Qualys Cloud Agent for Windows Release 6.4.1
March 24, 2026
Cloud Agent for Windows 6.4.1 introduces shuffle randomization for patch downloads, PowerShell script support for Active Directory data collection, and EDR manifest lifecycle status reporting. Check the following subsections to learn more about these new features.
Shuffle Randomization for Patch Downloads
We have introduced agent-side shuffle randomization for patch downloads with the new Shuffle Randomization capability. Previously, agents downloaded patches in a fixed sequential order, which caused multiple agents to request and download the same patch simultaneously. This resulted in unnecessary network congestion and increased bandwidth consumption.
Shuffle randomization for patch downloads offers the following benefits:
- Optimized bandwidth usage: Agents now request patches in a randomized order, reducing simultaneous downloads of the same patch across multiple agents.
- Reduced network congestion: Qualys Gateway Service (QGS) can efficiently manage distinct patch copies across multiple agents, minimizing redundant network traffic.
- Improved patch distribution: The randomized download sequence ensures patches are distributed more evenly across agents during a deployment job.
EDR Manifest Lifecycle Status Reporting
We have introduced Endpoint Detection and Response (EDR) manifest lifecycle status reporting for the Agent Health Status feature. Cloud Agent now sends EDR manifest lifecycle status updates to the Qualys Platform, ensuring accurate monitoring of EDR configuration rollout and providing real-time visibility into the state of EDR manifests.
The agent now reports the following manifest statuses:
- Downloaded: The EDR manifest has been successfully downloaded to the agent system.
- Parsed: The downloaded manifest has been successfully parsed by the agent.
- Applied: The EDR policy manifest has been successfully applied on the agent system.
- Revoked: The EDR manifest has been revoked, for example when the EDR feature is disabled from the Cloud Agent UI.
| Required Application Version | Endpoint Detection and Response 3.8.2 |
Behavior Changes
There are no behavior changes in this release.
Platform Coverage Support
There is no new platform coverage added in this release.
Issues Addressed
The following important and notable issues are fixed in this release:
| Category/Component | Description |
|---|---|
| FIM Event Exclusion | We fixed an issue where the FIM event exclusion rules with multiple conditions were not working correctly. Now, we have optimized the FIM event exclusion logic to ensure that exclusion rules work correctly with multiple exclusion conditions. |
| Patch Management Job Status | We fixed an issue where patch job status was incorrectly marked as Job Started on Patch Management user interface when the job was completed. |
| Reporting - False Positives | We fixed an issue where several Control IDs (CIDs) reported false positives for Windows server assets, as Cloud Agent failed to correctly read the configuration settings. |
| SwCA Scanning | We fixed an issue where SwCA scans were failing for a few assets due to the multiple scan recursion. |
| Cloud Agent - Cross Platform Migration | Cloud Agents could not be migrated from a shared Qualys platform to a private cloud platform (PCP) due to the distinct URL lengths. We fixed this issue by implementing a solution to correctly replace PCP URLs during cross platform Cloud Agent migration. |
Known Issues, Limitations, and Workarounds
There are no known issues for this release.