Qualys Cloud Agent for Linux Intel 7.1.1

Limited Customer Release

March 05, 2025

New Features

We are introducing the following new feature(s) and enhancement(s) with this release of Qualys Cloud Agent for Linux Intel.

New Feature — Linux Host Isolation

With this release, we are introducing a feature to isolate vulnerable assets from your network. The isolated assets can not interact with other assets in your network except for the excluded IP addresses, applications, and domains. Isolating an asset helps prevent the exploitation of vulnerabilities present on them.

Earlier, we had the capability to isolate assets from the Qualys Endpoint Detection and Response (EDR). With this release, we have extended the support to isolate an asset from Vulnerability Management Detection and Response (VMDR).

Supported Platforms for Host Isolation Feature

Currently, the host isolation feature is supported only for the following Linux platforms:

  • Redhat Enterprise Linux 9.x and later
  • Ubuntu Linux 22.04 LTS and later
  • Amazon Linux 2 2023 and later

Support for Isolation Exclusion Rules

By default, we have added exclusions for Cloud Agent processes but not for the child process hierarchy launched by them. This means the Cloud Agent processes will work for isolated assets but not for the child processes launched by Cloud Agent processes.

The following points describe the exclusion rule behavior:

  • While configuring the exclusion rule for isolated assets, you can use the IP addresses, IP range, subnet masks, applications, and domain names.

     Ensure that you add the absolute path of installer application while adding an application-based exclusion for patch and mitigation jobs to work. For example, yum, dpkg, zypper — according to your OS platform. Also, ensure that you add the absolute path for all the locations where an application is located, as the symlinks are not supported for this feature. For example, if an yum installer is located at /bin/yum and /usr/bin/yum/, add both these path in the exclusion rule.

  • The excluded IP addresses and applications support both ingress (incoming) and egress (outgoing) communication.

    For IP-based exclusion, we only support the IPv4 addresses. Currently, this feature does not support IPv6-based exclusion.

  • The excluded domains only support egress communication.

    Domain isolation does not work through proxy connection, if you have configured a system-wide proxy. 

  • The excluded IP addresses, applications, and domains can communicate with other assets in your network. This allows you to deploy the mitigation and patch jobs and perform other remediation actions as required.

    The connections established before a asset is isolated remains unaffected. These pre-established connections are not terminated after isolating an asset.

Required application version Patch Management - 3.4.0.0
Vulnerability Management Detection and Response - 2.2.0

Behavioral Change

There are no behavior changes in this release.

Platform Coverage Support

There is no new platform coverage added in this release.

Issues Addressed

No notable issues were reported for this release.

Known Issues, Limitations, and Workarounds

There are no known issues or limitations in this release.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.