Qualys Cloud Agent for Linux Intel 7.1.1

Limited Customer Release

March 05, 2025

New Features

We are introducing the following new features and enhancements with this release of Qualys Cloud Agent for Linux Intel.

New Feature — Linux Host Isolation

With this release, we are introducing a feature to isolate vulnerable assets from your network. The isolated assets can not interact with other assets in your network except for the excluded IP addresses, applications, and domains. Isolating an asset helps prevent the exploitation of vulnerabilities present on them.

Earlier, we had the capability to isolate assets from the Qualys Endpoint Detection and Response (EDR). With this feature, we are extending these isolation capabilities to Qualys Vulnerability Management Detection and Response (VMDR).

Support for Isolation Exclusion Rules

By default, we have added exclusions for Cloud Agent processes but not for the child process hierarchy launched by them. This means the Cloud Agent processes will work for isolated assets but not for the child processes launched by Cloud Agent processes.

The following points describe the exclusion rule behavior:

• While configuring the exclusion rule for isolated assets, you can use the IP addresses, IP range, subnet masks, application paths, and domain names.

   Ensure that you add the absolute package installer path while adding an application-based exclusion for patch and mitigation jobs to work. For example, yum, dpkg, zypper — according to your OS platform. Also, while configuring the yum application path exclusion, add /bin/yum and /usr/bin/yum/ path in the exclusion rule, since symlinks are not supported.

• The excluded IP addresses and applications support both ingress (incoming) and egress (outgoing) communication.

  For IP-based exclusion, we only support the IPv4 addresses. Currently, this feature does not support IPv6-based exclusion.

• The excluded domains only support egress communication.

  Domain isolation does not work through proxy connection, if you have configured a system-wide proxy. 

• The excluded IP addresses, applications, and domains can communicate with other assets in your network. This allows you to deploy the mitigation and patch jobs and perform other remediation actions as required.

  The connections established before a asset is isolated remains unaffected. These pre-established connections are not terminated after isolating an asset.

Required application version

Patch Management - 3.4.0.0 Vulnerability Management Detection and Response - 2.2.0 Endpoint Detection and Response - 3.6.1

Behavioral Change

There are no behavior changes in this release.

Platform Coverage Support

There is no new platform coverage added in this release.

Issues Addressed

No notable issues were reported for this release.

Known Issues, Limitations, and Workarounds

There are no known issues or limitations in this release.