Prerequisites
Following are the minimum prerequisites to install Cloud Agent on your Windows hosts.
Cloud Agent Requirements
Your hosts must be able to reach your Qualys Cloud Platform (or the Qualys Private Cloud Platform) over HTTPS port 443. Login to the Qualys Cloud Platform and go to Help > About to see the URL your hosts need to access.
To install Qualys Cloud Agent for Windows, you must have Local or Domain administrator privileges on your hosts. Proxy configuration is supported for Qualys Cloud Agent. To learn more about proxy configuration, refer to Proxy Configuration.
Hardware Requirements
512 MB of RAM for scan-based features such as Inventory, Vulnerability Management (VM), and Policy Compliance (PC).
1 GB of RAM for File Integrity Monitoring (FIM) and Patch Management (PM).
For system requirements with EDR, refer to the Qualys Endpoint Detection and Response Onboarding Guide.
Minimum 200 MB of available disk space.
Microsoft Windows Hotfixes
The following hotfixes are required for a Cloud Agent to run and connect to the Qualys Cloud Platform from older Windows operating systems.
Hotfix |
KB Article |
Archive |
Language |
Platform |
---|---|---|---|---|
Windows XP SP3+ 86 SHA2 Cert Hotfix |
968730 |
375554_ENU_i386_zip.exe |
English |
i386 |
Windows Server 2003 SP2+ x86 SHA2 Cert hotfix |
>968730 |
375510_ENU_i386_zip.exe |
English |
i386 |
Windows XP SP3+ x64 & Windows Server 2003 SP2+ x64 SHA2 Cert Hotfix |
968730 |
375531_ENU_x64_zip.exe |
English |
x64 |
Archive names may change in the future.
To acquire Microsoft Windows hotfixes contact Microsoft Support.
Microsoft Windows Security Updates
Install Windows Security Updates KB4474419 Microsoft and restart the system to load the Qualys Cloud Agent drivers successfully on Windows 7 SP1 and Windows Server 2008 R2 SP1 and SP2.
For more details about Windows security updates, refer to the Microsoft Support Document.
TLS Version Needed
Ensure that TLSv1.2 or later is enabled on client machines to communicate with Qualys Cloud Platform.
Cloud Agent for Windows uses cryptographic protocol support provided by the Windows operating system. Older Windows operating systems (including Windows XP, Embedded Standard, Server 2003/SP2, Server 2008/SP1/SP2, and potentially others if explicitly configured) do not have TLS 1.2 support on the operating system for Cloud Agent.
For more information, refer to Deprecating TLSv1.0 and TLSv1.1.
Tips and Best Practices
What is an activation key? To install Cloud Agent on your host, you need an activation key. This provides a way to group cloud agents and bind them to your subscription with Qualys Cloud Platform. You can create different keys for various business functions and users.
Benefits of adding asset tags to an activation key: Tags assigned to your activation key are automatically assigned to agent hosts. This helps you manage your agents and report on agent hosts.
Running the agent installer: You need to run the installer from an elevated Command Prompt or use a systems management tool.
Activate the Cloud Agent: Ensure that the installed Cloud Agent is activated for one of the following applications, based on your subscription - Vulnerability Management (VM), Policy Compliance (PC), File Integrity Monitoring (FIM), Endpoint Detection and Response (EDR), or Patch Management (PM). To activate an agent for an application, you need an activation key. You can set up auto-activation by defining applications for activation keys or do it manually in the Cloud Agent user interface.
What happens if I skip activation? Cloud Agent sinks only inventory information to Qualys Cloud Platform, such as IP address, OS, DNS, NetBIOS names, MAC address, and installed software.
How many agents can I install? You can install any number of agents but can activate an agent for an application only if you have an activation key for that application. The Agents tab in the Cloud Agent UI displays a list of agents installed in your network.
Verify connection with Qualys Cloud Platform: Once installed, cloud agents connect to the Qualys Cloud Platform and provision themselves. You can see agent status on the Agents tab - this is updated as agents check-in. If your agent does not have a status , it has not successfully connected to the Qualys Cloud Platform, and you need to troubleshoot.
What is the default startup type for Qualys Cloud Agent service? The Startup type is set to Automatic (Delayed Start) for the Qualys Cloud Agent service.