Qualys Cloud Agent Application Release 2.5

October 06, 2025

With this release of Cloud Agent application, we are introducing the following new features and enhancements.

New Feature — Manifest Version Control

We are introducing a new feature — Manifest Version Control (MVC) for the Cloud Agent application. Manifest Version Control (MVC) gives organizations greater control over the Vulnerability Management (VM) manifests used by Cloud Agents. With this feature, you can delay or prevent the automatic assignment of newly published manifests, allowing time for validation in test environments before assigning them to production systems.

The MVC also display the VM Scan Manifest version details for Windows and Linux Assets. This help you take an informed decision about whether to use or delay the implementation of newly available manifest.

This MVC reduces the risk of operational disruptions caused by unforeseen issues in newly released manifests and supports more controlled, and reliable security operations at scale.

To create or edit a MVC profile, navigate to Manifest Version Control tab at Configuration > Version Control Profiles.

New option Manifest Version Control. under Version Control Profiles tab.

Order QIDs based on QDS Score

The Manifest Versions option in the Manifest Version Control tab displays the Vulnerability Management (VM) Manifest details, such as release date, version, delta information, QID count, and change log.

When you click the QID count, the QID window displays all the QIDs detected for the manifest version. Earlier, the detected QIDs were listed randomly. Now, we list the QIDs with descending QDS score. With this enhancement, the QIDs with high risk are displayed at the top of the list to help you prioritize the vulnerability management for new manifests.

To view the QIDs detected for VM Manifest, navigate to Version Control Profiles > Manifest Version Control. Click Manifest Versions > QID Count to view the list of QIDs detected for the selected manifest version.

VM Manifest QIDs listed in Descending order.

To learn more about MVC, refer to Manifest Version Control in Cloud Agent Online Help.

New Feature — CPU Limit for Patch Patch Management

In the Qualys Patch Management application, the provision to control the CPU utilization is not available. Due to this limitation, Patch Management may cause high CPU utilization, extended scan times, or patch job timeouts.

We have introduced an option to apply the CPU Limit specified for Windows Cloud Agent to Patch Management application. With this enhancement, you can control the resource utilization of the host assets and ensure smooth patching experience with minimal job timeouts.

You can enable this feature from the Application Configuration window while creating a new configuration profile or editing an existing profile. Select the Enable CPU Limit checkbox in the Application Configuration > Patch Management section.

An option to enable CPU Limit for Patch Management.

The CPU Limit defined in the Cloud Agent configuration profile is applied to Patch Management. Using low CPU Limit values may result in higher scan times or patch job timeout.

Required Application Version Patch Management - 3.7.0

To learn more about this feature, refer to Cloud Agent Online Help.

Enhanced Cloud Agent Dashboards

With this release of the Cloud Agent application, we are introducing the new and enhanced Cloud Agent Dashboard. The new dashboard gives you a more refined and intuitive representation of your organization's security posture.

Support for On-screen Guidance

The enhanced Cloud Agent dashboard also has an option to opt in for On-Screen Guidance. By opting in for the on-screen guidance, you consent to use the pseudonymized masked IP addresses with geolocation. These masked IP addresses help you make the best use of Cloud Agent features without compromising your privacy.

To opt in for the On-Screen Guidance, click  the  icon on the Dashboard tab. Select Opt-in to start using masked IP addresses.

Upload Client Certificates to Vault Connections

We have updated the Vault Connections for database authentication to support uploading the client certificates while creating or editing a CCP connection profile. Uploading the certificate files for the CCP Vault Connection profile gives an extra layer of security to the database credentials and ensures that the databases are accessed only by the certified users.

To add a certificate file to a CCP Vault Connection profile, navigate to the Configuration > Vault tab. You can add the certificates in .pfx format while creating or editing a vault connection profile.

ScreenShot

To learn more about Vault Connection profiles, refer to Cloud Agent Online Help.

Install FedRamp Compliant Cloud Agent

We have introduced a new variable in the Cloud Agent installation command to select a FedRamp-compliant package while installing the Cloud Agent. You can select the HMACVERSION={1|2} to install the FedRamp-compliant package for Windows Cloud Agents. This feature provides better control over FedRamp-compliant Cloud Agent deployment.

Sample Installation Command for installing FedRamp-compliant Cloud Agent:

QualysCloudAgent.exe ACTIVATIONID={xxxxxxx-xxxx-xxxx-xxxxxx} CUSTOMERID={xxxxx-xxx-xxx-xxx-xxx-xxxxx} WEBSERVICEURI=<qualys_platform_url>/CloudAgent/ HMACVERSION=1

Where, 

  • HMACVERSION=1: FedRamp-compliant Cloud Agent installation 
  • HMACVERSION=2: Normal Cloud Agent installation
  • <qualys_platform_url>: Placeholder for Qualys Platform URL

Refer to Cloud Agent online help to learn more about installing the FedRamp-compliant Cloud Agent.

Enable Static and Runtime Analysis for SwCA Scans

We have introduced new options in the SwCA Configuration profile to specify the Software Composition Analysis Setting. With this option, you can specify whether to execute Runtime Analysis or Static Analysis during the SwCA scans.

In the Runtime analysis, SwCA scans application components in production or containerized environments, which are detected during the scan execution. In the Static analysis, SwCA scans the application components that are under development.

To define the Software Composition Analysis Settings, select the Runtime or Static checkbox.

Option to specify Runtime or Static Analysis for SwCA scans.

You must select the Runtime checkbox to enable the Static analysis for the SwCA Configuration profile.

Edit Expired Activation Keys

We have enhanced the Cloud Agent Activation Keys to support editing expired keys without changing the expiration limits, such as the Cloud Agent Count limit or expiry date. This enhancement helps manage expired activation keys better by allowing you to update the key title and other configuration settings without changing the expiration limits.

Previously, an expired activation key could not be edited unless the expiration limits for the key were changed.

Issues Addressed

There are no notable and important issues for this release. 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.