What's New in Cloud Agent

• Expands Manifest Version Control (MVC) to support multiple Qualys applications, enabling controlled manifest rollout, staged testing, and improved compliance and audit consistency.
• Introduces Manifest Insights for better visibility into manifest versions, changes, and QID details.
• Adds new and standardized activation key search tokens, improving asset and key management.
• Fixes agent version visibility and EDR license handling issues, improving reliability and operational accuracy.

• Introduces Manifest Version Control (MVC) to manage VM scan manifests, enabling validation before production rollout and improving operational stability.
• Enhances vulnerability prioritization by listing QIDs in descending QDS risk order.
• Adds CPU utilization control for Patch Management to reduce performance impact.
• Strengthens Vault security with client certificate uploads.
• Enables FedRAMP-compliant agent installation and flexible SwCA analysis settings.
• Updates QQL token naming standards.

• Modernizes Activation Key UI with a microservice-based framework, improving usability, performance, filtering, and search capabilities.
• Increases configuration profile assignment limits to support managing more agents simultaneously, simplifying large-scale deployments.
• Updates SwCA CPU usage controls to optimize system performance across Windows and Linux.
• Fixes SwCA configuration, activation warnings, license banners, download errors, and IPv6 validation issues, improving reliability and user experience.

The following are the highlights for Cloud Agent Application Release 2.3.0:

• Support added for IPv6 in Agent Scan Merge — covering addresses, subnets, gateways, DNS suffixes.
• SwCA Scan Profile UI upgraded to select custom scan directories/processes and renamed fields for clarity. Cosmetic improvements to enhance the user experience.
• Fixed deletion error with empty message when removing configuration profiles.

To learn more about these features and enhancements, refer to Cloud Agent Application Release 2.3.

The following are the highlights for Cloud Agent Application Release 2.2.0:

• Enhanced Agent Version Control with warnings when selecting older agent versions.
• Updated Affected Agents report to display descriptive profile names instead of profile IDs.
• Fixed a UI issue where an incorrect agent count appeared when deleting DB assessment profiles.
• Restored the FIM toggle in configuration profiles for users with a valid FIM license.

To learn more about these features and enhancements, refer to Cloud Agent Application Release 2.3.

The following are the highlights for Cloud Agent Application Release 2.1.0:

• Renamed the Qualys Cloud Platform to Qualys Enterprise TruRisk Platform across all interfaces, starting January 2025.
  
• Introduced tag-based AVC profiles for granular agent version control, complete with prioritization and backup handling.
• Enabled assignment of CAPS leaders (up to 100 Cloud Agent hosts) for improved network traffic sensing.
• Added role-based access control to SwCA, AVC, Database Assessment, Vault, and CAPS profiles.
• Set automatic expiration for Cloud Agent log downloads: 3 days if processing, 7 days upon completion.
• (API update) Added Direct Assignment API to list Cloud Agents tied to config profiles.

To learn more about these features and enhancements, refer to Cloud Agent Application Release 2.1.

• Introduces token-based authentication for Cloud Agent APIs, enabling secure API access and simplified authorization management through the user interface.
• Adds role-based client access controls, supporting user-level and subscription-level authentication tokens.
• Improves API permission management and access governance with minimal workflow changes.
• Serves as a maintenance release that supersedes version 3.23.0.0 while retaining all existing platform capabilities and enhancements.

• Enables on-demand ETM Identity scans directly from the Cloud Agent UI to detect identity risks and strengthen zero-trust security posture.
• Introduces a new search token (agent.platform) to improve OS/platform-based asset filtering.
• Resolves reporting, API performance, and scheduling issues across Cloud Agent, WAS, and Asset Management services.
• Establishes baseline enhancements later retained and extended in subsequent maintenance updates.

• Introduced FedRAMP-compliant Windows Cloud Agent installation option, improving regulated deployment control.
• Enhanced SwCA reporting with configuration profile visibility and automated software-to-component mapping data collection.
• Optimized Cloud Agent report downloads with CSV default and improved performance for large asset sets.
• Added new Cloud Agent search tokens and standardized existing tokens for better query accuracy.
• Fixed activation, reporting, search, API, licensing display, and asset purging inconsistencies.

• Introduces platform enhancements improving performance, stability, and usability across Qualys services.
• Adds new features and functional updates to strengthen security monitoring, vulnerability detection, and asset visibility.
• Improves data handling, reporting accuracy, and workflow efficiency.
• Addresses multiple bug fixes and reliability improvements.
• Strengthens overall cloud platform integration, scalability, and operational consistency for enterprise deployments.

The following are the highlights for Cloud Agent Application Release 2.1.0:

• Added IPv6 support for Cloud Agent Scan Merge to expand agent coverage.
• Simplified Install Agents UI by removing redundant Platform Name column.
• Enabled cross-manager Security Assessment Questionnaire reporting.
• Fixed Cloud Agent search to support FQDN.
• Ensured accurate role visibility in Admin UI.
• Corrected tag-based dashboard searches.
• Implemented purging of inactive GCP assets after seven days.
• Resolved issues with SAML-SSO sync, WAS app duplication, CSV severity mismatches, and missing SSL/TLS data in reports.

To learn more about these features and enhancements, refer to Enterprise TruRisk™ Platform Release 3.21.1.

The following are the highlights for Cloud Agent Application Release 2.1.0:

• Added long‑term trend graphing (up to 365 days) on Application Dashboard, configurable per user or platform-wide.
• Introduced Qualys Policy Audit, enabling continuous compliance monitoring via activation key or “Activate Agent” toggle.
• Added a new paLastManifestVersionProcessed token and updated several manifest‑version tokens for improved Cloud Agent visibility.
• Enhanced Web Malware Detection with QIDs for server authentication status (206015 & 206017).
• Fixed key issues addressing AWS purge rule creation, policy evaluation, asset hostname consistency, and report sync.

To learn more about these features and enhancements, refer to Enterprise TruRisk™ Platform Release 3.21.

Type your dropdown text here

• Adds ETM Identity support to collect Active Directory identity data, enabling attack-path analysis, trust-map visualization, and identity risk insights.
• Introduces client-certificate authentication for secure database assessments and vault credential retrieval.
• Enables in-place Windows and application feature updates via patch jobs.
• Improves proxy load balancing, patch execution controls, disk-space validation, CPU-throttled scans, and expands reliability through multiple bug fixes.

• Introduces chunk-based downloads for large files, improving transfer reliability and performance across slower networks.
• Adds asset unquarantine capability and enhanced Health Check diagnostics, simplifying troubleshooting and reducing dependency on administrators.
• Enhances Patch Management with CDN-based artifact distribution and lifecycle updates for legacy Windows systems.
• Adds HTTPS proxy support, RemoteShell CAR commands, and resolves patching, blocking, and scan scheduling issues.

• Supersedes Windows Cloud Agent 6.2.0 while retaining all existing features and capabilities.
• Resolves Patch Management jobs getting stuck in the Pending state, improving patch deployment reliability.
• Fixes excessive status interval behavior impacting Patch Management reporting and performance.
• Introduces a maintenance-focused update with no behavior changes, platform additions, or known issues, ensuring improved stability and operational efficiency.

The following are the highlights for Cloud Agent for Windows Release 6.2.0:

• Automatic Patch Reattempts: Failed patches are automatically reattempted, reducing manual remediation efforts; configurable via Patch Management UI.
• Deep Scan Feature: Enables detection of atypical binaries and scans custom directories for deeper insight.
• Host Isolation Enhancements: Supports Host Isolation jobs via VMDR, allowing isolation of vulnerable assets with exclusions for mitigation tools.
• Proxy Randomization: Improves connectivity stability by rotating proxies.
• Improved Patch Logging: Logs now include code 15 to indicate failures after reboot.
• EDR Enhancements:
  • Supports hash-based blocking for apps up to 100 MB.
  • Hashes are cached to optimize performance.
  • Notifications for blocked apps.
• Cross-Platform Agent Relocation: Agents can now be transferred between platforms without reinstallation.
• Windows ETW Support: Enables Event Tracing for Windows to collect detailed diagnostic data.
• IPv6 Exclusion in Anti-malware: Adds the ability to exclude IPv6 traffic in anti-malware protection.

To learn more about these features and enhancements, refer to Cloud Agent for Windows Release 6.2.

The following are the highlights for Cloud Agent for Windows Release 6.1.0:

• On‑Demand Anti‑Malware Scan: Launch scans instantly via the EDR UI, skipping scheduled wait times.
  
• Retry EPP Installation: Attempt failed Anti‑malware tool installs directly within the EDR app.
  
• Clean Agent Reinstalls: Automatically removes remnants from previous installations to avoid failures.
• Patch Job Control: Script‑based pre‑action allows pausing, canceling, or exiting patch jobs using specific return codes.
  
• Mitigation Rollbacks: Roll back temporary vulnerability fixes to apply permanent patches.
  
• EDR Rule Flexibility: Support AMSI exclusion rules and regex-based kernel exclusions to streamline detection tuning.

To learn more about these features and enhancements, refer to Cloud Agent for Windows Release 6.1.

The following are the highlights for Cloud Agent for Windows Release 6.0:

• Mitigation Application Activation: Enables creation and execution of mitigation jobs to reduce Qualys Detection Scores for vulnerabilities—ideal when patching is impractical.
• Vault‑based Database Authentication: Supports CyberArk vault integration using CCP or CP to securely fetch MSSQL credentials for database assessment profiles.
• Proxy Support for MSI Installation: MSI installer now accepts up to five proxies (failover-enabled), falling back to direct connection if all fail.
• New Platform Support: Adds official support for Windows 11 24H2 and Windows Server 2025.
• Fixes for Provisioning & Metadata: Resolved cloned-agent IMDSv2 provisioning errors, virtual MAC collection, duplicate-agent records, and excessive SID translations.

To learn more about these features and enhancements, refer to Cloud Agent for Windows Release 6.0.

• Introduces IPv6 support in Host Isolation allowed lists, extending network control to modern environments.

• Enhances CEP privilege handling to prevent unnecessary privilege escalation and ensure consistent execution.

• Adds Runtime and Static analysis for SwCA scans, improving software detection across production and development environments.

• Strengthens database authentication by supporting client certificates.

• Improves performance, reporting accuracy, notification behavior, and resolves SwCA scan failures.

• Enhances Command Execution Pipeline (CEP) with configurable sudo and user-level permissions, improving execution control and security.
• Adds vault connection options to bypass proxies or SSL verification, reducing failures when retrieving database credentials.
• Improves patch management with enhanced logging, RHEL 10 support, and visibility of previous scan dates.
• Fixes migration, installation, scanning, and security vulnerabilities, improving reliability and stability.

The following are the highlights for Cloud Agent for Linux Release 7.2.0

• Introduced non‑security patch jobs—now available for RHEL, OEL, SLES, OpenSUSE, Alma, and Rocky Linux via Patch Management 3.6.0.0.
• Added host isolation (via TruRisk Eliminate™) for RHEL 9+, Ubuntu 22.04+, Amazon Linux 2 2023+, with granular exclusions.
• Optimized CPU throttling in CEP to limit concurrent manifest processing to 5.
• Extended FIM support to Mariner Linux 1/2 and Azure Linux 3.
• Updated GPG signing key for improved package integrity (SHA‑256).
• Fixed issues with config assignment, permissions during scans, CPU spikes in CEP, agent restarts on Ubuntu, and duplicate asset records (FQDN resolution)

To learn more about these features and enhancements, refer to Cloud Agent for Linux Release 7.2.

The following are the highlights for Cloud Agent for Linux Release 7.1.0

• Introduced rollback support for installed Linux patches on both Debian/Ubuntu and RPM‑based systems, enabling rollbacks to intermediate versions without requiring mirror repos.
• Added script-based pre-actions in Patch Management to allow pausing, exiting, or canceling ongoing patch jobs using return‑code logic.
• Enhanced mitigation workflows, enabling rollback of applied vulnerability mitigations to allow patch deployment.
• Fixed key issues impacting scheduled SCA scans, agent provisioning delays on RHEL 9, SysV folder creation, invalid cloud instance IDs, patch log cleanup, on‑demand scans in relocated installs, and high‑CPU race conditions in CEP

To learn more about these features and enhancements, refer to Cloud Agent for Linux Release 7.1.

The following are the highlights for Cloud Agent for Linux Release 7.0.0

• Added Mitigation support, enabling vulnerability risk reduction via scripts/actions without patches.
• Introduced log compression, archiving, and zipping scan, FIM, Patch, EDR/EPP logs to save disk space.
• Switched agent binary download to CDN with prioritized self-patch retries.
• Enhanced database assessment with vault connections and CyberArk CCP/CP integration.
• Improved Health Check Tool: supports alternate install paths, patch checks, proxy-connectivity reporting, and reduced retries.
• Optimized inactive-agent scan efficiency, avoiding double scans and reducing payloads.

To learn more about these features and enhancements, refer to Cloud Agent for Linux Release 7.0.

• Updates GPG signing key to SHA-256, strengthening package integrity and modern cryptographic verification.
• Introduces FIPS-compliant build for RPM-based systems, supporting regulatory compliance and improved data security.
• Fixes Untrusted Search Path vulnerability by enforcing secure script execution paths.
• Maintains existing behavior and platform coverage while improving overall security posture and installation reliability.

The following are the highlights for Cloud Agent for Linux ARM Release 6.1:

Added full support for EDR and EPP applications, enabling ARM-based agents to monitor system files, processes, and detect vulnerabilities via Cloud Agent configuration profiles

To learn more about these features and enhancements, refer to Cloud Agent for Linux ARM Release 6.1.

The following are the highlights for Cloud Agent for Linux ARM Release 6.0

• Introduced a Health Check tool, with console, text, and JSON outputs to assess agent health for VM, PC, SCA, PM, and UDC modules.
• Enhanced proxy configuration to support up to five failover proxies via environment or config files.
• Added remote log collection for support-led debugging upon user consent.
• Enabled activation key changes, on-demand scans, and reduced activity periods via UI.
• Delivered FIPS‑compliant RPM builds, patch management visibility, and custom assessment/remediation support, plus ARM support for Azure Linux 3.0 and Rocky Linux 8/9; deprecated RHEL 5/6 support.

To learn more about these features and enhancements, refer to Cloud Agent for Linux ARM Release 6.0.

• Relocates Cloud Agent log files to a unified directory, simplifying log access and management.
• Enhances Patch Management login workflow to ensure authentication prompts remain visible during OS patch updates.
• Fixes installation issues causing “application damaged” errors on specific macOS versions.
• Mitigates Untrusted Search Path vulnerability, strengthening installer security and preventing malicious file execution.

• Enhances Qualys EDR with advanced remediation actions, file-write event monitoring, and accurate agent version visibility.
• Introduces log compression to reduce disk usage and improve log management efficiency.
• Adds HMAC-based authentication to strengthen agent-server communication security.
• Expands EPP support to IPv6 assets and improves patch countdown windows with clearer application impact visibility.

The following are the highlights for Cloud Agent for MacOS Intel Release 6.0:

• Introduced Qualys Endpoint Detection and Response (EDR) support, enabling monitoring of system files and processes for enhanced security.
• Full disk access granted via system settings or MDM to activate EDR (v3.5.0+).
• Platform Support:  macOS Ventura (13.x), Sonoma (14.x), and Sequoia (15.x) platforms.

To learn more about these features and enhancements, refer to Cloud Agent for MacOS Intel Release 6.0.

The following are the highlights for Cloud Agent for MacOS Intel Release 5.4:

• Supports up to five fallback proxies, configurable for resiliency.
• Enabled on-demand scans (VM, PC, Inventory, UDC, SCA) directly from the UI.
• Introduced remote log collection with admin consent for streamlined troubleshooting.
• Added AWS asset support, including VM/instance/container vulnerability detection.
• Enhanced Patch Management UI, improving messaging, countdown screens, progress animations, and notifications

To learn more about these features and enhancements, refer to Cloud Agent for MacOS Intel Release 5.4.

The following are the highlights for Cloud Agent for MacOS Intel Release 4.25:

• Added Patch Management support for macOS Catalina–Ventura via Patch Management v2.0+, with configurable timeouts and persistent notifications.
• Enabled sudo delegation for non-root installs using sudoers.d and secure_path.

To learn more about these features and enhancements, refer to Cloud Agent for MacOS Intel Release 4.25.

• Supersedes version 6.3.0 while retaining existing functionality and stability improvements.
• Relocates Cloud Agent logs to a unified directory, simplifying log management and troubleshooting.
• Enhances Patch Management login workflow and default notifications, improving user experience during OS patch updates.
• Fixes installation “application damaged” errors and mitigates Untrusted Search Path vulnerability, strengthening installer security and system protection.

• Enhances Qualys EDR with advanced remediation actions, file-write event monitoring, and accurate agent version visibility, improving threat response and monitoring.
• Introduces log compression to optimize disk usage and manage archived logs efficiently.
• Adds HMAC-based authentication to strengthen agent-server communication security.
• Expands EPP support to IPv6 assets and improves patch countdown windows with clearer application impact visibility.

The following are the highlights for Cloud Agent for MacOS Apple Silicon Release 6.1:

• Introduced Endpoint Detection and Response (EDR) support for monitoring system files, processes, and security events.
• Full disk access via system settings or MDM (EDR v3.5.0+).
• Added support for macOS Ventura (13.x), Sonoma (14.x), and Sequoia (15.x).

To learn more about these features and enhancements, refer to Cloud Agent for MacOS Apple Silicon Release 6.1.

The following are the highlights for Cloud Agent for MacOS Apple Silicon Release 5.5:

• Supports up to five fallback proxies to enhance connectivity resiliency.
• Enabled on-demand scans (VM, PC, Inventory, UDC, SCA) directly from the Cloud Agent UI.
• Added remote log collection for support-driven diagnostics with user consent.
• Introduced AWS asset support for VM, instance, and container vulnerability detection.
• Included Keychain integration for storing patch credentials and flexible user-based updates.

To learn more about these features and enhancements, refer to Cloud Agent for MacOS Apple Silicon Release 5.5.

• Updates AWS Bottlerocket Cloud Agent base image to remediate vulnerabilities and improve compliance and security posture.
• Introduces behavior change by updating the container image path to qualys/lxagent_awsbr_intel, aligning deployment configuration standards.
• Does not introduce new platform coverage or environment support.
• Provides a maintenance-focused release with no notable fixes, issues, or known limitations, ensuring stable agent operation.

• Updates the AWS Bottlerocket Cloud Agent base image to remediate vulnerabilities and improve compliance and overall security posture.
• Focuses on maintenance and security hardening without introducing functional or workflow changes.
• Does not add new platform coverage or deployment environments.
• Provides a stability-focused release with no major issues addressed or known limitations, ensuring reliable agent performance.

• Updates the AWS Bottlerocket Cloud Agent base image to remediate vulnerabilities and strengthen compliance and overall security posture.
• Focuses on maintenance and security hardening without introducing behavior or workflow changes.
• Does not add new platform coverage or deployment environments.
• Provides a stability-focused release with no major issues addressed or known limitations, ensuring reliable agent performance.

Updated the base image used for Linux AWS Bottlerocket Cloud Agent to fix the vulnerabilities.

To learn more about these features and enhancements, refer to Cloud Agent for AWS Bottlerocket Release 5.0.1.

• Updated Cloud Agent base container image to include latest third-party package versions and security fixes, improving stability and reducing vulnerabilities.
• No new features, behavior changes, platform support updates, or major functional enhancements introduced.
• Release focuses on security maintenance, compatibility reliability, and sustaining optimized performance for Google Cloud Container-Optimized OS environments.

• Introduces Cloud Agent 5.0.1.57 for Google Cloud COS, delivering stability and performance improvements.
• Enhances agent reliability, platform compatibility, and communication efficiency.
• Addresses defects to improve scanning accuracy and operational consistency.
• Improves overall agent performance in GCP COS environments.
• Strengthens backend integration and operational handling.
• Focuses on maintenance updates, ensuring smoother deployments and improved reliability across supported GCP COS workloads.

• Introduces updates for Google Cloud Container-Optimized OS (COS) Cloud Agent, enhancing platform compatibility and deployment support.
• Improves agent stability, performance, and reliability across COS environments.
• Fixes reported defects and addresses operational inconsistencies affecting agent functionality.
• Strengthens communication, monitoring, and asset visibility capabilities.
• Includes minor enhancements to streamline agent operations and ensure improved overall security assessment accuracy and reporting.

Updated the base image used for GCP Container Optimized OS Cloud Agent to fix the vulnerabilities.

To learn more about these features and enhancements, refer to Cloud Agent for GCP Container Optimized OS Release 5.0.1.

• Updates the base container image to remediate vulnerabilities and improve compliance and security posture.
• Introduces behavior changes by updating the RHEL CoreOS container image path to qualys/lxagent_rhcos_intel, ensuring alignment with updated deployment standards.
• Maintains existing platform coverage without adding new supported platforms.
• Includes stability-focused update with no major fixes, issues, or known limitations.

• Updates the base container image to remediate vulnerabilities and improve overall compliance and security posture.
• Focuses on maintenance and hardening without introducing functional or workflow changes.
• Does not add new platform coverage or deployment environments.
• Provides a stability-focused update with no major issues addressed or known limitations, ensuring reliable Cloud Agent performance.

• Updates the base container image to remediate vulnerabilities and strengthen compliance and security posture.
• Focuses on maintenance and hardening without introducing functional or workflow changes.
• Does not add new platform coverage or deployment environments.
• Provides a stability-focused update with no major issues addressed or known limitations, ensuring reliable Cloud Agent performance.

The following are the highlights for Cloud Agent for Redhat Enterprise Linux CoreOS Release 4.2.5:

• Updated base image to include the latest third‑party package versions.
• SELinux security context: default allowPrivilegedContainer set to false and elevated privileges disabled.

To learn more about features and enhancements, refer to Cloud Agent for Redhat Enterprise Linux CoreOS Release 4.2.5.

• Introduces Cloud Agent 7.1 for Solaris with support for File Integrity Monitoring (FIM) and Custom Assessment and Remediation (CAR), enabling real-time file monitoring, compliance tracking, automated vulnerability assessment, and remediation workflows.
• Enhances troubleshooting with remote log collection, debug/trace logging, on-demand scans, and activation-key management from the UI.
• Updates certificate verification and installer packaging, improves reporting accuracy, and adds Solaris 11.4 support.
• Introduces manual upgrade requirement, resolves configuration/reporting issues, and improves overall stability and operational security.

• Introduces Qualys Cloud Agent 7.1 for BSD with expanded platform compatibility and performance optimizations.
• Adds support for newer BSD OS versions, improving agent deployment coverage across modern environments.
• Enhances File Integrity Monitoring (FIM) with better event collection and monitoring reliability.
• Improves Configuration Assessment (CA) data collection and overall scan accuracy.
• Delivers stability fixes, agent performance tuning, and bug resolutions to strengthen security monitoring and operational reliability.

• Fixes Untrusted Search Path vulnerability (CWE-426) by enforcing secure, fixed execution paths for shell scripts, preventing malicious file injection and strengthening installer security.
• Focuses on security hardening and risk mitigation without introducing functional or workflow changes.
• Maintains existing platform coverage with no new platform additions.

• Provides a security-focused maintenance release for Cloud Agent on Linux zSystems with no new features, enhancements, or platform additions.
• Mitigates Untrusted Search Path vulnerability (CWE-426) by enforcing fixed, secure shell script execution paths, preventing malicious file injection and privilege-based exploitation.
• Maintains existing behavior and compatibility.
• Delivers stability improvements with no known issues or limitations, ensuring reliable and secure agent operation.