Qualys Cloud Agent for Windows 5.6

June 03, 2024

We’re excited to tell you about new features, improvements, platform coverage changes, and fixes in this Cloud Agent release. These updates are specific to the agent binary. Platform updates for new features and fixes of management, syncing, tagging, and reporting capabilities of Cloud Agents are documented in the Cloud Platform and Cloud Suite release notes. 

New Features

Database Authentication and Assessment

With this feature, the Cloud Agent can be configured to fetch the authentication credentials for the database instances through the CyberArk vault for database assessment. This is applicable only for policy compliance control assessment. 

CyberArk is the external software through which Cloud Agent fetches the credentials of the MSSQL Server database. 

You can configure the database assessment options using the Cloud Agent user interface. With this configuration, the database credentials are directly fetched from the vault, and the database assessment is launched. 

For database authentication using CyberArk, Qualys is currently supporting the following combination:

Windows Platform Vault
(On-Prem)
PVWA SDK Credential Provider
All Windows platforms with SQL support 13.2.4 9.10 13.0.0.6 13.0.2

The Qualys Windows Cloud Agent currently supports SQL Server databases for DB Assessment, specifically SQL Server versions 2014, 2016, 2019, and 2022, and utilizes CyberArk Vault for secure credential management.

Required Application Version  Qualys Cloud Platform 3.18.0.0

Enhancements for Patch Management

Special Reboot for Patch Job

With the special reboot feature, you can create a job with the Special Reboot pre-action, which will automatically reboot the assets in the Pending Manual Reboot status. 

Earlier, when the patch job was executed with the Suppress Reboot option enabled, its status changed to Pending Manual Reboot. In this scenario, no other job can be executed on such an asset until it is rebooted manually, creating a bottleneck for job execution. 

You can also schedule the special reboot job based on your patch deployment schedule. This is a high-priority task that is executed before other tasks after patch deployment.

Required Application Version  Qualys Patch Management 2.10.0.0

 While creating a special reboot job, no other pre-action, post-action, or patch should be selected.

Enhancements for Endpoint Detection and Response

IP-Based Exclusion for Quarantined Host

With this enhancement, you can add IP addresses to be excluded while quarantining an asset. Earlier, this feature allowed only process-based exclusion.

This feature enables the user to set IP addresses that a quarantined asset can access and perform the following actions:

  • Access the network share set on the excluded IPs.
  • Take remote access for the excluded IPs.
Required Application Version  Qualys Endpoint Detection and Response 3.3.0

Behavior Changes

There are no behavior changes in this release.

Platform Coverage Support

There is no new platform coverage added in this release.

Issues Addressed

The following reported and notable issues have been fixed in this release.

Reported Issue Description
CRM-122462 Fixed an issue where the Cloud Agent server was rebooting when the self-protection feature was enabled for Cloud Agent.
CRM-119829 Fixed an issue with circular logging for Qualys Cloud Agent minidump files. Now, Cloud Agent retains only 10 minidump files.
CRM-105046 Fixed an issue where proxy keys were getting deleted after upgrading Cloud Agent for the Azure-based Windows server.
CRM-116127 Fixed an issue where Qualys Cloud Agent was collecting incorrect data for Policy Compliance CID 2398.
CRM-121313 Fixed an issue where the Cloud Agent service was stopping during the upgrade due to an unstable database file.

Known Issues, Limitations, and Workarounds

There are no known issues and limitations available for this release.