Cloud Agent for Windows Release 6.5.1
Limited Customer Release
June 04, 2026
Prevent Suspicious Network Connections for IP Addresses
We introduced the Block Connection feature in Endpoint Detection and Response (EDR) to block or unblock suspicious and unauthorized network connections for IP addresses without interrupting critical business processes. You can now stop unauthorized traffic at your endpoints, reduce operational risk, and restore blocked connections from the EDR user interface.
This feature offers improved incident response and continued business operations while proactively safeguarding your assets.
With the Block Connection feature, you can block inbound and outbound traffic for both IPv4 and IPv6 addresses. To restrict the connection traffic, navigate to the Hunting tab in the EDR user interface and execute the Block Connection action for the required event.
| Required Application Version | Endpoint Detection and Response 3.8.3 |
To learn more about the Block Connection feature, refer to Endpoint Detection and Response Online Help.
Protect Assets from Unauthorized Traffic on UDP Ports
We enhanced the Quarantine Asset feature in EDR to facilitate blocking User Datagram Protocol (UDP) traffic on endpoints. This enhancement provides stronger security coverage for both Transmission Control Protocol (TCP) and UDP ports and ensures reliable, secure, and complete quarantine enforcement while maintaining seamless connectivity to the Qualys platform. It also delivers a more robust defense and eliminates risks associated with UDP-based communication during an active security event.
The feature explicitly allows Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) traffic on the following ports for effective Cloud Agent communication:
- Port 53: Allows DNS communication
- Port 67 and 68: Allows DHCP connection for IPv4 assets
- Port 546 and 547: Allows DHCP connection for IPv6 assets
These exceptions ensure that the Qualys Cloud Agent continues to communicate properly while the system strictly blocks all other network traffic.
Download EPP Updates with Secondory URL
We enhanced the Endpoint Protection Platform (EPP) to support a secondary URL for downloading EPP updates. When the EPP updates download fails via the primary URL, Cloud Agent uses the secondary URL to download them. This enhancement reduces the update download failure and ensures endpoint security with the latest available updates.
This feature is available only for EPP-enabled users.
| Required Application Version | Endpoint Detection and Response 3.8.1 |
Scan FSP Objects with ETM Identity
Cloud Agent now supports scanning Foreign Security Principal (FSP) objects in Active Directory with Qualys ETM Identity. You can now monitor security threats, misconfigurations, and privilege escalations for FSP objects. This enhancement helps you identify and eliminate the security risks posed by FSP.
Behavior Change
There is no behavior change for this release.
Platform Coverage Support
No new platform coverage added in this release.
Issues Addressed
The following important and notable customer issues are fixed in this release.
| Component/Category | Description |
|---|---|
| Authentication - Data Upload | We fixed an issue where Cloud Agent could not upload mitigation data to the Qualys platform due to an authentication failure caused by incorrect detection of public URLs. Cloud Agent can now correctly detect the public URLs and successfully upload mitigation data to the Qualys platform. |
| Remote Log Collection | We fixed an issue where the remote log collection request was stuck in the Processing status due to the special characters in the request name. Cloud Agent now efficiently handles special characters, and the remote log collection request is successfully completed. |
| Patch Management | We fixed an issue where patch jobs were stuck in Pending status due to Cloud Agent communication failure caused by special characters in the custom logo title. Now, Cloud Agent communication does not fail due to special characters in custom logo titles, and patch jobs are successfully completed. |
| Cloud Agent Access | We fixed an issue where some of the local files were locked and could not be accessed during Cloud Agent scans. Cloud Agent now does not lock the local files and users can access them during Cloud Agent scans. |
| EDR Re-provisioning | We fixed an issue where Endpoint Detection and Response (EDR) application had the status as Inactive after re-provisioning. Now, the EDR status is correctly marked as active after re-provisioning the Cloud Agent. |
| FIM Event Reporting | We fixed an issue where File Integrity Monitoring (FIM) event reporting failed due to the special characters in FIM actions. Cloud Agent now efficiently handles special characters, and FIM events are correctly reported. |
| Patch Installation | We fixed an issue where software installation through a patch deployment job failed due to a certificate error. Cloud Agent is now updated to prevent certificate failures and complete the patch deployment jobs successfully. |
| Cloud Agent Connection | We fixed an issue where Cloud Agent connection to the Qualys platform failed due to an incorrect connection URL. Now, Cloud Agent validates the connection URL and successfully connects to the Qualys platform. |
Known Issues, Limitations, and Workarounds
There are no known issues for this release.