Cloud Agent for Windows Release 6.2
July 04, 2025
With this release, we bring the following new features and enhancements to Qualys Cloud Agent for Windows.
Reattempt Patch Deployment
The Cloud Agent for Windows now supports retrying patch installation for failed patches. This improvement reduces the number of failed patches and minimizes the need for manual intervention to install them.
To configure the number of retry attempts and time interval to trigger patch reinstallation, navigate to Jobs > New Deployment Job in the Patch Management user interface.
In the Options window, switch the Reattempt failed patches toggle to ON.
Cloud Agent for Windows currently does not support the configured Time Interval to trigger patch reinstallation.
| Required Application Version | Patch Management 3.7.0.0 |
Launch Deep Scan
With this release, we are providing an option to enable a deep scan from the Cloud Agent user interface while creating a configuration profile.
The deep scan detects vulnerabilities for non-standard binaries, software, middleware, and executable present at non-standard installation paths, not covered under the typical system scans. This allows Cloud Agent to report data for technologies that are not supported by VM scans.
To enable this feature, on the Scan Configuration page, select the Deep Scan checkbox. In the Deep Scan Settings, you can specify the scan directories for the scan scope and configure the scan interval, delay, and CPU usage.
The Deep Scan option is disabled by default. Contact Qualys Support to enable it for your subscription.
New Feature — Create Isolation Job for Host Assets
With this release, we are introducing a feature to isolate vulnerable host assets from your network. The isolated host assets can not interact with other assets in your network, preventing them from exploiting critical vulnerabilities. Earlier, we had the capability to isolate host assets from the Qualys Endpoint Detection and Response (EDR). With the Qualys Isolation, we are extending these isolation capabilities to Qualys Vulnerability Management Detection and Response (VMDR).
You must have TruRisk Eliminate™ activated for your account to access this feature.
You can also configure the IP address, application path, and domain name exclusions. The excluded IP addresses, applications, and domains can communicate with isolated host assets allowing you to deploy the mitigation and patch jobs. By default, we have added exclusions for Cloud Agent, Patch Management, and Mitigation processes, meaning these excluded processes will work for isolated assets.
- Ensure that you add all the sub-domains while configuring domain exclusion to completely exclude the domain from the isolation rule.
- The domain exclusion and static website with IP exclusion does not work if you configure a system-wide proxy.
- The excluded domains are accessible only with your organization's DNS or Google Public DNS.
| Required application version | Patch Management 3.4.0 Vulnerability Management Detection and Response 2.1.0 |
Proxy Randomization
The Cloud Agent for Windows now supports proxy randomization. When you configure multiple proxies, the Cloud Agent randomly selects one of them to establish an outbound connection.
Random proxy selection reduces connection failures by attempting connections with different proxies to avoid repeated connection errors.
To learn more about Proxy Randomization, refer to the Qualys Cloud Agent for Windows Installation Guide.
Special Code for Handling Missing Patches
We have introduced a special code 15 in the patch job logs to indicate the patch installation failure during or after the system reboot. Now, an error code and associated error message clearly mentions the reasons for patch installation failure.
On the Patch Management user interface, the patch job status is displayed as PatchInstallationFailed to indicate the patch installation failure during or after reboot.
| Required Application Version | Patch Management 3.7.0.0 |
Improvements for EDR Hash-based Blocking
With the hash-based blocking option in the Endpoint Detection and Response (EDR), you use a hash to restrict access to the respective applications.
To improve the applicability and user experience, we have made the following changes to EDR hash-based blocking.
Application size: This feature restricts access to applications up to 100 MB. Earlier, applications up to 25 MB were supported.
Cache hash: The EDR hash-based blocking now caches the previously configured hashes. This reduces the configuration time.
Notification message: After configuring the hashes for restricting access, we now display a notification message.
| Required Application Version | Endpoint Detection and Response 3.7.0 |
Cloud Agent Cross-Platform Relocation
Cloud Agent for Windows now supports cross-platform relocation. With this feature, you can relocate a Cloud Agent installed on one Qualys platform to another without reinstalling it.
You can use this feature to meet compliance regulations, or if you are moving from one Qualys platform to another for data residency compliance, performance optimization, or platform upgrades.
To learn more about Cross-Platform Relocation, refer to the Qualys Cloud Agent for Windows Installation Guide.
Event Tracing for Windows Assets
The Event Tracing for Windows (ETW) is a high-performance system and application events tracing utility provided by Microsoft Windows. You can use the logs from ETW for system analysis and troubleshooting.
The Cloud Agent for Windows now supports identifying the key events reported by ETW and configuring the event ID in a configuration file for ETW.
IPv6 Support for Anti-malware Protection
We enhanced the Qualys Anti-malware Protection (EPP) feature to support IPv6 addresses in exclusion criteria. With this enhancement, you can add IPv6 addresses in the exclusion rule to allow your assets to communicate with excluded IP addresses.
The IPv6 addresses now also works Cloud Query, signature updates, and other Cloud Agent functionalities.
Earlier, only IPv4 addresses were supported for the Windows Cloud Agents.
| Required Application Version | Endpoint Detection and Response 3.7.1 |
Issues Addressed
The following important and notable issues are fixed in this release.
| Component/Category | Description |
|---|---|
| Proxy Connection | When multiple proxies were configured for Cloud Agent, agents encountered the same errors and could not establish the proxy connection in some cases. We fixed this issue by adding support for randomized proxy selection. |
| FIM Event Reporting | The FIM events were reported even after the users were added to the exclusion rule. We fixed this issue by modifying the exclusion rule filters. |
| Agent Upgrade | Cloud Agents were unexpectedly upgraded to the new versions even when the correct configuration profile was assigned. We fixed this issue by adding a check to prevent unexpected self-upgradation. |
| Agent Reboot | Cloud Agents initiated the reboot countdown before reaching the configured deferment limit. We fixed this issue by increasing the waiting period for initiating a new deferment instance. |
| False Positives | We fixed the false positives for the WebLogic QIDs: QID-87467 and QID-87524, which were reported even after installing the latest patches. |
| Patch Installation | We fixed an issue where the patch installation through pre-actions was failing for the MSI-based applications by adding the installation execution command for MSI-based applications. |
| Asset Startup | We fixed an issue where Active Directory assets displayed the Blue Screen of Death (BSOD) error while restoring from the backup. |
| Network Communication | We fixed an issues where Cloud Agent was not responding on Windows Server 2025 assets in AWS EC2 instances by adding checks for preventing CAPS binary execution. |
| Agent Reboot | We fixed an issue where scheduled Cloud Agent reboot jobs were delayed for the Custom Assessment and Remediation (CAR) application. |
| Traces Removal | We fixed an issue where Cloud Agent could not remove the traces for Patch Management, even after it was disabled for the agent. |
| AgentId Service | Some users reported an issue that the AgentId service is not supported for Windows 2008 R2 assets. As this is the expected behavior, we have updated our documentation on supported platforms for Cloud Agent. |
| False Positives | We fixed an issue where false positives were reported QID 92215 as the patch versions were not correctly reflected for the installed patches. |