Anti-Virus and Hips Exclusion

If you have Anti-Virus or HIPS software installed on the Cloud Agent host, it may interfere with Cloud Agent's functioning. To avoid this conflict, exclude the following files, directories, and processes from all security software installed on the system.

Directories used by Cloud Agent installation

/etc/qualys/cloud-agent

/usr/local/qualys/cloud-agent

/usr/share/doc/qualys-cloud-agent-<version>

/opt/qualys -  Stores AIX Cloud Agent logs only.

/var/opt - Stores the Cloud Agent log files.

/var/spool -  Stores the FIM and EDR data.

/etc/init.d/  - This directory is used on SysVinit-based Linux platforms to store the init scripts. These init scripts are used to start, stop, restart, or check the status of system services during system boot or during manual restarts by an admin user.

Cloud Agent Process

The agent runs various read-only commands during the scanning process. These are the same commands that run during a scan using a scanner appliance.

For the smooth operation of Cloud Agent, exclude the following processes.

The following processes always run for a Cloud Agent:

  • qualys-cloud-agent - Used for Cloud Agent daemon processes.
  • qualys-cep - Used for Qualys CEP processes, such as Custom Assessment and Remediation (CAR), On-demand scans, or agent troubleshooting.

The following processes run when the respective Qualys applications are activated:

  • qualys-scan-util - Used for running Qualys scans. The qualys-scan-util run commands to collect host metadata.
  • agentid-service - Used for Cloud Agent unauthenticated merge features.
  • edr-plugin - Used for Endpoint Detection and Response (EDR) or File Integrity Monitoring (FIM) to load the plugin to auditctl.
  • qualys-edr - Used for EDR or FIM module.
  • qualys-custom-qid - Used for the Custom QID module.
  • qualys-healthcheck-tool - Used for Qualys Health-check tool.
  • qualys-patchmgmt-tool - Used for Qualys Patch Management.
  • qualys-udc-scan - Used for Qualys UDC scan.
  • /usr/local/qualys/cloud-agent/swca/bin/qualys-swca-datacollector - Used for Qualys SwCA Scan.
  • /usr/local/qualys/cloud-agent/mitigation/bin/qualys-mitigation - Used for Qualys mitigation module.
  • /usr/local/qualys/cloud-agent/mux/bin/qualys-mux - Used for Qualys Mux Module ISOLATE, EPP, and Quarantine host.
  • /usr/local/qualys/cloud-agent/mux/bpf/bin/qualys-bpf - Used for Qualys BPF module ISOLATE/Quarantine host/EPP.

Some transient files are created during agent execution

  • To store the current Cloud Agent configuration: /usr/local/qualys/cloud-agent/Config.db
  • To contain the manifests used during the agent-based scans: /usr/local/qualys/cloud-agent/manifests/*.db

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: May, 2026