Qualys Cloud Agent for Windows Release 6.3

November 21, 2025 (Updated December 10, 2025)

With this release of Cloud Agent for Windows, we are introducing the following new features and enhancements.

Support for Chunk Downloads

The Cloud Agent for Windows now supports downloading large files such as manifests, binaries, and patches in segmented chunks. Cloud Agent downloads the large files in chunks of 1MB each.

This improvement ensures efficient downloads, optimized resource utilization, smoother downloads over slower networks, and faster and reliable data transfers.

Troubleshooting Quarantined Assets

With this release of Cloud Agent, we have added support to unquarantine host assets. This feature helps in troubleshooting the quarantined assets.

You can unquarantine an asset when the asset connection with the server fails, or the host remains in the quarantined state, using the Qualys-generated unquarantine key. As per the requirement, you can ask for an asset-specific key or a master key that can be used for all the assets. The unquarantine key has the validity of 24 hours.

 Contact Qualys Support to generate an unquarantine key for your Cloud Agent hosts.

Sample command: Open the C:\Program Files\Qualys\QualysAgent on your assets and execute the following command.

QualysConfigUtility.exe /unquarantine key=<key_value> 

To learn more this feature, refer to the Cloud Agent for Windows Installation Guide.

Improvements for Cloud Agent Health Check Tool

We have enhanced our Cloud Agent Health Check Tool to fetch the details for Cloud Agent troubleshooting. The Cloud Agent Health Check Tool now reports the local system issues and displays them in the Health Check logs. This enhancement reduces the troubleshooting time and dependency on the internal IT team or system administrator, and improves the overall efficiency of Cloud Agent.

To capture the local system issues, we have added support for the following functions in the Cloud Agent Health Check Tool:

Capture Protocols and Cipher Details

Cloud Agent Health Check Tool now reports the negotiated protocol versions, such as TLS 1.2, TLS 1.3, Cipher Suite Details, such as AES, RSA, and SHA256, and Key Exchange and Encryption Algorithms. These details help you analyze the network traffic and connection issues.

Capture and Validate Certificate Details

This functionality of Cloud Agent Health Check Tool captures the detailed certificate information used for Cloud Agent communication. Cloud Agent captures the following certificate details:

  • Certificate Subject/Subject Alternative Name (SAN)
  • Certificate Issuer Details
  • Certificate Validity
  • Certification Chain Validation Status
  • Revocation Server Details

Enhancements for Patch Management

Life-cycle Changes for Legacy Operating Systems

We are streamlining the Patch Management support for the legacy Windows operating systems. To ensure the timely delivery, high-quality content, and continuous innovation we are introducing the Patch Management life-cycle changes for the following legacy Windows operating systems:

  • Windows 8
  • Windows Server 2012 (non-R2)
  • And earlier versions of Windows

To learn more about Patch Management support updates for the above-mentioned platforms, refer to Patch Management Lifecycle Changes for Legacy Windows Operating Systems.

Upload Software Artifacts to Qualys CDN

We have enhanced the Patch Management to support uploading pre/post actions artifacts and vendor-acquired patch artifacts to the Qualys CDN Server. The artifacts uploaded to the CDN server can be referenced in the Patch Management workflows. Cloud Agents download these artifacts from the nearest CDN server and use them during patch deployment.

Uploading software artifacts to the CDN server offers the following benefits:

Pre/Post Actions for Software Installation

You can now upload software artifacts for Install Software type pre-actions and post-actions to the CDN Server. This helps you with:

  • Centralized Access: The packages uploaded to the CDN server can be centrally accessed and reused in multiple deployment jobs.
  • Reliable Downloads: Cloud Agent retrieves artifacts from the nearest CDN server, minimizing latency and failures.

Vendor Acquired Patches

You can centrally manage the vendor-acquired patches with the following capabilities:

  • Enable or disable the use of vendor-acquired patches in Patch Management.
  • Upload or update patch artifacts to the Qualys CDN server for consistent distribution.
  • Delete patch artifacts from the CDN server when no longer required.
Required Application Version Patch Management 3.10.0.0

HTTPS Proxy for Cloud Agent Communication

We have updated Windows Cloud Agent to support the HTTPS Proxy for communicating with the Qualys Platform. Earlier, only HTTP Proxy was supported for the Windows Cloud Agent.

The HTTPS proxy offers the more advanced security protocols, adding an extra layer of protection for your assets.

The following is the sample command for configuring the HTTPS proxy for your Cloud Agents:

SampleQualysProxy [/u https://<proxy url> [/n <proxy username>] [/p <proxy password]]

Example: QualysProxy [/u https://my_proxy [/n <proxy username>] [/p <proxy password]]

Enhancements for CAR

Support for RemoteShell Commands

The Cloud Agent for Windows now supports the RemoteShell commands for Custom Assessment and Remediation (CAR). With this feature, you can connect to any remote assets from the CAR user interface and execute the remote shell commands to retrieve host asset logs for analysis. You can have a maximum of ten active remote connections.

Supported RemoteShell Commands

Currently, the following commands are supported by RemoteShell:

  • date – Displays the current system date and time.
  • whoami – Shows the username of the currently logged-in user.
  • ps – Lists running processes on the remote system.
  • scriptrun – Executes a specified script on the remote machine.
  • ls – Lists files and directories in the current directory.
  • run – Runs a specified executable or command.
  • delete – Deletes a specified file or directory.
  • shares – Displays shared resources on the system.
  • reg – Manages Windows registry keys and values.
  • copy – Copies files from one location to another.
  • mkdir – Creates a new directory.
  • cd – Changes the current working directory.
  • restart – Restarts the remote system.
  • history – Shows the command execution history.
  • cls – Clears the terminal screen.
  • kill – Terminates a specified process.
  • env – Displays environment variables.
  • users – Lists all user accounts on the system.
  • netstat – Displays network connections and listening ports.
  • stop – Stops a running service or process.
  • nslookup – Resolves domain names to IP addresses.
  • regquery – Queries values from the Windows registry.
  • drivers – Lists installed system drivers.
  • ipconfig – Displays network interface configuration.
  • hash – Generates or verifies file hash values.
  • shutdown – Shuts down the remote system.
Required Application Version Custom Assessment and Remediation 2.6.2

Behavior Changes

There are no behavior changes in this release.

Platform Coverage Support

There is no new platform coverage added in this release.

Issues Addressed

The following important and notable issue is addressed in this release.

Category/Component Issue Description
Patch Failure We fixed an issue where the patching to assets were failing with exit code -2145124329 due to unavailability of patch file. 
Hash-based Blocking The Hash-based Blocking feature in the Endpoint Detection and Response application could not block the applications with file size more than 25 MB. Now, we have increased the file size limit for the Hash-based Blocking to 100 MB to fix this issue.

Known Issues, Limitations, and Workarounds

There are no known issues for this release. 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: December, 2025