MacOS Intel Release 4.25
December 2022 (Updated May 09, 2025)
We’re excited to share new features, improvements, platform coverage changes, and fixes in this Cloud Agent release.
These updates are specific to the agent binary. Platform updates for new features and fixes of management, syncing, tagging, and reporting capabilities of Cloud Agents are documented in the Cloud Platform and Cloud Suite release notes.
Patch Management Support for New Platforms
The Patch Management application is supported on the Cloud Agent on the following platforms:
o MacOS 10.15 Catalina
o MacOS 11 Big Sur
o MacOS 12 Monterey
o MacOS 13 Ventura
Currently, Cloud Agent supports only minor operating system patch updates and third-party application patches using Patch Management. Major MacOS upgrades are not supported.
The MacOS support is available in Patch Management version 2.0 or later.
You can configure Patch Management settings through the Cloud Agent user interface—Timeout for the patch job execution can be set. The default timeout is 24 hours, after which the patch job will fail if no action is taken.
Prerequisite: You must enable notifications for the Cloud Agent application to receive the notification for operating system update patches.
A pop-up notification continues to appear until you apply the patch to the system.
Installation Prerequisites for Non-root Accout with Sudo-root Delegation
If you want to use a non-root account with Sudo root delegation, either the non-root user needs to be assigned sudo privileges directly or through group membership. Ensure that the NOPASSWD option is configured.
You must add an agent user entry in the /etc/sudoers.d/agentuser file, as shown in the following example:
agentuser ALL=(ALL) NOPASSWD:ALL
%agentuser ALL=(ALL) NOPASSWD: ALL
You can also use secure Sudo. When you set UseSudo=1, the agent tries to find the custom path in the secure_path parameter located in the /etc/sudoers.d/agentuser file.
This can be used to restrict the path from where commands are picked up during data collection. If this parameter is not set, the agent refers to the PATH variable to locate the command by running sudo sh.
Enhancements
There are no enhancements in this release.
Behavioral Changes
There are no behavioral changes for this release.
Platform Coverage Support
There are no new platform coverages in this release.
Issues Addressed
There are no notable and important issues addressed in this release.
Known Issues, Limitations, and Workarounds
- After the MacOS patch update, all the QualysCloudAgent logs from the /var/log/qualys directory are getting deleted. However, the QualysCloudAgent logs again start populating once the system reboots post-MacOS update.
- Currently, the Apple Safari application stops responding after it is updated using the Patch Management application. This issue is observed in MacOS Monterey operating system.
Workaround: Do not select the latest Apple Safari patch for older MacOS versions. Instead, update the operating system to the latest version. - Pop-up notification appears even after successful application of the operating system update patch.
Workaround: Close the pop-up message. It does not reappear. - Multiple patches of a similar application appear as Latest Patch (Non-superseded) because of incorrect replacementPatches data in catalogue.
- The Patch Management log displays the error message from Ivanti—Pipe READ failed with message: Resource temporarily unavailable. However, this does not have any impact on the Agent functionality.
- The operating system patch update fails when there is insufficient storage space, and an incorrect status is provided about the update.
Workaround: Ensure that there is enough space for downloading the patch. Recommended space requirement for Mac endpoint is ~30-40GB space. For space requirements, refer to MacOS Big Sur - Technical Specifications.