Qualys Cloud Agent for Windows 5.7

September 06, 2024

New Features

Patch Job with Configuration Support for Remediation

With this feature, we have added support for downloading and executing configuration scripts after patch deployment on an asset. The Cloud Agent downloads the configuration script from CDN. 

By executing the configuration scripts, we can ensure that the vulnerability is completely fixed and not just patched, as only deploying the patch does not mean that the vulnerability is fixed. 

Required Application Version Qualys Patch Management 2.13.0.0

Ransomware Mitigation

Ransomware is malicious software that encrypts or locks files on your systems, preventing you from accessing them. Ransomware mitigation minimizes the impact of ransomware attacks by creating a backup of the impacted file. It recovers your files as soon as Qualys detects and blocks the attack.

Ransomware Mitigation is a behavioral scan performed by the Qualys Endpoint Detection and Response (EDR). To enable this feature, navigate to Anti-malware Profile > Behavioral Scan in the EDR user interface and turn on the toggle for Ransomware Mitigation.

While enabling ransomware mitigation, you can also select the options to monitor your remote and local assets. The Local option monitors your on-premise assets, such as workstations, and the Remote option monitors your networks and remotely accessed servers. 

Required Application Version Qualys Endpoint Detection and Response 3.4.1

Cloud Agent Enhancements

Support to Store and Purge Cloud Agent Health Check Reports

With this release, the following enhancements are available for the Cloud Agent Health Check reports:

Retention of upto 10 Cloud Agent Health Check Reports 

Earlier, every time the Cloud Agent Health Check tool ran, the health check report was overwritten. 

With this enhancement, a maximum of 10 agent health check reports are retained. Using the earlier reports, you can now compare the reports to assess the changes in the Cloud Agent's health.  

Option to Purge the Cloud Agent Health Check Reports

This enhancement provides you with the purge command (/p) to clear the Cloud Agent Health Check directory and delete all the available reports.

Patch Management Enhancements

Enhanced Deferral and Reboot Countdown Timers

Previously, the patch deferral and reboot countdown were initiated according to the defined schedule irrespective of an active user session on the system.

With this enhancement the patch deferral and reboot countdown are now initiated only when the user logs on the system/asset. The first reboot request or countdown prompt is displayed after the user logs in. If there is no use login, the Cloud Agent waits indefinitely to initiate the reboot request or countdown. To enable this feature, turn on the Reboot Countdown Upon Login toggle in the Patch Management user interface.

Once the countdown is started, the system reboots upon its completion, regardless of whether the user is logged on.

If the reboot request prompt has started and all deferral timers have elapsed, the Cloud Agent will wait indefinitely before initiating the reboot countdown prompt.

Required Application Version Qualys Patch Management 2.12.0.0

Endpoint Detection and Response Enhancements

Removal of Third-Party Anti Malware Applications Based on Tags

Earlier, the setting for removal of third-party anti-malware applications was applicable based on subscription. The setting to enable Qualys EndPoint Protection and removal of third-party anti malware applications were available in Cloud Agent and Qualys EndPoint Detection and Response applications. 

With this release, the following enhancements are available for third-party anti-malware removal on an asset:

  • Using tags, you can enable the removal of third-party anti-malware applications for a specific set of assets. 
  • The Cloud Agent configuration profile includes the setting to remove third-party anti-malware applications and the setting to enable Qualys EndPoint Protection. This enhances the user’s onboarding experience by preventing switching between two applications for the settings.
  • You can set the exclusion for specific applications which should be retained on the system.
Required Application Version Qualys Endpoint Detection and Response 3.4.1

Domain Based Exclusion for Quarantined Assets

With this enhancement, you can now add domain names to be excluded while quarantining the asset. The domain-based exclusion ensures that essential services, security measures, and support can continue operating while the device is isolated for safety. This helps maintain the network's functionality and ensures safety.

To fully exclude a domain for a quarantined asset, you must exclude all of its subdomains.

 The domain-based exclusion is not supported if you are using the system-level proxy on the quarantined assets.

Required Application Version Qualys Endpoint Detection and Response 3.4.0

Behavior Changes

There are no behavior changes in this release.

End of Support for Platforms (Operating Systems)

With this release, the Qualys Cloud Agent for Windows discontinues the support for the following platforms: 

  • Windows XP 
  • Windows Vista 
  • Windows 7 
  • Windows Server 2003 
  • Windows Server 2003 R2 
  • Windows Server 2008 
  • Windows Server 2008 R2 

 
If you try to install Cloud Agent version 5.7 and later on these operating systems, the following error message is displayed.

C:\ProgramData\Qualys\QualysAgent\InstallerLogs\CloudAgentInstaller.log 

Information: Unsupported operating system detected. Agent installation, uninstallation or upgrade will not be completed as this setup is compatible with Windows 8/Server 2012 or later. 

To learn more about the support for legacy operating systems, see: Qualys Cloud Agent: Support for Legacy Operating Systems - Important Changes.

Issues Addressed

The following reported and notable issues have been fixed in this release.

CRM-122052

We fixed an issue where the deferment popup was not displayed if the user was not logged in to the system, causing a forced reboot after the completion of the reboot countdown.

CRM-111943

We had an issue where Cloud Agent was unable to complete the scan due to the missing manifest files. Now, Cloud Agent honors the newly downloaded manifest and completes the scan.

CRM-116377

We had an issue where Cloud Agent was using extra memory and disk resources, which caused slowness. We fixed this issue by optimizing the disk I/O operations during the scan. 

CRM-116082

We had an issue where the Cloud Agent self-protection feature caused slowness in launching other applications on the host. We fixed this issue by filtering out the processes not relevant to Qualys' self-protection feature.

CRM-122617

We had an issue where the FIM events were excluded when any of the multiple filter types matched the exclusion criterion. Now, FIM events are excluded only if all the applicable filters match.

CRM-125493

We fixed an issue where the Cloud Agent custom reboot script failed because additional parameters were passed in the script.

Known Issues, Limitations, and Workarounds

There are no known issues and limitations available for this release.