Licensing Guidelines For Kaspersky Products

Licensing guidelines for Kaspersky
products
Date: May 2023
Version No. 48 (applicable globally, excluding Russia, STAN, Caucasus)
Contents
1. Disclaimer ........................................................................................................................................... 3
2. Glossary ............................................................................................................................................. 4
3. General Licensing Principles ............................................................................................................... 6
Security for Home and SOHO (small office, home office) .......................................................................................... 6
Small Office Security .................................................................................................................................................. 7
Endpoint Security Cloud ............................................................................................................................................. 9
Endpoint Security .....................................................................................................................................................11
Total Security ............................................................................................................................................................11
Endpoint Detection and Response Optimum ...........................................................................................................13
Endpoint Detection and Response Expert ...............................................................................................................16
Managed Detection and Response ..........................................................................................................................19
Optimum Security .....................................................................................................................................................21
Sandbox ...................................................................................................................................................................22
Anti Targeted Attack Platform ..................................................................................................................................23
Endpoint Detection and Response ...........................................................................................................................26
Hybrid Cloud Security ...............................................................................................................................................28
Vulnerability and Patch Management Security ........................................................................................................31
PAGE 1 | Licensing guidelines for Kaspersky products | 16 May 2023

Encryption for Endpoint ............................................................................................................................................31
Mail and Gateway Security .......................................................................................................................................32
Storage Security .......................................................................................................................................................33
Embedded Systems Security ...................................................................................................................................33
Private Security Network ..........................................................................................................................................34
Research Sandbox ...................................................................................................................................................34
Threat Attribution Engine ..........................................................................................................................................35
CyberTrace ...............................................................................................................................................................35
xSP ...........................................................................................................................................................................35
Premium Technical Support .....................................................................................................................................36
End-of-Sales Products. Migration guidelines ...........................................................................................................39
Additional licensing procedures ................................................................................................................................41
Renewal guidelines ................................................................................................................................................................. 41

Public sector, governmental and/or educational licensing ...................................................................................................... 41
Cross-grade licensing ............................................................................................................................................................. 42
Upgrade/Trade-in deals (applicable to B2B products only) ..................................................................................................... 42
Up-sell deals (applicable to B2B products only) ...................................................................................................................... 44
Band selection in case of additional (up-sell) orders and down-sell orders ............................................................................. 44
Band selection for “splitted” purchases ................................................................................................................................... 45
Grace period ........................................................................................................................................................................... 45
Appendix 1. Reference list of Kaspersky license types (as SKU attribute) ................................................46
Appendix 2. Description of calculation of quantity of KSOS licenses required ..........................................47
Appendix 3. Description of calculation of quantity of KESB licenses required ...........................................48
Appendix 4. Licensing of Kaspersky Security Center functionality ............................................................49
Appendix 5. Examples of KEDR licensing options basing on specific customer cases .............................50
Appendix 6. Licensing cases of Kaspersky Hybrid Cloud Security (KHCS)...............................................51
Band combining in Kaspersky Hybrid Cloud Security sales.....................................................................................52
KHCS trade-in options for KESB customers ............................................................................................................52
Appendix 7. The daily licensed traffic volume has been exceeded or not completely used .......................53
Addendum to General Licensing Principles ..............................................................................................54
PAGE 2 | Licensing guidelines for Kaspersky products | 16 May 2023

1. Disclaimer
This guidebook includes description of general licensing principles of Kaspersky as well as licensing
schemes specified by products. This document states global guidelines for commercial licensing of Kaspersky
products and does not incorporate any guidance on sales of Kaspersky Services.
This document can be distributed among partners (distributors, resellers, etc.) in order to provide them with
clear outline of current licensing practices in Kaspersky.
The following issues are out of scope of this document:
• non-commercial licensing (NFR, trial licenses);

• special discount policy;
• price calculation logic implemented in CRM and order management systems;
• contracting processes and procedures;
• products return and refund issues (credit notes etc.);
• order processing guidence (e.g., permissions settings, quotes etc.);
• approval treshold and procedures;
• product development, including compatibility and migration issues;
• maintenance and technical support procedures.
Please be advised that the actual commercial product availablity and actual commercial SKU set availability
in each regional market is provided in accordance with a price-list effective for a particular sales territory.
© 1997-2023 Kaspersky Lab AO. All Rights Reserved.

2. Glossary
Licensing – a set of commercial rules, according to which Kaspersky as a Vendor distributes its products to
partners.
License – internal term for the purpose of this document used for indication of end-user right to use the
product purchased and installed on one license object.
Product – one or several applications along with key files/activation codes to be delivered to an end user and to be
activated.
Application – the software released by Kaspersky which is intended for distribution outside the company.
Product composition – set of applications to be compatible with the product.
License object – physical or virtual entity that is intended to be protected by Kaspersky product. The number of
license objects are calculated in order to count the required number of licenses to be sold.
Factor – tool that allows to adjust percentage of licenses objects assigned to one product.
For example, Kaspersky Total Security for Business includes 6 license objects – nodes, MDM-nodes, SM-
nodes, nodes under gateway and mail users.
• Nodes have factor as 100%,

• MDM-nodes have factor as 100% (but not more than number of mobile devices protected by Kaspersky
product),
• SM-nodes have factor as 100%,
• Nodes under gateway have factor as 110%,
• Mail users have factor as 150%.
That means that:
the total number of server, workstation and mobile device licenses provided cannot exceed the total
number of licenses purchased. The total number of protected mail users cannot exceed 150% of
total number of licenses purchased. The total number of protected nodes behind gateway cannot
exceed 110% of total number of licenses purchased.
Kaspersky products are generally categorized by Market Sector.
Market Sector – a category of customers who have the same needs in product functionality, and are similar in their
buying behavior:
• Consumer sector (B2C, Business-to-Customer) – products included in this group are targeted to end-
consumers, and business activities are aimed at selling products basically through retail and online channel.
• Corporate sector (B2B, Business-to-Business) – products included in this group are targeted to companies, and
business activities are aimed at selling products basically through distribution channel.
Kaspersky provides various licensing schemes of its products. These schemes are differed by package (e.g.,
user license, download pack, box), by purchase rotation (initial and renewal licenses), by license period (e.g., 1, 2, 3
years), by quantity of license objects (e.g., 1 desktop, 100 MB per day, 250 nodes), by deal type (e.g., add-on), by
customer segment (e.g., Public Sector), by maintenance type (e.g., Standard, Premium) etc.

Existing licensing schemes are described in attributes of particular SKU (stock-keeping unit) related to a
product:
1. Product code – internal 4-digit identification of each Kaspersky product.

2. Locale – is strictly related to currency and being used to set pricing on a particular territory.
3. Package – refers to the way of delivery of Kaspersky products and thus identifies channel of distribution
(Channel/Direct, Retail, Online, Service Providers etc.).
4. Band (Volume) – quantity of license objects to be protected.
5. Term (License period) – a period of time during which the end-user is authorized to use the product.
6. License type provides setting of different purchasing programs categorized by customer segment, deal type,
maintenance type etc. For the reference list of license types please refer to Appendix 1.
Please note that for one SKU only one listed price can be set.
KORM – Kaspersky Order Management System, where authorized accounts can place orders on specific SKUs.
Key file is a binary file that allows the user to activate an application.
Activation code – unique code of a certain format that enables Kaspersky product activation.
Additional Key files/Activation codes and Co-terming
If a customer needs additional protection of the same functionality during license period the new key
file/activation code is to be issued. This key file/activation code should be co-termed with the initial key file/activation
code, unless the customer is explicitly requesting not to co-term. Co-terming means aligning expiration dates of
original and additional licenses so they expire simultaneously.
Consolidation (exceptional cases)
Generally speaking, this is a technical process of combining additional key file/activation code with existing
key file/activation code in order to create one combined key file/activation code for the total quantity of protected
license objects. Only identical product functionality can be combined through consolidation process.
Consolidation is an exceptional approach to specific products that are clearly stated in this policy.
Add-on license type/SKU and Co-terming
If a customer is buying SKU with Add-on license type, the expiration date of the license for this Add-on SKU
will be aligned with the expiration date of the license for the main product to which Add-on license is purchased. It is
not possible to sell SKU with Add-on license type for the license term shorter or longer than the license term of the
main product.

3. General Licensing Principles
Security for Home and SOHO (small office, home office)

Product License objects and license count Comments, limitations
Kaspersky Anti-Virus (KAV) Desktop

100%
Kaspersky Internet Security for Mac Desktop

(KIS for Mac) 100%
Kaspersky Internet Security for Mobile Device

Android (KIS for Android) 100%
Kaspersky Cloud Password Manager User

100%
Kaspersky Safe Kids User

100%
Kaspersky Secure Connection (KSEC) 1 User

+
N Devices
Kaspersky Internet Security (KIS) Device

100%
Kaspersky Total Security (KTS) Device 100%

+
KPM Accounts 30%
+
1 Safe Kids Account
Kaspersky iOS Security Account Mobile stores only

100% Only 1-account license is
available
Kaspersky Security Cloud – Personal Device 100% Only 3- and 5-device licenses
(KSCP) + are available
1 KPM Account
Kaspersky Security Cloud – Family Device 100% Only 10-device licenses are
(KSCF) + available
5 KPM Accounts
+
1 Safe Kids Account
Upgrade policy for consumer products
During the license period, a user can upgrade to a product with a wider functionality (e.g., upgrade from
Kaspersky Anti-Virus to Kaspersky Internet Security). Special upgrade SKUs exist in price-list.
Upgrade from consumer products to corporate products is not allowed.

Small Office Security
Product License objects and Comments, limitations
license count
Kaspersky Small Office Security for Desktop 100% the license period for the products will start on
Desktops and Mobiles + the day of activating the code by the customer,
Mobile Device 100% and the expiration date will be set in accordance
+ with this activation date. Orders can be placed
User 100% both individually per each customer and as a
pool of codes. Co-terming of additional licenses
Kaspersky Small Office Security for Desktop 100% is not available
Desktops, Mobiles and File Servers +
Mobile Device 100%
+
File Server 10%
+
User 100%
Kaspersky Small Office Security for Desktop 100% the license period starts for the product is
Desktops and Mobiles (fixed-date) + starting on the day of placing order (i.e.,
Mobile Device 100% expiration date of the license is automatically set
+ at the moment of placing the order since
User 100% activation code starts to expire immediately).
Orders are placed for each customer
Kaspersky Small Office Security for Desktop 100% individually. Co-terming of additional licenses is
Desktops, Mobiles and File Servers + available
(fixed-date) Mobile Device 100%
+
File Server 10%
+
User 100%
Calculation of a number of KSOS licenses required
The number of KSOS licenses to be issued is calculated basing on the total number of desktops (incl. laptops)
to be protected.
The number of other license objects included in KSOS products (mobile devices, users and file servers) is
calculated basing on the percentage of the total number of protected desktops (basing on the factor). KSOS license
objects and the factors assigned are indicated in the table above.
Please see Appendix 2 for detailed description of calculation of quantity of KSOS licenses required.
Renewal policy for KSOS
The following renewals are not restricted:
• from earlier versions of Kaspersky Small Office Security to the newest one;
• from Kaspersky Small Office Security to Kaspersky Endpoint Security for Business products;
• from Kaspersky Endpoint Security for Business products to Kaspersky Small Office Security.
Renewal license type should be used for this purpose.
Upgrade policy for KSOS
Upgrade from Kaspersky Small Office Security to KES Cloud, KES Cloud Plus or KES Cloud Pro is allowed.
Please note that if upgrade is being done at the time of renewal, the customer is entitled to renewal pricing.

Up-sell of KSOS licenses
Purchase of additional licenses (up-sell) is available during the licensing period of the original licenses or at
the time of renewal.
Minimum up-sell order quantity is 5 licenses (or 1 license pack per 5 desktops/5 mobile devices/1 file
server/5users).
Up-sell order is recommended to place through the same channel where the initial licenses were purchased
and within the very same set of SKUs related to this channel (considering co-term limitations mentioned previously).

Endpoint Security Cloud
Kaspersky Endpoint User 100% KES Cloud products have a technical

Security Cloud = limitation of protecting 999 users max
100% workstation, laptop or file server
KES Cloud products requires
(KES Cloud) +
consolidation. Otherwise, creating a
200% mobile devices
separate workspace will be required. Please
Kaspersky Endpoint User 100% be reminded that consolidation will be applied
Security Cloud Plus = to identical product functionality only (KES
100% workstation, laptop or file server Cloud, KES Cloud Plus and KES Cloud Pro
(KES Cloud Plus) + won’t be consolidated with each other)
200% mobile devices Mail protection functionality inside KES
Kaspersky Endpoint + Cloud Plus and KES Cloud Pro requires
Security Cloud Pro 150% Mailboxes consolidation
(KES Cloud Pro)
Number of KES Cloud licenses required
The number of licenses for any of KES Cloud product tiers is calculated based on the total number of users
to be protected. 10 users license of KES Cloud covers 10 workstation, laptop or file server and 20 mobile devices. 10
users license of KES Cloud Plus or KES Cloud Pro covers 10 workstation, laptop or file server, 20 mobile devices and
15 mailboxes of Microsoft Office365.
Mixing KES Cloud products in 1 company
KES Cloud, KES Cloud Plus and KES Cloud Pro can be purchased together to protect users in 1 company
and can be managed in 1 account. Please be informed that creating of separate workspaces in that account is required
for managing various tiers of KES Cloud products.
Upgrade, migration and renewal policy for KES Cloud
A customer is entitled for the following upgrades:
Upgrade from Upgrade to
Kaspersky Endpoint Security Cloud Kaspersky Endpoint Security Cloud Plus /

Kaspersky Endpoint Security Cloud Pro
Kaspersky Endpoint Security Cloud Plus Kaspersky Endpoint Security Cloud Pro
Kaspersky Small Office Security for Desktops, Mobiles Kaspersky Endpoint Security Cloud /
and File Servers / Kaspersky Endpoint Security Cloud Plus /
Kaspersky Small Office Security for Desktops, Mobiles Kaspersky Endpoint Security Cloud Pro
and File Servers (fixed-date)
Please note that if upgrade is being done at the time of renewal, the customer is entitled to renewal pricing.
Customer can migrate from KESB products (Select, Advanced or Total), or KEDR Optimum to KES Cloud,
KES Cloud Plus or KES Cloud Pro. Please be advised that if the migration is processed at the time of renewal, the
customer is entitled to renewal pricing. Please note that migration from KEDR Optimum to KES Cloud, KES Cloud
Plus or KES Cloud Pro is allowed at a time of renewal only. In that case the customer is entitled to renewal pricing.
Migration from KEDR Expert to KES Cloud products is not allowed. However, the customer can purchase KES Cloud
product at initial (i.e., base) pricing.

Migration from KES Cloud products to KESB products (Select, Advanced, or Total), KEDR Optimum or KEDR
Expert is allowed. Please be advised that if the migration is processed at the time of renewal, the customer is entitled
to renewal pricing.
Technical specifics of migration to KES Cloud
There are no any technical specifics of migrating from previous version of KES Cloud. Re-installation of KES
for Windows is not required.
Technical migration from other endpoint products (on premises or cloud based) to KES Cloud or KES Cloud
Plus requires re-deployment and re-setup of the entire customer’s infrastructure.

Endpoint Security
Kaspersky Endpoint Security for Business (KESB) is a set of products for corporate clients. It offers security
coverage for all types of nodes. This includes mobile devices, workstations, laptops, servers. In addition Kaspersky
Security Center allows easy centralized management of Kaspersky applications installed as well as provides enhanced
security (vulnerability and patch management) and manageability functionality (mobile device management, client
management tools).
Product License objects and license Comments, limitations

count
Kaspersky Endpoint Security for Business - Node 100%

Select +
MDM-Node 100%1
(KESB - Select)
Kaspersky Endpoint Security for Business - Node 100%

Advanced +
MDM-Node 100%2
(KESB - Advanced) +
SM-Node 100%
Total Security
count
Kaspersky Total Security for Business Node 100%

+
(KTSB) MDM-Node 100%3
+
SM-Node 100%
+
Mail users 150%
+
Internet gateway protection 110%
Kaspersky Security Center in regards to Security Management functions is supplied free of charge regardless
of the product selected.
1 But not more than number of mobile devices protected by Kaspersky product. Please refer to Licensing of
Kaspersky Security Center Mobile Device Management functionality


Calculation of a number of KESB licenses required
The number of KESB licenses to be issued is calculated based on the total number of nodes (workstations,
laptops, mobile devices and servers) to be protected.
The number of other license objects included in KESB products (e.g., MDM-node, SM-node, mail user, etc.)
is calculated based on the percentage of the total number of protected endpoints (i.e., based on the factor). License
objects assigned to each product and their factors are indicated in the above tables.
Please see Appendix 3 for detailed description of calculation of quantity of KESB licenses required.
Kaspersky Security Center Cloud Console availability
Please be advised that if a customer wants to use Kaspersky Security Center Cloud Console (KSC Cloud
Console), the customer would need effective KESB licenses (Select, Advanced or Total). Please note that this
functionality is available for the number of KESB licenses starting from 300 nodes only.
Licensing of Kaspersky Security Center Vulnerability and Patch Management functionality
Factor for Vulnerability and Patch Management (VPM) functionality of Security Center (SC) is 100%. This
factor is applied to the whole number of licenses purchased.
VPM functionality of SC can be applied independently from the endpoint protection. VPM functionality of SC
may be distributed on endpoints that are not protected by KESB.
Licensing of Kaspersky Security Center Mobile Device Management functionality
Mobile Device Management (MDM) functionality of SC is applied to the number of mobile devices due to be
protected with Kaspersky Endpoint Security. This number is calculated by SC as the total number of KESB licenses
purchased less the number of KESB licenses installed on workstations and servers.
SC may manage iOS devices and provide MDM capabilities even if those devices don’t use Kaspersky's threat
protection capabilities. Please note that in these cases, a full license of KESB should be assigned to the mobile device.
Please refer to Appendix 4 for examples.
Upgrade policy for KESB products
A customer is entitled to the following upgrades within KESB product family:
Kaspersky Endpoint Security for Business - Select Kaspersky Endpoint Security for Business - Advanced
Kaspersky Endpoint Security for Business - Select Kaspersky Total Security for Business
Kaspersky Endpoint Security for Business - Advanced Kaspersky Total Security for Business

Endpoint Detection and Response Optimum
count
Kaspersky Endpoint Detection and Node KEDR Optimum functionality

Response Optimum Add-On 100% requires consolidation
(KEDR Optimum Add-On) The KEDR Optimum Add-On is not
sold as a stand-alone product. It
can be purchased only in addition
to effective licenses of KESB
product (Select, Advanced, or
Total) or Kaspersky Hybrid Cloud
Security product (KHCS, Standard
or Enterprise edition)
Kaspersky Endpoint Detection and Node 100% KEDR Optimum functionality

Response Optimum + requires consolidation. Please
MDM-Node 100%4 note that consolidation is not
(KEDR Optimum) + applicable to Kaspersky Endpoint
SM-Node 100% Security functionality provided
+ within the license of KEDR
Node (EDR functionality) 100% Optimum
Licensing of KEDR Optimum Add-On
The number of KEDR Optimum Add-On licenses sold to the customer should be the same or less than the
number of KESB/KHCS licenses the customer already has. For example, if a customer has 400 nodes protected with
KESB-Select and wants to have an additional layer of KEDR Optimum protection for the critical 250 nodes, the
customer can buy 250 licenses of KEDR Optimum Add-on. Please be advised that when adding KEDR Optimum Add-
On licenses to KHCS with CPU licensing scheme, the number of KEDR Optimum Add-On licenses should be equal
to the number of virtual machines a customer wants to protect with KEDR Optimum functionality.
Licensing of KEDR Optimum
The number of KEDR Optimum licenses is calculated based on the total number of nodes (workstations,
4 Butnot more than the number of mobile devices protected by Kaspersky product. Please refer to Licensing of
Kaspersky Security Center Mobile Device Management functionality. Only applies to Kaspersky Endpoint Security
for Business

Upgrade and migration policy for KEDR Optimum products
Kaspersky Endpoint Security Cloud Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security Cloud Plus Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security Cloud Pro Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security for Business - Select Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Security for Business - Advanced Kaspersky Endpoint Detection and Response Optimum
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert /
Add-on (on top of KESB product – Select, Advanced or Kaspersky Endpoint Detection and Response Expert
Total) Add-on5 (on top of KESB product – Select, Advanced
or Total)
As to the last migration scenario mentioned in the table above, in case a customer is using KESB-Select
together with KEDR Optimum Add-On, the customer can upgrade KEDR Optimum Add-on licenses to KEDR Expert
Add-On licenses while continuing using KESB-Select licenses. Or, the customer can upgrade KESB-Select and KEDR
Optimum Add-on licenses to KEDR Expert licenses so to upgrade both EDR and KESB functionality.
Please note that upgrades from KEDR Optimum to KEDR Expert has to be validated by Kaspersky local
presales team.
Please be advised that if the upgrade is processed at the time of renewal, the customer is entitled to renewal
pricing.
Migration from KEDR Optimum to KESB products (Select, Advanced, or Total), KES Cloud products is
allowed at a time of renewal only. In that case the customer is entitled to renewal pricing.
Please be advised that in case a customer is using Kaspersky Total Security for Business and wants KEDR
Optimum functionality for its workstations/laptops, it is recommended to offer to the customer licenses of KEDR
Optimum Add-On. Please note that at the time of renewal a customer can migrate from KESB Total to Optimum
Security at renewal pricing.
Please note that if a customer wants to use Kaspersky Security Center Cloud Console (KSC Cloud Console)
and KEDR Optimum functionality, the customer would need effective KEDR Optimum licenses (the license quantity
starting from 300 nodes) or effective KESB-licenses together with effective KEDR Optimum Add-on licenses (starting
5 Please be advised that KEDR Expert Add-On licenses should be co-termed with KESB licenses

from 300 nodes for each of aforementioned products). KEDR Standard/Advanced Edition licenses will not be accepted
by KSC Cloud Console.

Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Node 100% KEDR Expert functionality requires
Response Expert + consolidation
MDM-Node 100%6
(KEDR Expert) +
SM-Node 100%
+
Node (EDR functionality) 100%
+
Alerts & incidents retention period =
360 days
+
Telemetry retention period = 30 days
Kaspersky Endpoint Detection and Node 100% KEDR Expert functionality requires
Response Expert Add-On + consolidation
Alerts & incidents retention period = The KEDR Expert Add-On is not
(KEDR Expert Add-on) 360 days sold as a stand-alone product. It
+ can be purchased only in addition
Telemetry retention period = 30 days to effective licenses of KESB
product (Select, Advanced, or
Total) or Kaspersky Hybrid Cloud
Security product in on-premise
scenario (KHCS Standard or
Enterprise edition)
Kaspersky Endpoint Detection and Node 100% Kaspersky Endpoint Detection and
Response Expert Telemetry + Response Expert Telemetry
Retention 60 days Alerts & incidents retention period = Retention 60 days is not sold as a
360 days stand-alone product. It can be
+ purchased only in addition to
Telemetry retention period = 60 days effective licenses of KEDR Expert
or KEDR Expert Add-on
Kaspersky Endpoint Detection and Node 100% Kaspersky Endpoint Detection and
Response Expert Telemetry + Response Expert Telemetry
Retention 90 days Alerts & incidents retention period = Retention 90 days is not sold as a
360 days stand-alone product. It can be
+ purchased only in addition to
Telemetry retention period = 90 days effective licenses of KEDR Expert
or KEDR Expert Add-on
6 Butnot more than the number of mobile devices protected by Kaspersky product. Please refer to Licensing of
Kaspersky Security Center Mobile Device Management functionality. Only applies to Kaspersky Endpoint Security
for Business

Licensing of KEDR Expert
The number of KEDR Expert licenses is calculated based on the total number of nodes (workstations, laptops
and servers) due to be protected. This number may be less than the overall number of nodes in the organization.
Licensing of KEDR Expert Add-On
The number of KEDR Expert Add-On licenses sold to the customer should be the same or less than the
number of KESB/KHCS licenses the customer already has. For example, if a customer has 400 nodes protected with
KESB-Select and wants to have an additional layer of KEDR Expert protection for the critical 250 nodes, the customer
can buy 250 licenses of KEDR Expert Add-on. Please be advised that when adding KEDR Expert Add-On licenses to
KHCS with CPU licensing scheme, the number of KEDR Expert Add-On licenses should be equal to the number of
virtual machines a customer wants to protect with KEDR Expert functionality.
The license term of KEDR Expert Add-On can be equal or less than the license term of the main product.
Licensing of Kaspersky Endpoint Detection and Response Expert Telemetry Retention
The number of KEDR Expert Telemetry Retention licenses is calculated based on the total number of nodes
that requires extended telemetry storage time. This number should be equal to the number of nodes protected by
KEDR Expert or KEDR Expert Add-on. The license term of KEDR Expert Telemetry Retention should be equal or
less than the license term of the main product.
Please be advised that it is not allowed to mix KEDR Expert Telemetry Retention 60 days and 90 days
licenses for 1 customer.
Upgrade and migration policy for KEDR Expert products
Kaspersky Endpoint Security Cloud Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security Cloud Plus Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security Cloud Pro Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security for Business - Select Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Security for Business - Advanced Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert
Kaspersky Endpoint Detection and Response Optimum Kaspersky Endpoint Detection and Response Expert /
Add-on (on top of KESB product – Select, Advanced or
Total)

Kaspersky Endpoint Detection and Response Expert
Add-on7 (on top of KESB product – Select, Advanced
or Total)
Kaspersky Endpoint Detection and Response Standard Kaspersky Endpoint Detection and Response Expert /
Edition Kaspersky Endpoint Detection and Response Expert
Add-on
Kaspersky Endpoint Detection and Response Kaspersky Endpoint Detection and Response Expert /
Advanced Edition Kaspersky Endpoint Detection and Response Expert
Add-on
Please note that upgrades from KEDR Optimum to KEDR Expert has to be validated by the local presales
team.
Please be advised that if the upgrade is processed at the time of renewal, the customer is entitled to renewal
pricing.
Migration from KEDR Expert to KES Cloud products is not allowed. However, the customer can purchase
KES Cloud product at initial (i.e., base) pricing.
Please be advised that in case a customer is using Kaspersky Total Security for Business and wants KEDR
Expert functionality for its nodes, it is recommended to offer to the customer licenses of KEDR Expert Add-On.
For recommendations regarding the product/s needed for each particular customer’s infrastructure please
contact ESIG@kaspersky.com.
Please note that if a customer wants to use Kaspersky Security Center Cloud Console (KSC Cloud Console)
and KEDR Expert functionality, the customer would need effective KEDR Expert licenses (starting from 50 nodes) or
effective KESB (Select, Advanced or Total) licenses (starting from 300 nodes) together with effective KEDR Expert
Add-on licenses (starting from 50 nodes). Please be informed that the minimum license qty of KESB licenses, i.e., 300
licenses, is the obligatory requirement to access KSC Cloud Console functionality even when the customer has 50
licenses of KEDR Expert Add-on. KEDR Standard/Advanced Edition licenses will not be accepted by KSC Cloud
Console.
7 Please be advised that KEDR Expert Add-On licenses should be co-termed with KESB licenses

Managed Detection and Response
Product License Comments, limitations
objects and
license count
Kaspersky Managed Detection and Response Optimum The MDR functionality requires
Add-On / consolidation.
Kaspersky MDR Optimum Add-on (for STAN region only) Node
100% Kaspersky will not process
Kaspersky Managed Detection and Response Expert orders from 1 customer that are
Add-On / split across 2 Kaspersky MDR
Add-On products (Optimum and
Kaspersky MDR Expert Add-on (for STAN region only) Expert)
Kaspersky MDR Optimum / Expert Add-on is not sold as a stand-alone service. It can be purchased only in
addition to effective license of the following products:
• Kaspersky Endpoint Security for Business – Select,

• Kaspersky Endpoint Security for Business – Advanced,
• Kaspersky Total Security for Business,
• Kaspersky Endpoint Detection and Response Optimum (please see below the comment about EDR functionality
inside MDR),
• Kaspersky Integrated Security Special Edition (please see below the comment about EDR functionality inside
MDR),
• Kaspersky Optimum Security (please see below the description of MDR upgrade scenario that is valid for
Optimum Security product),
• Kaspersky Hybrid Cloud Security, Server,
• Kaspersky Hybrid Cloud Security Enterprise, Server,
• Kaspersky Hybrid Cloud Security, CPU,
• Kaspersky Hybrid Cloud Security Enterprise, CPU.
The number of Kaspersky MDR Optimum / Expert Add-On licenses is calculated based on the total number
of nodes (workstations, laptops and servers) due to be protected.
This number may be equal or less than the overall number of nodes protected by KESB product (Select,
Advanced or Total), by KEDR Optimum or by Kaspersky Hybrid Cloud Security products. For example, if a customer
has 1000 nodes protected by Kaspersky Total Security for Business and 150 virtual machines protected by Kaspersky
Hybrid Cloud Security and wants to have an additional layer of MDR protection for the critical 500 nodes and all 150
virtual machines, the customer should buy a certificate of MDR Optimum / Expert Add-On for 650 nodes.
In case of purchasing MDR Optimum / Expert Add-On for Kaspersky Hybrid Cloud, CPU or Kaspersky Hybrid
Cloud Security Enterprise, CPU, MDR licenses should be counted based on the total number of virtual machines
on the corresponding server/s.
The license term of Kaspersky MDR service can be equal or less than the license term of the main product.
Kaspersky MDR Optimum / Expert includes EDR Optimum functionality. If a customer is willing to purchase
MDR Optimum / Expert and wants to add EDR Optimum protection as well, the customer should be offered Kaspersky
MDR service only. There is no need to purchase EDR Optimum Add-On in this case. If a customer already has EDR
Optimum and is willing to purchase MDR Optimum / Expert Add-On, he is entitled for an additional discount. Please
send your request for such a discount to intelligence@kaspersky.com.

Please be advised that customers with Kaspersky Optimum Security can upgrade MDR Optimum
functionality included in the product to MDR Expert functionality level. In that case the customer should purchase
Kaspersky MDR Expert Add-on. The number of MDR Expert Add-On licenses should be equal to the overall number
of nodes protected by Optimum Security. The license term of Kaspersky MDR Expert service can be equal or less
than the license term of Kaspersky Optimum Security. In case of any questions please contact
intelligence@kaspersky.com.
Customer can upgrade from Kaspersky MDR Optimum Add-On to Kaspersky MDR Expert Add-On.

Optimum Security
license count
Kaspersky Optimum Security Node 100% Kaspersky Optimum Security functionality

+ requires consolidation. Please note that
Mobile Device 200% consolidation is not applicable to Kaspersky
+ Endpoint Security functionality provided within the
MDM-Node 200% license of Optimum Security
+
SM-Node 100%
Kaspersky Optimum Security is a stand-alone product that provides EDR Optimum functionality (incl. Endpoint
Security) together with MDR Optimum.
The number of Kaspersky Optimum Security licenses is calculated based on the total number of non-mobile
nodes (workstations, laptops and servers) due to be protected. Two licenses for mobile device protection are provided
for each license free of charge, and therefore are not included in the number of licenses to be purchased.
Upgrade, migration, cross-sell policy of Optimum Security product
Kaspersky Endpoint Security for Business - Select Kaspersky Optimum Security
Kaspersky Endpoint Security for Business - Advanced Kaspersky Optimum Security
Kaspersky Endpoint Detection and Response Optimum Kaspersky Optimum Security

Please be informed that if the upgrade is processed at the time of renewal, the customer is entitled to renewal
pricing.
Please be advised that KESB/KEDRO licenses installed to protect mobile devices should be subtracted from
the license count while upgrading to Kaspersky Optimum Security. For example, a customer has 400 KESB-
Advanced licenses installed on workstations and servers together with 100 KESB-Advanced licenses installed on
mobile devices, and it wants to upgrade to Kaspersky Optimum Security. This customer should be offered 400 licenses
of Kaspersky Optimum Security. Thus the customer will be able to protect up to 400 non-mobile nodes and up to 800
mobile devices.
Please be advised that in case a customer is using Kaspersky Total Security for Business and wants Optimum
Security functionality for its nodes, it is recommended to offer to the customer licenses of Kaspersky MDR Optimum
Add-On. Please note that at the time of renewal a customer can migrate from KESB Total to Optimum Security at
renewal pricing.
Migration from Kaspersky Optimum Security to KESB products (Select, Advanced, or Total) and to Kaspersky
EDR Optimum is allowed at a time of renewal only. In that case, the customer is entitled to renewal pricing.
In case a customer wants to upgrade MDR Optimum functionality included in Optimum Security to MDR Expert
functionality level, the customer should be offered Kaspersky MDR Expert Add-on. The number of Kaspersky MDR
Expert Add-On licenses should be equal to the overall number of nodes protected by Optimum Security. The license
term of Kaspersky MDR Expert service can be equal or less than the license term of Kaspersky Optimum Security.
In case of any questions please contact intelligence@kaspersky.com.

Sandbox
license count
Kaspersky Sandbox, Node Node The product requires consolidation

100% Please be informed that the product is
currently under end-of-sales process
Kaspersky Sandbox, Node can not be sold as a stand-alone product, unless it will be used with 3rd party
products through an API. It can purchased in addition to the effective license of the following products:

• Kaspersky Endpoint Detection and Response Optimum.
The number of Kaspersky Sandbox, Node licenses is calculated based on the total number of nodes
(workstations, laptops and servers) due to be protected. This number may be equal or less8 than the overall number
of nodes protected by Kaspersky Endpoint Security. For example, if a customer has 1000 nodes protected with KESB-
Select and wants to have an additional layer of Sandbox protection for the critical 450 nodes, the customer should buy
450 licenses of Kaspersky Sandbox, Node.
The license term of Kaspersky Sandbox, Node can be equal or less than the license term of the main
product.
Please note that Kaspersky Sandbox, Node is available for integration with 3rd party (non-Kaspersky)
solutions, which can send files for analysis to and receive verdicts from Kaspersky Sandbox through RESTful API. For
recommendations on licensing scenarios for Kaspersky Sandbox integration with 3rd party solutions, please contact
ESIG@kaspersky.com.
Please be informed that Kaspersky Sandbox, Node is currently under end-of-sales process. Only renewal
licenses are available for purchase. For the valid end-of-life date please refer to
https://support.kaspersky.com/corporate/lifecycle. After the end-of-life date Kaspersky Sandbox, Node won’t be
available for purchase.
The migration recommendation for customers using Kaspersky Sandbox, Node is to upgrade either to KEDR
Optimum or to KEDR Expert. For the exact sandbox technology scope offered by each of KEDR product please refer
to corresponding product materials at https://www.kaspersky.com/enterprise-security. Please be advised that if such
an upgrade is being done at the time of renewal, the customer is entitled to renewal pricing.
8 But not less than the minimum band available in the price-list

Anti Targeted Attack Platform
Product Product Level License objects Comments,
(description) and license limitations
count
Kaspersky Anti 1) Web traffic monitoring for up to 1

Targeted Attack Gbit/s throughput
Platform 2) Mail traffic monitoring for up to 2500
Standard mail users
3) 1 sandbox available
(KATA Standard)
4) Unlimited number of Central Nodes
and Network Sensors for traffic
monitoring
Kaspersky Anti 1) Web traffic monitoring between 1

Targeted Attack Gbit/s and 2 Gbit/s throughput
Advanced mail users
(KATA Advanced) 3) Up to 2 sandboxes available
4) Unlimited number of Central Nodes Instance
and Network Sensors for traffic 100%
monitoring
Kaspersky Anti 1) Web traffic monitoring between 2

Targeted Attack Gbit/s and 4 Gbit/s throughput
Enterprise mail users
3) Up to 3 sandboxes available
(KATA
4) Unlimited number of Central Nodes
Enterprise)
and Network Sensors for traffic
monitoring
Kaspersky Anti A software appliance installed for

Targeted Attack monitoring an additional number of
Platform mail users OR for supporting extra
Extension Module internet bandwidth for web traffic
monitoring OR for providing an
(KATA Extension
additional sandbox.
Module)
A separate module must be
purchased for each type of
functionality required
Mail users – the number of mailboxes to be monitored (through mail traffic monitoring).
Throughput – the total bandwidth of all customer Internet connections to be monitored. Where the customer
has two or more Internet connections, the total required bandwidth should be calculated in order to determine the
appropriate Kaspersky Anti Targeted Attack Platform level for purchase (Standard, Advanced, or Enterprise).
Kaspersky Anti Targeted Attack Platform Extension Module licensing
KATA Extension Module should be purchased in the following cases:
Current KATA (Standard, Advanced, or Enterprise) customer wants to extend mail traffic monitoring on
additional mail users – over 2500 existing ones. 1 KATA Extension Module should be offered to cover each
increment of a further 5000 mail users. Please refer to the table below.

Current KATA Enterprise customer wants to add internet bandwidth for web traffic monitoring – over 4 Gbit/s.
The customer is able to extend Internet traffic throughput in 2 Gbit/s increments. Meaning, 1 KATA Extension
Module should be offered to cover each extra 2 Gbit/s throughput.
Please be advised that KATA Standard/Advanced customers needing to accommodate additional traffic should
upgrade to a higher KATA product level. No KATA Extension Modules should be offered in order to cover
additional traffic for KATA Standard/Advanced customers.
Please refer to the table below.
Current KATA (Standard, Advanced, or Enterprise) customer wants to install an additional sandbox – over
the default number of sandboxes available for each KATA Platform product level. 1 KATA Extension Module
should be offered to cover each extra sandbox.
KATA Extension Module is also available as an add-on to Kaspersky Anti Targeted Attack Platform
Enterprise EDR Edition (please refer to Endpoint Detection and Response section for information on this
product).
Over 12500
KATA KATA KATA KATA
(1 Module for each
additional 5000
Extension Extension Extension Extension
Number of mail users
mail users) Module/s Module/s Module/s Module/s
KATA KATA KATA KATA

7500-12500 Extension Extension Extension Extension
Module Module Module Module/s
KATA KATA KATA KATA

2500-7500 Extension Extension Extension Extension
Module Module Module Module/s
KATA
KATA KATA KATA
Up to 2500 Extension
Standard Advanced Enterprise
Module/s
Over 4 Gbit/s
Between Between
(1 Module for
Up to 1 Gbit/s 1 Gbit/s and 2 Gbit/s and
each additional
2 Gbit/s 4 Gbit/s
2 Gbit/s)
Throughput
Please note that the purchase of a separate KATA Extension Module is necessary for each additional
functionality (extra mail users, additional throughput, additional sandbox). A customer requiring both 5,000 additional
mail users and 2 Gbit/s of extra traffic to KATA Enterprise, for example, must purchase 2 KATA Extension Modules,
1 module per each functionality required. A single KATA Extension Module can’t be used to cover both requirements.
For technical guidance regarding the actual number of KATA Extension Modules required please contact
ESIG@kaspersky.com.
Please be advised that the license term of KATA Extension Module add-on SKU should be consistent with
that of the initial order for the main KATA Platform product. For example, a customer who has purchased KATA
Standard for 2 years, and who 6 months later wants to add a KATA Extension Module to cover additional mail users
over 2,500, should be offered a 2-year add-on SKU for KATA Extension Module. This should then be co-termed with
the initial license for KATA Standard.

Upgrade policy for Kaspersky Anti Targeted Attack Platform
A customer can upgrade within the Kaspersky Anti Targeted Attack Platform product family (please see
below):
Kaspersky Anti Targeted Attack Platform Standard Kaspersky Anti Targeted Attack Platform Advanced
Kaspersky Anti Targeted Attack Platform Standard Kaspersky Anti Targeted Attack Platform Enterprise
Kaspersky Anti Targeted Attack Platform Advanced Kaspersky Anti Targeted Attack Platform Enterprise
Please note that upgrading within the KATA product family provides only extended internet bandwidth and
availability of additional sandboxes. The number of mail users is set at the same level of 2 500 for all product levels.
To add extra mail users, KATA Extension Module/s should be offered, as in the table above.
For technical guidance regarding the actual number of KATA Extension Modules required please contact
ESIG@kaspersky.com.
Examples of typical migration scenarios for existing Kaspersky Anti Targeted Attack Platform customers
Existing deal Renewal (default option)
Kaspersky Anti Targeted Attack Platform Standard Kaspersky Anti Targeted Attack Platform Standard
Kaspersky Anti Targeted Attack Platform Advanced Kaspersky Anti Targeted Attack Platform Standard
(<2500 mail users, <1Gbit/s)
Kaspersky Anti Targeted Attack Platform Advanced Kaspersky Anti Targeted Attack Platform Standard
(2500-5000 mail users, <1Gbit/s) +
1 KATA Extension Module Add-on (for additional mail users
over 2500)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Advanced
(<2500 mail users; <2Gbit/s)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Advanced
(2500-7500 mail users; <2Gbit/s) +
over 2500)
Kaspersky Anti Targeted Attack Platform Enterprise Kaspersky Anti Targeted Attack Platform Enterprise
(<2500 mail users; 2–4 Gbit/s)
(2500-7500 mail users; 2–4 Gbit/s) +
over 2500)
(7500-12500 mailbox users; 2–4 Gbit/s) +
2 KATA Extension Module Add-ons (for additional mail users
over 2500, 1 module per each additional 5000 mail users)
For recommendations on the best migration scenarios for existing Kaspersky Anti Targeted Attack Platform
customers, please contact ESIG@kaspersky.com.

Endpoint Detection and Response
Kaspersky Endpoint Detection and Response is an agent-based security product for enterprise customers.
The product can be sold as a stand-alone solution or as an add-on product to existing KATA products.
Kaspersky Endpoint Detection and Node KEDR requires

Response Standard Edition 100% consolidation.
(KEDR Standard Edition) (unlimited number of Central Nodes9 Kaspersky will not process
are available) orders from 1 customer that
are split across KEDR
Kaspersky Endpoint Detection and Node Standard and Advanced
Response Advanced Edition 100% Editions
(KEDR Advanced Edition) (unlimited number of Central Nodes10 Please be informed that
and 1 Sandbox are available) these products are currently
under end-of-sales process
Kaspersky Anti Targeted Attack Node KEDR requires

Platform EDR Agent 100% consolidation
(KATA EDR Agent)
Number of KEDR licenses required
The number of KEDR Standard / Advanced Edition and KATA EDR Agent licenses required is calculated
based on the total number of nodes (workstations, laptops and servers) due to be protected. This number may be less
than the overall number of nodes in the organization. Also, it should not necessarily be equal to the number of nodes
protected by Kaspersky Endpoint Security.
Licensing of KATA EDR Agent
The KATA EDR Agent is not sold as a stand-alone product. It can be purchased in addition to the KATA
Platform product line (Standard, Advanced, or Enterprise) and to Kaspersky Anti Targeted Attack Platform Enterprise
EDR Edition (please see product information below).
Please note that there is no need to install an additional Central Node to manage KATA EDR agents and/or
Sandbox. KATA Central Node and Sandbox can be used for this purpose.
9 A Central Node has a limitation of the number of nodes under its management – the maximum number is 10 000
nodes. If the number of nodes exceeds 10 000, additional Central Node/s should be installed accordingly.
10 A Central Node has a limitation of the number of nodes under its management – the maximum number is 10 000
nodes. If the number of nodes exceeds 10 000, additional Central Node/s should be installed accordingly.

Product Product Level License Comments,
(description) objects and limitations
license count
Kaspersky Anti Targeted 1) Web traffic monitoring for up to Instance

Attack Platform Enterprise 4 Gbit/s throughput 100%
EDR Edition 2) Mail traffic monitoring for up to
(KATA Enterprise EDR) 10 000 mail users
3) Up to 5 Sandboxes available
available for all regions,
4) EDR functionality for up to
excl. Russia and STAN
region 10 000 nodes (workstations,
laptops, servers)
Kaspersky Anti Targeted 1) Web traffic monitoring for up to Instance

Attack Platform Advanced 1 Gbit/s throughput 100%
EDR Edition 2) Mail traffic monitoring for up to
(KATA Advanced EDR) 5 000 mail users
3) Up to 2 Sandboxes available
available for Russia and 4) EDR functionality for up to 5 000
STAN region only
nodes (workstations, laptops,
servers)
Upgrade and renewal policy for KEDR
Customer can upgrade from KEDR Standard Edition to KEDR Advanced Edition. Please note that if upgrade
is being done at the time of renewal, the customer is entitled to renewal pricing.
Renewal from KEDR Standard / Advanced Edition to KATA Enterprise EDR is allowed (for customers with no
more than 10 000 protected nodes).
Renewal from KATA Enterprise EDR to KATA Platform Advanced or Enterprise purchased together with KATA
EDR Agent is allowed. Please note that in this case the additional purchase of KATA Extension Module/s may be
necessary.
contact ESIG@kaspersky.com.
For examples of KEDR licensing options basing on specific customer cases please refer to Appendix 5.

Hybrid Cloud Security
Kaspersky Hybrid Cloud Security (KHCS) is a set of products designed to protect multi-cloud workloads,
including private data center, managed hosting, and public clouds. Customer can use these products to protect virtual
infrastructure together with physical servers and public cloud instances. Kaspersky Hybrid Cloud Security is offered in
Standard and Enterprise editions.
Kaspersky Hybrid Cloud Security Standard Edition
Kaspersky Hybrid Cloud Workstation KHCS Standard Edition requires

Security, Desktop 100% consolidation
(the total number of physical workstations with
(KHCS Dt)
the maximum total number of virtual desktops
that might be created and used, both persistent
and non-persistent, should be taken into account
in order to determine the total number of
licenses purchased)
Kaspersky Hybrid Cloud Server

Security, Server 100%
(the total number of physical servers together
(KHCS SVR)
with the maximum total number of virtual servers
that might be created and used, both persistent
and non-persistent, should be taken into account
in order to determine the total number of
licenses purchased)
Kaspersky Hybrid Cloud CPU

Security, CPU 100%
(the total number of physical CPUs installed
(KHCS, CPU)
inside each host/ hypervisor running protected
virtual machines should be calculated for
determining number of licenses required)
Kaspersky Hybrid Cloud Security Standard Edition is the successor of Kaspersky Security for Virtualization
(KSV). So current customers can renew KSV to KHCS Standard Edition. The renewal with the KHCS product should
be processed within the same licensing model as per the initial KSV deal (e.g., KSV Dt renewed to KHCS Dt). Full
migration to different licensing model is possible at the time of renewal as well.
For customers that require up-sell for the effective license of KSV, additional licenses of KHCS Standard
Edition can be sold. The up-sell with the KHCS product should be processed within the same licensing model as per
the initial KSV deal.
The renewing and up-selling from KSV, Core to KHCS, CPU should be processed based on the exact
number of CPUs to be protected. Please note that for renewal deals we also suggest to take into consideration the
amount previously paid by the customer and to calculate renewal deal amount in accordance with it.
Kaspersky Hybrid Cloud Security, Desktop covers migration scenario from physical desktops to virtual
desktop infrastructure (VDI). Thus, current KESB - Select customers may renew KESB - Select to KHCS Dt. Current
KESB - Advanced and Total customers may renew to KHCS Dt, but there will be a loss of functionality (i.e., such
functionality as Vulnerability Assessment and Patch Management, SIEM connectors and such) and therefore is not
recommended.

Kaspersky Hybrid Cloud Security Enterprise Edition
Kaspersky Hybrid Workstation KHCS Enterprise Edition

Cloud Security 100% requires consolidation
Enterprise, (the total number of physical workstations with the
Desktop maximum total number of virtual desktops that might be
created and used, both persistent and non-persistent,
(KHCS Enterprise,
should be taken into account in order to determine the
Dt)
total number of licenses purchased)
Kaspersky Hybrid Server

Cloud Security 100%
Enterprise, Server (the total number of physical servers together with the
maximum total number of virtual servers that might be
(KHCS Enterprise,
created and used, both persistent and non-persistent,
SVR)
should be taken into account in order to determine the
total number of licenses purchased)
+
SM-Node
100%
Kaspersky Hybrid CPU

Cloud Security 100%
Enterprise, CPU (the total number of physical CPUs installed inside each
host/ hypervisor running protected virtual machines should
(KHCS Enterprise,
be calculated for determining number of licenses required)
CPU)
+
SM-Node
100%
Current customers can renew KSV to KHCS Enterprise Edition. The renewal with the KHCS Enterprise
product should be processed within the same licensing model as per the initial KSV deal (e.g., KSV SVR renewed to
KHCS Enterprise, SVR). Full migration to different licensing model is possible at the time of renewal as well. The
renewing to KHCS Enterprise, CPU should be processed based on the exact number of CPUs to be protected.
Kaspersky Hybrid Cloud Security Enterprise, Desktop covers migration scenario from physical
desktops to VDI. Thus current KESB (all editions) customers may renew KESB - Select, - Advanced or Total to KHCS
Enterprise, Dt.
Mixing licensing models of KHCS products (within one product edition – Standard or Enterprise)
Mixing per workload (physical servers, virtual servers, and virtual desktops) licensing model and per CPU
licensing model is allowed in case each licensing model is deployed in a separate infrastructure (e.g., activating CPU
licenses on virtualization platforms and Server/Desktop on physical or cloud workloads).
Mixing licenses of KHCS Standard and Enterprise products
Mixing Server KHCS Standard and Enterprise licenses requires approval from product management.
Mixing Desktop KHCS Standard and Enterprise licenses requires approval from product management.
Any edition of KHCS Desktop may be purchased along with any edition of KHCS Server and does not require
an additional approval.
Mixing CPU KHCS Standard and Enterprise licenses requires approval from product management.

Renewal policy for KHCS products
A customer is entitled to renewal pricing while renewing:
• from KHCS Standard to KHCS Enterprise and vice versa.

• from any edition of KESB to any edition of KHCS. Please note that a migration from KESB - Advanced or Total
to a Standard edition of KHCS (that is KHCS Dt or KHCS Server) will result in losing some product functionality,
such as Vulnerability assessment & Patch Management, SIEM connectors etc. This has to be made known to
the customer and an explicitly confirmed that the customer understands the result of such downgrade. In
general, this scenario is not recommended.
Migration to different licensing model at the time of renewal is allowed. Renewal license type can be used for
this purpose.
Upgrade policy for KHCS products
Kaspersky Hybrid Cloud Security Desktop Kaspersky Hybrid Cloud Security Enterprise, Desktop
Kaspersky Hybrid Cloud Security, Server Kaspersky Hybrid Cloud Security Enterprise, Server
Kaspersky Hybrid Cloud Security, CPU Kaspersky Hybrid Cloud Security Enterprise, CPU
Kaspersky Endpoint Security for Business - Select Kaspersky Hybrid Cloud Security, Desktop
Kaspersky Endpoint Security for Business - Advanced Kaspersky Hybrid Cloud Security Enterprise, Desktop
contact Global Presales team.
For examples of KHCS licensing options basing on specific customer cases please refer to Appendix 6.

Vulnerability and Patch Management Security
Product License objects Comments, limitations
and license count
Kaspersky Vulnerability and Patch Node The product requires consolidation

Management 100%
Add-on SKUs for KVPM (with special pricing)
(KVPM)
can’t be purchased as stand-alone. They can be
purchased only in addition to effective licenses
of any KESB product (Select, Advanced, or
Total)
Please be informed that the product is currently
Kaspersky Vulnerability and Patch Management is the successor of Kaspersky Systems Management. So
current customers of Kaspersky Systems Management can renew to Kaspersky Vulnerability and Patch Management.
For customers that require up-sell for the effective license of Kaspersky Systems Management, additional
licenses of Kaspersky Vulnerability and Patch Management can be sold.
Encryption for Endpoint

license count
Kaspersky Encryption for Node Kaspersky Encryption for Endpoint is not sold as a
Endpoint 100% stand-alone product. It can be purchased only in
addition to Kaspersky Endpoint Security for
Business – Select
Please be informed that the product is currently

Mail and Gateway Security
license count
Kaspersky Mail user (i.e., mail Add-on SKUs can’t be purchased as stand-alone. They can be
Security for Mail boxes/addresses under purchased only in addition to:
Server mail server, mail • Kaspersky Endpoint Security for Business – Select,
gateway) • Kaspersky Endpoint Security for Business – Advanced,
100%
(150% for Add-on • Kaspersky Endpoint Detection and Response Optimum11,
SKUs)
• Kaspersky Hybrid Cloud Security, Desktop,
Kaspersky Node (i.e., nodes under • Kaspersky Hybrid Cloud Security Enterprise, Desktop,
Security for Internet gateway) • Kaspersky Optimum Security12.
Internet Gateway 100%
Mail protection functionality requires consolidation.
(110% for Add-on
SKUs) Gateway protection functionality requires consolidation.
Kaspersky Mailbox The product requires consolidation. Otherwise, creating of a

Security for 100% separate workspace will be required.
Microsoft Office
365
Licensing of Kaspersky Security for Microsoft Office 365
Kaspersky Security for Microsoft Office 365 (KS for Office 365) provides protection for Microsoft Office 365
services (Exchange Online, OneDrive, etc.).
In general, the number of KS for Office 365 licenses required is calculated based on the total number of
mailboxes to be protected. Please be advised that by buying N licenses of KS for Office 365, the customer will be able
to protect N mailboxes (licensed by Office 365), unlimited number of unlicensed mailboxes (e.g., Shared mailboxes)
and N users of OneDrive.
Please note that the purchase of KS for Office 365 is necessary even if a customer is using fewer that all
Microsoft Office 365 services (for example, the customer is using OneDrive only). The number of licenses required is
calculated based on the maximum number of customer’s users connected to the service/s used.
Renewal, migration, cross-sell and upgrade policy for KS for Office 365
A customer is entitled to renewal pricing while renewing from Kaspersky Security for Mail Server (purchased
either as a stand-alone product or as add-on to KESB) to KS for Office 365.
11Please note that EDR Optimum functionality does not cover email or web traffic from gateways.
12Please note that MDR Optimum and EDR Optimum functionality does not cover email or web traffic from
gateways.

Renewal from KS for Office 365 to Kaspersky Security for Mail (KS for Mail Server) is allowed.
Customers with effective licenses of KS for Mail Server can migrate to KS for Office 365 and get KS for Mail
Server remaining value back (if applicable).
Cross-sell of KS for Mail Server and KS for Office 365 is available in case customers use both the on-premises
and online versions of Exchange in their infrastructure to protect mailboxes.
The upgrade from KS for Office 365 to any of Kaspersky products or vice versa is NOT allowed.
Technical specifics of migration to KS for Office 365
Technical migration from KS for Mail Server to KS for Office 365 requires re-setup of the entire customer’s
infrastructure in KS for Office 365 console. Please note that migration to KS for Office 365 is possible only if customer’s
mailboxes are also migrated to Microsoft Office 365.
Storage Security
Kaspersky Security User

for Storage, User 100%
(the number of unique users connected to all File servers
or Storages that will be protected should be counted in
order to determine the total number of licenses purchased)
Kaspersky Security Server

for Storage, Server 100%
(the number of protection servers with Kaspersky anti-
malware software installed on them
should be counted in order to determine the total number
of licenses purchased)
For technical details to choose between two licensing models for Kaspersky Security for Storage please refer to Sizing
recommendations (the document is available on per request to Global Presales team).
Embedded Systems Security

license count
Kaspersky Embedded Systems Node (i.e., ATM/POS Kaspersky will not process orders from 1
Security devices) customer that are split across 2 Kaspersky
100% Embedded Systems Security products
(KESS)
Kaspersky Embedded Systems

Security Compliance Edition

Private Security Network
count
Kaspersky Private Security Network, Standard Instance

(KPSN Standard) 100%
User limit of the product is up to 50 000 users (herein 1 instance includes 1

full package of KPSN services
Kaspersky Private Security Network, Advanced provided)
(KPSN Advanced)
User limit of the product is up to 500 000 users +

+ Extra product functionality (e.g., high availability,
MSP support, local reputation databases etc.)
The general migration recommendation for current customers using Kaspersky Private Security Network is
to offer Kaspersky Private Security Network, Advanced.
Research Sandbox
Kaspersky Research Sandbox Queries per day Each protection server with
100% Kaspersky Research Sandbox
software installed on it requires a
separate Research Sandbox
license pack
Kaspersky Research Sandbox is licensed by the maximum number of queries that customer is going to make
per day.
Please note that if Research Sandbox product is going to be installed on more than one server (e.g., needs to
be deployed in several network segments or in different geolocations) than a customer should purchase a separate
Research Sandbox license pack per each server.
The number of Kaspersky Research Sandbox licenses sold per each server may not be necessarily equal
to each other. For example, the customer can purchase a license pack of Research Sandbox for 100-Queries per day
for one server, and a license pack of Research Sandbox for 250-Queries per day for its other server.
Please be advised that Kaspersky Research Sandbox does not require Kaspersky Private Security Network
product (KPSN) to be in operation. However, integration with KPSN is highly recommended, since KPSN
significantly increases the detection rate of Research Sandbox by providing global reputational data. In case KPSN
product is requested by a customer, it must be purchased separately as KPSN functionality is not included in Research
Sandbox license pack.

Threat Attribution Engine
Kaspersky Threat Attribution Engine Queries per day

100%
CyberTrace
Kaspersky CyberTrace: TIP Instance

Enterprise 100%
xSP
Product License object and license count Comments, limitations
Kaspersky Anti-Virus for xSP Traffic within Mail systems / Internet

gateways per day
Kaspersky Security for xSP
For cases when daily licensed traffic volume has been exceeded or not completely used, please refer to
Appendix 7.

Premium Technical Support
Please note that the scheme described below is available for those regions that have the corresponding
commercial SKU set in the price-list effective for this sales territory.
There are 4 levels of Kaspersky technical support (applicable to B2B products only):
• Standard support. It is provided for any commercial license for a particular B2B product (excluding license
types that specifically identify the support level that is different from Standard, e.g., “Plus”). The scope of this
support can be found at https://support.kaspersky.com.
• Premium support tier 1 is included in “Plus” license types (Base Plus, Renewal Plus, Successive Plus) for a
particular list of products13.
• Premium support tier 2 is sold as a separate service Kaspersky Enhanced Support that can be purchased in
addition to “ Plus” license type for a particular product only.
• Premium support tier 3 is sold as a separate service Kaspersky Enhanced Support with TAM that can be
purchased in addition to “Plus” license type for a particular product only.
For detailed information regarding Kaspersky premium technical support levels please refer to
https://support.kaspersky.com.
Customers who want to get premium support tier 1 for the products should purchase Base Plus, Renewal Plus
or Successive Plus license types for these products14.
Mixing licenses with Standard support and Premium support
Pease be advised that mixing licenses with Standard support included and licenses with “Plus” (i.e., tier
1) support included for the same product is not allowed. In such cases the customer will get Standard support for
all the licenses purchased.
However, the customer can mix different products with different support levels attributed for each product. For
example, if a customer is purchasing KESB-Select and Hybrid Cloud Security products and wants premium support
tier 1 for KESB-Select only, then he should purchase “Plus” license for KESB-Select only. For Hybrid Cloud Security
products, the customer can purchase licenses with Standard support included.
Add-on, upgrade, up-sell and renewal licensing
Please note that “Plus” license types are not available as add-on licenses. Support level for add-on licenses
will be set in accordance with the support level provided for the main product. For example, if a customer is purchasing
KESB-Advanced licenses with premium support tier 1 together with EDR Optimum add-on licenses, than EDR
Optimum add-on product will get premium support tier 1 as well.
A customer that has effective product licenses with Standard support included can upgrade them to product
licenses with “Plus” support included (in case they are available in the price-list). If upgrade is being done at the time
13 For commercial availability of “Plus” license types for a specific list of products please refer to regional price-lists
14 For commercial availability of “Plus” license types for a specific list of products please refer to regional price-lists

of renewal, the customer is entitled to renewal pricing. Please be advised that the upgrade scenario is valid in case
the customer is swapping “Standard” licenses to “Plus” licenses for the same product.
Please be advised that if a customer wants to purchase product licenses with “Plus” support included as an
up-sell to effective licenses with Standard support for the same product than the customer should upgrade all its
current product licenses to “Plus” ones. In case of any questions on such upgrade scenario please contact
msa@kaspersky.com.
Please be informed that Kaspersky Enhanced Support and Kaspersky Enhanced Support with TAM can
be purchased only in addition to product licenses with “Plus” support included. If a customer has product licenses
with Standard support included and wants to get Kaspersky Enhanced Support with TAM, he should first upgrade its
product licenses with Standard support to product licenses with “Plus” support included. And afterwards he can
purchase a certificate for Kaspersky Enhanced Support with TAM.
Pease be advised that in case the customer has a set of Kaspersky products with “Plus” support included,
there is no need to purchase Enhanced Support certificates for each product separately. The customer can purchase
1 certificate of premium support tier required (Enhanced Support or Kaspersky Enhanced Support with TAM) for the
whole set of products so to get the required technical support level for these products. For example, a customer has
KESB-Select, Hybrid Cloud Security and Storage Security products (all of them with premium support tier 1 included)
and wants premium support tier 3 for all of these products, then he should purchase 1 certificate for Kaspersky
Enhanced Support with TAM. That will be enough to upgrade support level for all products customer has. It is
recommended to align expiration date of the certificate with the product license which expiration date is being last to
occur.
The customer can upgrade from Kaspersky Enhanced Support to Kaspersky Enhanced Support with TAM.
For detailed information regarding matching previous technical support model to the current one please refer
to https://support.kaspersky.com/corporate/msa_bundled.
In case of any questions on migrating current customers to the new premium support model please contact
msa@kaspersky.com or eos@kasperksy.com.
Please be informed that for certain product-lines separate MSA levels are offered. Please see below.
For Kaspersky Anti Targeted Attack Platform and Kaspersky Endpoint Detection and Response
(Standard and Advanced Edition) the following MSA levels are offered:
• Kaspersky Maintenance Service Agreement for Kaspersky Anti Targeted Attack Platform (priority technical 24/7
support service),
• Security Account Manager for Kaspersky Anti Targeted Attack Platform (priority technical 24/7 support service +
dedicated Security Account Manager).
For Kaspersky Threat Intelligence product line:
• Kaspersky Maintenance Service Agreement for Threat Intelligence (priority 24\7 technical support service +
dedicated Security Account Manager).
For Kaspersky Industrial CyberSecurity product line:
• Kaspersky Industrial CyberSecurity Maintenance Service Agreement, Start,

• Kaspersky Industrial CyberSecurity Maintenance Service Agreement, Enterprise,
• Kaspersky Industrial CyberSecurity Maintenance Service Agreement, Executive.

For Kaspersky Fraud Prevention product line:
• Maintenance Service Agreement for Kaspersky Fraud Prevention.

For detailed information regarding the Kaspersky MSA levels please refer to https://msa.kaspersky.com.

End-of-Sales Products. Migration guidelines
Kaspersky Endpoint Security Cloud (per node licensing model)
Kaspersky Endpoint Security Cloud, Kaspersky Endpoint Security Cloud Plus or Kaspersky Endpoint Security
Cloud Pro (per user licensing model) are the successors of Kaspersky Endpoint Security Cloud (per node licensing
model). So current customers can renew to KES Cloud per user products.
Customers that require up-sell for the effective license of KES Cloud per node should be offered a full trade-
in migration to the new KES Cloud per user product/s. It is also recommended to offer to such customers an early
renewal to KES Cloud per user product/s (if applicable). Please be advised that in case the licenses of KES Cloud
per user are sold in addition to the effective licenses of KES Cloud per node, two separate workspaces under same
account are required to manage different KES Cloud products. No consolidation will be performed for different KES
Cloud products in this case as well.
Kaspersky Security for Mobile
The default migration recommendation for customers using Kaspersky Security for Mobile is to offer
Kaspersky Endpoint Security for Business – Select.
Also the customer can be offered an upgrade to Kaspersky Endpoint Security for Business – Advanced or to
Kaspersky Total Security for Business.
Additional migration recommendation is to switch the customer to Kaspersky Endpoint Security Cloud
product/s. Please note that such migration scenario requires re-deployment and re-setup of the entire customer’s
infrastructure. The recommendation for renewing Kaspersky Security for Mobile (per mobile device) to KES Cloud (per
user) is to offer 1 user license per 1 mobile device license.
Please be advised that if migration is being done at the time of renewal, the customer is entitled to renewal
pricing (applicable to all migration options listed above, including upgrade).
Kaspersky Security for File Server
The default migration recommendation for customers using Kaspersky Security for File Server is to offer
Kaspersky Hybrid Cloud Security Enterprise, Server.
Also the customers can migrate to:
• Kaspersky Hybrid Cloud Security, Server,

• Kaspersky Total Security for Business.
In these cases the customer will get the reduced product functionality with regards to File Server security.
Please be advised that if migration is being done at the time of renewal, the customer is entitled to renewal
pricing (applicable to all migration options listed above).

Kaspersky Security for Collaboration
No migration options are offered for this product.
In order to provide smooth removal of the product from the market, 1-year renewals will be available on per
request basis under special approval procedure. For detailed information please contact eos@kaspersky.com.
Kaspersky Anti-Spam for xSP
No migration options are offered for this product.
Kaspersky Endpoint Detection and Response (Standard, Advanced editions)
Please be informed that only renewal licenses are available for purchase for Kaspersky Endpoint Detection
and Response products (Standard, Advanced editions) till the end-of-life date for these products. The renewing can
be processed for the exact number of nodes a customer wants to protect. For the valid end-of-Life date please refer
to https://support.kaspersky.com/corporate/lifecycle.
After the end-of-life date Kaspersky Endpoint Detection and Response products (Standard, Advanced
editions) won’t be available for purchase. The customers should migrate to Kaspersky Endpoint Detection and
Response Expert.
Customers that require up-sell for the effective license of Kaspersky Endpoint Detection and Response
(Standard, Advanced editions) should be offered a full trade-in migration to Kaspersky Endpoint Detection and
Response Expert.
In case of any questions regarding migration issues, please contact eos@kaspersky.com.
Please contact eos@kaspersky.com in case of any questions concerned each product recently discontinued.

Additional licensing procedures
Renewal guidelines
Renewal is a resuming of end-user right to use the product purchased previously. In case the product
previously purchased is discontinued at the time of renewal, the customer is entitled to renew to the other product/s in
accordance with the migration guidelines.
Please be advised that Vendor reserves the right to verify the eligibility of issuing a renewal license (e.g., by
checking prior license key file/activation code information, prior license certificate etc.).
The end-user is entitled to renew a product:
• before the previous license is expired (early renewal) or

• after the expiration date of the previous license (late renewal).
Early renewals Late renewals
The customer can buy a renewal Late renewals of consumer products can
license before the current one is expired. The be placed without any limitations on a time period
activation code/key file of the renewal license past from the date of expiration of the previous
Consumer should be activated right after an expiration of license.
the initial license.
products
Early renewal is available if 90 or less The right of a client to place a late renewal
days are left prior to the expiration of a is limited by 60 days past from the date of
previous license. No approvals are required expiration of the previous license. At the end of this
for processing this early renewal. All other time period the product is no longer offered on
Corporate
requests should be approved by Vendor. conditions of renewal. License can be purchased
products Please contact Kaspersky local office for only at full price without renewal discounts. Any
details. extension of the late renewal “window” should be
approved by Vendor. Please contact Kaspersky
local office for details.
Public sector, governmental and/or educational licensing

Please be advised that public sector, governmental and/or educational licensing is applicable to B2B products
only and is effective if Public Sector/Governmental/Educational licenses are available in a regional price-list.
Governmental organizations include governmental, quasi or semi-governmental, statutory or other

administrative, public, fiscal or judicial bodies or state organs, organizations, authorities, tribunals, commissions,
entities, non-profit organizations, charitable foundation or religious organizations. These organizations are established
under law or statute administered by national or local government in the country where the Kaspersky price list is valid.
The foregoing does not include any state or governmental body, corporate, organization or entity or any institution or
establishment (with more than 50% share of commercial organizations) whose activities or business in the ordinary
course of business are conducted for profit and any educational institution or establishment.

Educational institutions are defined as any institution or educational facility for the enrolment of students
nationally recognized and accredited by the relevant state ministry in the country (non-profit organization).
Public sector license can be offered as a generic license for both types of institutions, governmental and
educational.
Cross-grade licensing
Please be advised that cross-grade licensing is applicable to B2B products only and is effective if cross-grade
licenses are available in a regional price-list.
Cross-grade licensing is available for the same type of competitor’s corporate anti-malware software products
and the same license quantity, which are specified in the end-user’s license agreement with the vendor of this product
to be replaced with Kaspersky product.
Trial licenses of competitor’s product are not accepted for cross-grade licensing.
Cross-grade license is available for purchase during the effective period of end user license agreement with
any vendor of anti-malware software product and within definite period after this end user license agreement expiration.
For additional regional specifics and practice in cross-grade policy please refer to Addendum to General
Licensing Principles.
After Kaspersky cross-grade license is expired customer should be sold renewal license, not cross-grade.
Local offices reserve the right to check and verify the correctness of selling cross-grade licenses to customers.
Please contact Kaspersky local office for any regional specifics of cross-grade procedures.
Upgrade/Trade-in deals (applicable to B2B products only)

Trade-in is a type of a deal that has the following characteristics:
• A customer is swapping a product/s purchasing earlier to the other product/s, or a customer is swapping license
types for the same product while upgrading the level of technical support for this product.
• This product/support switch can done during the effective license period of the product/s purchased initially.
Operationally wise, in this case the swap is processed in a form of a trade-in discount applied to the order/s of
the new product/support level.
• The customer is able to swap a product/support level purchasing earlier to the other product/support level at the
time of renewal as well. Generally speaking, in this case a customer is entitled for renewal pricing 15. Please be
advised that no trade-in discount is applicable to product switch at the time of renewal.
15Renewal pricing herein refers to all customer types incorporating such pricing offer (e.g., Governmental Renewal,
Educational Renewal, etc.).

Upgrade – is a subcase of a trade-in deal that implies swapping to a product with wider platform support/wider
functionality as compared to the current one.
The actual list of valid trade-in and upgrade product swapping scenarios can be found in this document. Valid
migration scenarios stated in the document can be processed as trade-in deal. Please note this list of these
product/support swapping scenarios is a subject to change as per product marketing and management decision.
The license types used in trade-in order/s should be consistent with the license types of the initial orders. For
example, if the customer has purchased previously licenses at educational renewal pricing, it is entitled to get the
same pricing offer (i.e., educational renewal) for the new product/s. Please note that the customer can be also offered
Base pricing for the upgrade deal if this is an established sales practice in a regional market.
The exception concerns Add-on16 license types since not all products under trade-in scenarios are intended
to offer add-on pricing. In case the customer is going to swap Add-on licenses and the trade-in product does not has
Add-on licenses, it is recommended to align the swap with the license type of the main product purchased. For
example, a customer purchased KESB-Select Renewal licenses + KS for Mail Server Add-on licenses. Now it wants
to shift from KS for Mail Server to KS for Microsoft Office 365. The licenses for KS for Microsoft Office 365 should be
offered at renewal pricing.
The upgrade license type (if available in a price-list) is applicable to upgrades at the time of renewal only. This
case is mainly relevant for the deals when a customer is renewing+upgrading its Base licenses.
With regard to the license term of trade-in product, the order for it can be either co-termed with the licenses
that are being swapped (in case the customer asks for this), or be processed for any option of the full license period
available in the price-list (1, 2, 3 years).
As for the quantity of licenses for trade-in product, generally, it should be either equal or exceed the license
quantity of the product being swapped (in case licensing models of the products included in the trade-in deal are the
same). The price for the trade-in product should be taken from the band consistent with the actual license quantity to
be ordered.
Please be advised that for some trade-in paths the partial migration is available. Partial migration means that
the customer switches only part of its licenses initially purchased to the new ones, remaining the other part of initial
licenses as effective ones. The order for trade-in product should be co-termed with the initial order. Volume discount
is not applied to trade-in product. Specifically, it is not allowed to use band from the initial order in the trade-in order.
The price for the trade-in product should be taken from the band consistent with the actual license quantity to be
ordered.
16 Add-on is a license for associated purchases of products (for products under special incentive program, for
products that can’t be sold as standalone etc.). Add-on license can be issued only in association to the effective
license for the main product. E.g., KS for Mail Server Add-on license can be purchased if a customer has effective
license for the main product (KESB-Select, KESB-Advanced or KTSB)

Up-sell deals (applicable to B2B products only)
Up-sell is a purchasing of additional licenses of a product initially bought.
Minimum up-sell order quantity for corporate products is 5 licenses (or 1 license pack for 5 workstations for
KSOS product). The only exception concerns products with the starting band – 1 license. (e.g., KS for Storage, Server,
KHCS, CPU, KPSN products etc.). For these products the minimum up-sell order quantity is 1 license.
Please note that band selection rules should be followed while processing up-sell deals (see the rules
hereinafter). In case there were one-time discounts or special time-limited marketing actions that influenced the price
of the original order, such price conditions are not effective for additional purchase.
Basically, the license type used in up-sell order/s should be consistent with the license type of the initial order.
For example, if the customer has purchased previously licenses at educational pricing, it is entitled to get the same
pricing offer (i.e., educational) for the additional licenses. Please be advised that in case of up-sell at the time of
renewal it is allowed to purchase the total number of licenses (i.e., licenses previously purchased and to be renewed
+ additional licenses) at renewal pricing. Please note that the customer can be also offered Base pricing for the up-
sell/additional licenses if this is an established sales practice in a regional market.
The license term used in up-sell order/s should be consistent with the license term of the initial order. Please
note that a customer can be also offered pricing for the shorter license term (which means that the customer is paying
higher price per 1 year TCO17 that it has paid initially) for the up-sell/additional licenses if this is an established sales
practice in a regional market. Please be advised that such up-sell licenses (with non-consistent license term) should
not be extended in its term, only decreasing of SKU term is allowed. For example, initial order has 3-year SKU term.
Upsell takes place while 15 months are left prior to expiration date. There are 2 available options:
• Option 1 – consistent license term, i.e., 3-year SKU with term discount.
• Option 2 – shorter license term, i.e., 2-year SKU with term discount (only if this is an established sales practice
in regional market).
The use of 1 Year SKU in this example is not allowed because the upsell term may not exceed the SKU term.
Please be advised that the instructions mentioned above (i.e., on choosing license type and license term) is
also applicable to corresponding cases of add-on sales scenarios stated in the policy (e.g., MDR add-on to KESB).
Band selection in case of additional (up-sell) orders and down-sell orders

The default scenario of selling additional licenses is to purchase them from the pricing band comprising the
actual license quantity to be purchased. This scenario requires no approvals.
The second valid scenario is to purchase additional licenses from the pricing band corresponding to the
number of licenses of Kaspersky product the customer has and/or is planning to purchase. Please be advised that
Vendor reserves the right to check and verify the eligibility of such deals. Please contact Kaspersky local office for
details.
17 TCO stands for Total Cost of Ownership

Down-sell (decreasing quantity of the licenses purchased) is not allowed during the effective term of the
licenses originally purchased. Upon expiration of the licenses, a customer is able to renew less of them. Renewal price
is taken from the band comprising the actual license quantity to be renewed (not from the original order band). If there
were one-time discounts or special time-limited marketing actions that influenced the price of the original order, such
price conditions are not effective for renewal purchase.
Band selection for “splitted” purchases

The following deals can be qualified as “splitted”:
• purchase plan for a group of companies. These entities should not be necessarily affiliated legally;
• purchase plan for 1 customer.
This purchase plan should include information regarding the total number of licenses to be purchased by the
customer/s for each product sold, the timeframe of the purchase/s as well as the pricing level agreed per each product.
Each purchase within this plan can be arranged through pricing band that is consistent with the pricing level agreed.
All such deals require approval by Vendor. Please contact Kaspersky local office for details.
Grace period
Grace period is a timeframe added to the license term for installation purposes on customer’s side. The default
grace period for all initial licenses is 15 days18, for renewal licenses is 0 days. Any request of changing the grace
period should be approved by Vendor. Please contact Kaspersky local office for details.
18Please be informed that for regions with grace period set-up for initial licenses shorter than 15 days their current
set-up remain intact

Appendix 1. Reference list of Kaspersky license types (as SKU attribute)
Code LicenseType Name Description
A Base Premium license for initial purchase (with Premium technical support incl.)
Public Sector license for repeated purchase of the same product by non-profit public organizations
D Renewal
E Educational license for initial purchase by educational organizations
G Successive initial purchase of subscription
license for associated purchases of products (for products under special incentive program, for products that can’t
H Add-on be sold as standalone etc.)
Cross-Grade special license offer to the client in order to transfer it from competitors product to Kaspersky product (with Premium
K Premium technical support incl.)
L Renewal Premium license for repeated purchase of the same product (with Premium technical support incl.)
Educational Renewal license for repeated purchase of the same product by educational organizations (with Premium technical support
M Premium incl.)
Not For Resale license – a free license intended to be provided to partners to enable them to use Kaspersky
N NFR products. It is also used for promo, trade shows, product knowledge trainings, industry-, press- and other events
O Educational Premium license for initial purchase by educational organizations (with Premium technical support incl.)
P Public Sector license for initial purchase by non-profit public organizations
Q Educational Renewal license for repeated purchase of the same product by educational organizations
R Renewal license for repeated purchase of the same product that resumes the end-user’s right to use this product
S Base license for initial purchase
a free license issued for a short period for evaluation purposes

This type of license can be installed on the computer only once. No possibility to install a second trial license of the
T Trial same application (over previously installed trial license)
U Upgrade purchase of a product with wider quantity of applications/wider functionality that will replace current one
W Cross-grade special license offer to a client in order to transfer it from competitors product to Kaspersky product
For regional specific naming of license types please refer to Addendum to General Licensing Principles.

Appendix 2. Description of calculation of quantity of KSOS licenses
required
Example 1:
A Company has 7 desktops and 5 mobile devices. It needs to protect them all.
The Company should be offered 7 licenses of KSOS or 1 license pack of KSOS per 7 desktops/7 mobile
devices/1 file server/7 users. Thus the customer will be able to protect up to 7 desktops, up to 7 mobile devices,
1 file server and to provide password manager up to 7 users.
Example 2:
A Company has 6 desktops, 6 mobile devices and 1 file server. It needs to protect them all.
Example 3:
A Company has 5 desktops and 7 mobile devices. It needs to protect them all.
Example 4:
A Company has 12 desktops and 2 file servers. It needs to protect them all.
The Company should be offered 2 license packs of KSOS per 6 desktops/6 mobile devices/1 file server/6 users
or 2 sets of 6 licenses of KSOS each. Thus the customer will be able to protect up to 12 desktops, up to 12 mobile
devices, up to 2 file servers and to provide password manager up to 12 users.
or as possible workaround in case the customer wants 1 activation code for the total number of nodes to be
protected:
devices/2 file servers/15 users. Thus the customer will be able to protect up to 15 desktops, up to 15 mobile devices,
up to 2 file servers and to provide password manager up to 15 users.

Appendix 3. Description of calculation of quantity of KESB licenses
required
The number of KESB licenses to be issued is calculated based on the total number of nodes (workstations,
The number of other license objects included in KESB products (e.g., MDM-node, SM-node, mail user, etc.)
is calculated basing on the percentage of the total number of protected endpoints (factor).
For example, if a customer purchases 100 licenses for Kaspersky Total Security for Business, it will be able:
• to protect up to 100 workstations, mobile devices and servers in total

• to manage with PM-module up to 100 workstations and file servers in total
• to manage with MDM-module mobile devices (within the number of KTSB licenses distributed on mobile devices
only)
• to protect up to 150 mail users
• to protect up to 110 nodes behind Internet gateway

Appendix 4. Licensing of Kaspersky Security Center functionality
Example 1:
A Company has 50 workstations, 2 servers, and 10 smartphones. It needs to protect and to manage all the
workstations, servers and smartphones it has.
The Company should be offered 62 licenses of Kaspersky Endpoint Security for Business - Select (endpoint
protection for all 62 nodes and MDM-module for 10 smartphones) + 52 licenses of Kaspersky Vulnerability and
Patch Management (for managing workstations and servers). Or it can be offered 62 licenses of Kaspersky Endpoint
Security for Business – Advanced (endpoint protection for all 62 nodes, MDM-module for 10 smartphones and PM-
module for 52 nodes + 10 extra nodes).
Example 2:
A Company has 320 workstations, 4 servers, and 50 smartphones. It wants to protect 250 workstations and 4
servers + to manage all smartphones, all workstations and servers that it has.
The Company should be offered 304 licenses of Kaspersky Endpoint Security for Business - Select (for endpoint
protection of 254 nodes and for management of 50 smartphones) + 324 licenses of Kaspersky Vulnerability and Patch
Management (for managing all workstations and servers). Or it can be offered 324 licenses of Kaspersky Endpoint
Security for Business – Advanced (endpoint protection for 304 nodes + extra 20 nodes, MDM-module for 50
smartphones and PM-module for 324 nodes).
Example 3:
A Company has 300 workstations, 4 servers, and 50 smartphones. It wants to protect, to encrypt and to manage
all endpoints that it has.
The Company should be offered 354 licenses of Kaspersky Endpoint Security for Business - Advanced. It will get
protection and encryption functionality for all endpoints + it will activate PM-module for all endpoints + it will activate
MDM-module for 50 smartphones.

Appendix 5. Examples of KEDR licensing options basing on specific
customer cases
Example 1:
A company already has KATA product (Standard, Advanced or Enterprise) and is considering EDR capabilities.
Option 1: The customer can purchase KATA Platform EDR Agent based on the number of nodes to be protected.
Option 2: The customer can upgrade to KATA Enterprise EDR (if not more than 10 000 nodes are to be protected).
Example 2:
A company is interested in EDR protection for its 10 000+ nodes.
Option 1: The customer can purchase KEDR Standard or Advanced Edition for the total number of nodes it wants
to protect with EDR.
Option 2: The customer can purchase KATA Advanced or Enterprise together with KATA EDR Agent for the total
number of nodes it wants to protect with EDR.
Example 3:
A company uses KATA Enterprise EDR to protect 10 000 nodes. And now the company wants to increase its EDR
protection to an additional 500 nodes.
Option: The customer can purchase KATA Platform EDR Agent licenses for 500 additional nodes to be protected.

Appendix 6. Licensing cases of Kaspersky Hybrid Cloud Security
(KHCS)
Example 1 - Private data center:
A Company needs standard security capabilities for 10 x VMware ESXi hosts (2 CPU each) with 100 virtual servers
and 300 virtual desktops in total. Plus, 100 physical servers (80 with Windows Server OS and 20 with CentOS 7.2).
Option 1: The Company should be offered 200 licenses of KHCS SVR + 300 licenses of KHCS Dt.
Option 2: The Company should be offered 20 licenses of KHCS, CPU + 100 licenses of KHCS SVR.
Example 2 – Managed hosting:
A Company needs enterprise security capabilities for workloads hosted in Telefonica cloud: 75 virtual servers and
25 virtual desktops. They also buy a collocation service from Telefonica for 30 physical servers with Windows Server
OS and 20 physical servers with Linux OS.
Option: The Company should be offered 125 licenses of KHCS Enterprise, SVR + 25 licenses of KHCS Dt.
Example 3 – Public cloud:
A Company needs enterprise security capabilities for 175 virtual servers running on Amazon Web Services (AWS)
cloud.
Option: The Company should be offered 175 licenses of KHCS Enterprise, SVR.
Example 4 – Multiple clouds:
A Company needs standard security capabilities for 100 virtual servers and 125 virtual desktops hosted in
RackSpace. Plus, they also have 200 virtual servers and 125 virtual desktops hosted in MS Azure cloud.
Option: The Company should be offered 300 licenses of KHCS SVR + 250 licenses of KHCS Dt.
Example 5 – Complex hybrid cloud:
A Company needs enterprise security capabilities for a complex hybrid cloud environment that is distributed across
multiple cloud environments. They have 12 MS Hyper-V hypervisors (4 CPUs each) with 60 virtual servers and 200
virtual desktops in total. They also buy a collocation service from 3rd-party Managed Hosting provider to store 4
additional MS Hyper-V hypervisors (with 2 CPUs each) inside remote data center with 80 virtual servers in total. Finally,
a company is using the MS Azure cloud to run 30 virtual servers.
Option 1: The Company should be offered 170 licenses of KHCS Enterprise, SVR + 200 licenses of KHCS Dt.
Option 2: The Company should be offered 56 licenses of KHCS Enterprise, CPU + 30 licenses of KHCS Enterprise,
SVR.
Example 6 – Migration from physical workstations to VDI:
A Company migrates 500 physical workstations to VDI. Currently, the physical workstations are covered with
KESB - Advanced.
Option: The company needs to upgrade 500 KESB - Advanced licenses to KHCS Enterprise, Desktop. With KHCS
Ent, Dt, the company will be able to apply each license to a physical machine or a VM thus allowing for gradual
migration and roll-back scenarios for the duration of the license as needed.

Band combining in Kaspersky Hybrid Cloud Security sales
There is no possibility to use total combined band for selling different KHCS products to a customer. Each KHCS
product should be processed in a separate order for the exact number of license objects to be protected accordingly.
KHCS trade-in options for KESB customers

Current KESB customers can migrate to KHCS products (both Standard and/or Enterprise) without any restrictions
regarding the consistency between licensing models of KESB (nodes) and KHCS (workloads or CPUs).
Such deals are qualified as Trade-in deals and require creating quote/s in CRM (SFDC).
Please note that the following product swaps are qualified as upgrades:
Kaspersky Endpoint Security for Business - Select Kaspersky Hybrid Cloud Security, Desktop
Kaspersky Endpoint Security for Business - Advanced Kaspersky Hybrid Cloud Security Enterprise, Desktop
Current KESB customers can switch to KHCS products fully or partially.
Full upgrade/migration means that the customer switches the total number of its KESB licenses to KHCS.
The existing key files/activation codes for KESB product, that should be replaced, are blocked in a certain period
of time.
Partial upgrade/migration means that the customer switches only part of its KESB licenses to KHCS, remaining
the other KESB licenses as effective ones.
The order/s for KHCS licenses should be co-termed with the initial KESB order.
Volume discount is not applied to KHCS partial migration. Namely, it is not allowed to use total band for placing
KHCS migration orders. Each order for KHCS products should be processed separately for the exact number of license
objects to be protected. For each separate order there is a possibility to apply all discounts available for it.
The existing key files/activation codes for KESB product are not blocked.

Appendix 7. The daily licensed traffic volume has been exceeded or not
completely used
Licensing is based on 24-hour periods starting from any moment of time rather than the calendar 24-hour day.
If the daily amount of traffic specified in the license was scanned before the end of the day, emails are still
scanned, regardless of how much the licensed amount of traffic was exceeded. The administrator is notified that the
licensed traffic volume has been exceeded.
If the total amount of traffic scanned in the past 24 hours is smaller than the daily traffic allowed by the license,
the unused traffic is ignored, i.e., in the next 24 hours the user is not allowed to scan more traffic than specified in the
key file.

Addendum to General Licensing Principles
Cross-grade licensing
META practice: Cross-grade licensing is available for purchase during the effective period of end user license
agreement with any vendor of anti-malware software product and within 1 month after this end user license agreement
expiration.
Additional licenses of Kaspersky product (up to 150%) can be purchased at cross-grade pricing within 3
months (a period of 6 months for Middle East & Saudi Arabia & Bahrain as well as for Turkey Region) after the original
order.
North America practice: Cross-grade licensing is available for purchase during the effective period of end user
license agreement with any vendor of anti-malware software product.
Down-sell practice
USA practice: approval for down-sell deal is required
Specific naming of license types (USA and Canada)
License type Name (for USA and Canada)
Base Comm.Lic.+Maint.
Renewal Maint. Renew
Upgrade Upgrade (Lic.+Maint.)
Cross-grade Comp.Upgrade Lic.+Maint.
Educational Edu/Gov Lic.+Maint.
Educational Renewal Edu/Gov Maint. Renew
Successive Successive Lic.+Maint.
Base Premium Comm.Lic.+Gold Support
Cross-Grade Premium Comp.Upgrade Lic.+Gold Support
Renewal Premium Renew + Gold Support
Educational Renewal Premium Edu/GovRenewal + Gold Support
Educational Premium Edu/Gov Lic.+Gold Support

Licensing Guidelines For Kaspersky Products

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Licensing Guidelines For Kaspersky Products

Uploaded by

Copyright:

Available Formats

Licensing guidelines for Kaspersky

Version No. 48 (applicable globally, excluding Russia, STAN, Caucasus)

3. General Licensing Principles ............................................................................................................... 6

Small Office Security .................................................................................................................................................. 7

Endpoint Security Cloud ............................................................................................................................................. 9

Endpoint Security .....................................................................................................................................................11

Total Security ............................................................................................................................................................11

Endpoint Detection and Response Optimum ...........................................................................................................13

Endpoint Detection and Response Expert ...............................................................................................................16

Managed Detection and Response ..........................................................................................................................19

Optimum Security .....................................................................................................................................................21

Anti Targeted Attack Platform ..................................................................................................................................23

Endpoint Detection and Response ...........................................................................................................................26

Hybrid Cloud Security ...............................................................................................................................................28

Vulnerability and Patch Management Security ........................................................................................................31

PAGE 1 | Licensing guidelines for Kaspersky products | 16 May 2023

Mail and Gateway Security .......................................................................................................................................32

Storage Security .......................................................................................................................................................33

Embedded Systems Security ...................................................................................................................................33

Private Security Network ..........................................................................................................................................34

Research Sandbox ...................................................................................................................................................34

Threat Attribution Engine ..........................................................................................................................................35

Premium Technical Support .....................................................................................................................................36

End-of-Sales Products. Migration guidelines ...........................................................................................................39

Additional licensing procedures ................................................................................................................................41

Renewal guidelines ................................................................................................................................................................. 41

Appendix 2. Description of calculation of quantity of KSOS licenses required ..........................................47

Appendix 3. Description of calculation of quantity of KESB licenses required ...........................................48

Appendix 4. Licensing of Kaspersky Security Center functionality ............................................................49

Appendix 6. Licensing cases of Kaspersky Hybrid Cloud Security (KHCS)...............................................51

Band combining in Kaspersky Hybrid Cloud Security sales.....................................................................................52

KHCS trade-in options for KESB customers ............................................................................................................52

Addendum to General Licensing Principles ..............................................................................................54

PAGE 2 | Licensing guidelines for Kaspersky products | 16 May 2023

The following issues are out of scope of this document:

• non-commercial licensing (NFR, trial licenses);

© 1997-2023 Kaspersky Lab AO. All Rights Reserved.

Product composition – set of applications to be compatible with the product.

• Nodes have factor as 100%,

Kaspersky products are generally categorized by Market Sector.

© 1997-2023 Kaspersky Lab AO. All Rights Reserved.

1. Product code – internal 4-digit identification of each Kaspersky product.

Additional Key files/Activation codes and Co-terming

Consolidation (exceptional cases)

Add-on license type/SKU and Co-terming

© 1997-2023 Kaspersky Lab AO. All Rights Reserved.

Security for Home and SOHO (small office, home office)

Kaspersky Anti-Virus (KAV) Desktop

Kaspersky Internet Security for Mac Desktop

Kaspersky Internet Security for Mobile Device

Kaspersky Cloud Password Manager User

Kaspersky Safe Kids User

Kaspersky Secure Connection (KSEC) 1 User

Kaspersky Internet Security (KIS) Device

Kaspersky Total Security (KTS) Device 100%

Kaspersky iOS Security Account Mobile stores only

Upgrade policy for consumer products

Upgrade from consumer products to corporate products is not allowed.

© 1997-2023 Kaspersky Lab AO. All Rights Reserved.

Calculation of a number of KSOS licenses required

Renewal policy for KSOS

The following renewals are not restricted:

Upgrade policy for KSOS