Anti-Virus and Hips Exclusion

If you have Anti-Virus or HIPS software installed on the Cloud Agent host, it may interfere with Cloud Agent's functioning. To avoid this conflict, exclude the following files, directories, and processes from all security software installed on the system.

Directory list used by Cloud Agent installation

/etc

/etc/qualys

/etc/qualys/cloud-agent

/etc/qualys/cloud-agent/.centos

/etc/qualys/cloud-agent/cert

/etc/qualys/cloud-agent/.suse

/etc/qualys/cloud-agent/.systemd

/usr/local

/usr/local/qualys

/usr/local/qualys/cloud-agent

/usr/local/qualys/cloud-agent/bin

/usr/local/qualys/cloud-agent/lib

/usr/share/doc

/usr/share/doc/qualys-cloud-agent-<version>

/opt/qualys -  Stores AIX Cloud Agent logs only

/var/opt - Stores the Cloud Agent log files

/var/spool -  Stores the FIM and EDR data

/etc/init.d/  - This directory is used on SysVinit-based Linux platforms to store the init scripts. These init scripts are used to start, stop, restart, or check the system service status during system boot or manual restarts by an admin user.

Agent Daemon Process “qualys-cloud-agent”

The agent runs as a daemon process “qualys-cloud-agent.”

The agent runs various read-only commands during the scanning process. These are the same commands that run during a scan using a scanner appliance.

Some transient files are created during agent execution

  • To store the current Cloud Agent configuration: /usr/local/qualys/cloud-agent/Config.db
  • To contain the manifests used during the agent-based scans: /usr/local/qualys/cloud-agent/manifests/*.db

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: November, 2025