Qualys self-protection feature helps prevent non-trusted processes to make unwanted changes to Qualys Cloud Agent.
Self-protection feature prevents the following:
- Uninstallation of Cloud Agent
- Termination of Cloud Agent processes
- Tampering with Cloud Agent files and directories - overwriting, deleting, renaming, modifying, and memory mapping
- Tampering with Cloud Agent driver - unloading or detaching the driver
- Tampering with Cloud Agent registry keys:
- Overwriting, deleting, and modifying the registry key and value
- Renaming the registry key
- Prevents the debugger from attaching to the Qualys Cloud Agent service
- Prevents user-defined scripts, that is, the scripts uploaded by Custom Assessment and Remediation (CAR), and Patch Management, from making changes to the protected areas.
Note: This feature is not enabled by default. To enable the feature, contact your Qualysrepresentative.
You can disable the self-protection feature if you want to access the agent data and artifacts required for debugging, such as log files.
You can generate a key to disable the self-protection feature for an agent for a defined time interval. By default, the generated key is valid for one day. However, you can define the validity of the key.
Note: Users with the CA Manager role have permission to generate the self-protection key.
1) From the application selector, select Cloud Agent.
2) Go to Agent Management > Agent.
3) Select the agent and click Disable Self Protection from the Quick Actions menu.
4) In the Generate key to disable self protection screen, click Generate Key and follow the process to disable the self-protection on the selected Cloud Agent.
Note: This feature will be available only when it is supported by the Cloud Agent for Windows. For the supported platform and Cloud Agent for Windows version, refer to Features by Agent Version section in the Cloud Agent Platform Availability Matrix.