (Redstone 4).
• After upgrading to Spring Creators Update (Redstone 4), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• Full Disk Encryption (FDE) is incompatible with Hyper-V platform components.
• Text input into Cortana’s search line does not work if the File Encryption component is installed.
• You may experience problems with saving a new text file created in Microsoft Office if the File Encryption component is installed. The problem only occurs at the first saving attempt and at the next attempts the file will be successfully saved.

Limitations of updating the operating system on computers with KES10 SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1), Windows 10 Creators Update (Redstone 2), Windows 10 Fall Creators Update (Redstone 3) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows Redstone 4.
• After upgrading to Redstone 4, the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES10 SP1MR4 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1) and Windows 10 Creators Update (Redstone 2) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Fall Creators Update (Redstone 3).
• After upgrading to Fall Creators Update (Redstone 3), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Fall Creators Update (Redstone 3) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• Full Disk Encryption (FDE) cannot be applied to the UEFI computers.

Limitations of updating the operating system on computers with KES10 SP1MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1) and Windows 10 Creators Update (Redstone 2) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Fall Creators Update (Redstone 3).
• After upgrading to Fall Creators Update (Redstone 3), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Fall Creators Update (Redstone 3) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.

Limitations of updating the operating system on computers with KES 11.3.0, 11.2.0 and Critical Fix 1 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.

Limitations of updating the operating system on computers with KES 11.1.0 and 11.1.1 installed:

• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES 11.0.1, KES 11.0.0, KES10 SP2MR4, SP2MR3, SP2MR2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1) and Windows 10 Creators Update (Redstone 2) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Fall Creators Update (Redstone 3).
• After upgrading to Fall Creators Update (Redstone 3), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Modifying the service configuration
  • Accessing audio devices
  • Accessing video devices
  • Using the browser command line
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES10 SP2 MR1, SP2 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1) and Windows 10 Creators Update (Redstone 2) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, then the application will be automatically restored after the upgrade to Microsoft Windows 10 Fall Creators Update (Redstone 3).
• After upgrading to Fall Creators Update (Redstone 3), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES10 SP1MR4 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1) and Windows 10 Creators Update (Redstone 2) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Fall Creators Update (Redstone 3).
• After upgrading to Fall Creators Update (Redstone 3), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Fall Creators Update (Redstone 3) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ): For 32-bit operating systems:
  • Pausing other processes and threads
  • Code injection
  For 32-bit and 64-bit operating systems:
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• Full Disk Encryption (FDE) cannot be applied to the UEFI computers.

Limitations of updating the operating system on computers with KES10 SP1MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2, Windows 10 Anniversary Update (Redstone 1) and Windows 10 Creators Update (Redstone 2) is supported.
• If there are encryption components (FLE and/or FDE) or the Device Control component installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Fall Creators Update (Redstone 3).
• After upgrading to Fall Creators Update (Redstone 3), the Firewall component is displayed in the Windows Security Center as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Fall Creators Update (Redstone 3) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.

Limitations of updating the operating system on computers with KES 11.3.0, 11.2.0 and Critical Fix 1 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is supported with limitations: Pico processes in FLE are not supported.
• The ReFS file system is supported with limitations.

Limitations of updating the operating system on computers with KES 11.1.0 and 11.1.1 installed:

• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES 11.0.1, KES 11.0.0, KES10 SP2MR4, SP2MR3, SP2MR2, SP2MR1, SP2 installed:

• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES10 SP1MR4 installed:

• Only upgrading from Windows 10, Windows 10 TH2 , and Windows 10 Anniversary Update (Redstone 1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Creators Update (Redstone 2).
• After upgrading to Creators Update (Redstone 2), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Creators Update (Redstone 2) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ):
  • Pausing other processes and threads
  • Code injection
  x86/x64
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.
• Full Disk Encryption (FDE) cannot be applied to the UEFI computers.

Limitations of updating the operating system on computers with KES10 SP1MR3 installed:

• Only upgrading from Windows 10, Windows 10 TH2 , and Windows 10 Anniversary Update (Redstone 1) is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Creators Update (Redstone 2).
• After upgrading to Creators Update (Redstone 2), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Creators Update (Redstone 2) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.
• Taking screenshots in the Host Intrusion Prevention component ( Application Control Rules → Rights ) is not supported for 32-bit and 64-bit operating systems.

Limitations of updating the operating system on computers with KES 12.7.0, 12.6.0, 12.5.0, 12.4.0, 12.3.0, 12.2.0, 12.1.0, 12.0.0, 11.11.0, 11.10.0, 11.9.0, 11.8.0, 11.7.0, 11.6.0, 11.5.0, 11.4.0 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES 11.3.0, 11.2.0 and Critical Fix 1 installed:

• If the computer has been encrypted using Full Disk Encryption (FDE), and the upgrade is not performed via WSUS, follow the instructions in this article .

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES 11.1.0 and 11.1.1 installed:

• After upgrading the operating system from a version earlier than Windows 10 Redstone 2, the application automatically starts the restoration procedure, as a result of which the local settings are reset to their default values. When the application is started for the first time, a window will appear requesting participation in KSN.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .
  

• Windows Subsystem for Linux (WSL) is not supported.
• ReFS is supported with limitations.

Limitations of updating the operating system on computers with KES 11.0.1, KES 11.0.0, KES10 SP2MR4, SP2MR3, SP2MR2 installed:

• Only upgrading from Windows 10 and Windows 10 TH2 is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Anniversary Update (Redstone1).
• After upgrading to Anniversary Update (Redstone 1), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions:
  • for KES11
  • for KES10

• Windows Subsystem for Linux (WSL) is not supported.

Limitations of updating the operating system on computers with KES10 SP2MR1, SP2 installed:

• Only upgrading from Windows 10 and Windows 10 TH2 is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Anniversary Update (Redstone1).
• After upgrading to Anniversary Update (Redstone 1), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.

Limitations of updating the operating system on computers with KES10 SP1MR4 installed:

• Only upgrading from Windows 10 and Windows 10 TH2 is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Anniversary Update (Redstone1).
• After upgrading to Anniversary Update (Redstone 1), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Anniversary Update (Redstone1) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The following privileges in Activation Privilege Control are not available ( Application Control Rules → Rights ):
  • Pausing other processes and threads
  • Code injection
  x86/x64
  • Using other applications’ APIs
  • Installing hooks
  • Creating a service
  • Opening the service for reading
  • Opening the service for writing
  • Modifying the service configuration
  • Using the browser command line
• The Device Guard mode is not supported.
• Windows Subsystem for Linux (WSL) is not supported.

Limitations of updating the operating system on computers with KES10 SP1MR3 installed:

• Only upgrading from Windows 10 and Windows 10 TH2 is supported.
• If file encryption components (FLE and/or FDE) or the Device Manager component are installed on the computer, the application will be automatically restored after the upgrade to Microsoft Windows 10 Anniversary Update (Redstone1).
• After upgrading to Anniversary Update (Redstone 1), the Firewall component is displayed in the Windows Security settings as disabled. Upon restart, the status is displayed correctly.
• If after installing Microsoft Windows 10 Anniversary Update (Redstone1) the application does not recognize the activation code, restart the application.
• If the computer has been encrypted using Full Disk Encryption (FDE), follow the instructions in this article .

• The ReFS file system is supported with limitations.
• The Server Nano configuration is not supported.
• Firewall / Application Control: file paths in rules are not case-sensitive.
• When the product is installed, Windows Defender is removed (according to Microsoft recommendations for Anti-Malware Product).
• When the application is installed from the MSI file (without using setup.exe), you must remove Windows Defender before starting the installation. For details, see the Microsoft support site .

• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• Firewall / Application Control: file paths in rules are not case-sensitive.
• When the product is installed, Windows Defender is removed (according to Microsoft recommendations for Anti-Malware Product).
• When the application is installed from the MSI file (without using setup.exe), you must remove Windows Defender before starting the installation. For details, see the Microsoft support site .

• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• Firewall / Application Control: file paths in rules are not case-sensitive.
• Before installing the application on Microsoft Windows Server 2019, you must remove Windows Defender. For details, see the Microsoft support website .

• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• The Device Guard mode is not supported.
• Before installing Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 3 on Microsoft Windows Server 2019, you must remove Windows Defender. For details, see the Microsoft support site .

• Windows Subsystem for Linux (WSL) is supported with limitations.
• Firewall / Application Control: file paths in rules are not case-sensitive.
• The ReFS file system is supported with limitations.
• The Server Nano configuration is not supported.
• When the application is installed, Windows Defender is removed (according to Microsoft recommendations for Anti-Malware Product).
• When the application is installed from the MSI file (without using setup.exe), you must remove Windows Defender before starting the installation. For details, see the Microsoft support website .

• Device Guard is not supported.
• Windows Subsystem for Linux (WSL) is supported with limitations.
• Firewall / Application Control: file paths in rules are not case-sensitive.
• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• When the product is installed, Windows Defender is removed (according to Microsoft recommendations for Anti-Malware Product).
• When the application is installed from the MSI file (without using setup.exe), you must remove Windows Defender before starting the installation. For details, see the Microsoft support website .

• Device Guard is not supported.
• Windows Subsystem for Linux (WSL) is supported with limitations.
• Firewall / Application Control: file paths in rules are not case-sensitive.
• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• Before installing the application on Microsoft Windows Server 2016, you must remove Windows Defender. For details, see the Microsoft support website .

• Device Guard is not supported.
• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• Before installing the application on Microsoft Windows Server 2016, you must remove Windows Defender. For details, see the Microsoft support website .

• Device Guard is not supported.
• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• When the product is installed, Windows Defender is removed (according to Microsoft recommendations for Anti-Malware Product).
• When the application is installed from the MSI file (without using setup.exe), you must remove Windows Defender before starting the installation. For details, see the Microsoft support website .

• Device Guard is not supported.
• The ReFS file system is supported with limitations.
• The Server Core, Server Nano, and Cluster Mode configurations are not supported.
• The Device Guard mode is not supported.
• Before installing Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 4 on Microsoft Windows Server 2016, you must remove Windows Defender. For details, see the Microsoft support site .