Anti-malware Setup and Third-Party Anti-malware Removal Tool

The Anti-malware Setup allows you to download a copy of the anti-malware to reduce the network bandwidth. The setup has the option for online or offline installation. 

The Anti-malware Setup option is available for Windows Cloud Agent 5.5 and above.

Installing Anti-malware using an Installer Mode

After clicking the Anti-malware Setup button from the Configuration tab perform the following steps on the Anti-malware Setup page:

  1. From the Anti-malware installer mode select Cloud Installer or On-Premise Installer.
    • Cloud Installer mode: This is the default installer mode. Select this mode to use the online version of the Anti-malware.
    • On-Premise mode: Select this mode to download the installer file to the local environment. Using this option you can download the copy once and place it using Ansible or any other methods.
  2. For the On-Premise Installer select the Windows Architecture between x86 or x64
  3. Click Download.
  4. Provide the Installer Location. The location can be your local system path or server http(s).

    If you provide location path, ensure the path is accessible to the asset. For the local disk path once the installation is completed, the installer will be auto-deleted. 

    Refer the following On-Premise Installer screenshot for reference:

    On-Premise Installer mode in the Anti-malware Setup.

  5. Click Save.
  6. From the Cloud Agent application, click Configuration Profiles.
  7. Click New Profile and do not toggle the option Enable Malware Protection for this Profile. Assign the newly created profile to an asset.

    It is recommended not to make changes to the existing Configuration Profiles.

    Disable EPP from Cloud Agent Configuration Profile.

  8. Once this profile is assigned to an asset, set the profile with Enable Qualys Anti-malware Protection for this Profile to an asset. Click Continue to Save. 

  9. You can check the installation status under the Anti-malware Status column in the Assets tab. The following screenshot is an example of the installation status:

Third-Party Anti-malware Removal Tool

The Anti-malware setup can be proceeded with enabling the Third-Party Anti-malware Removal Tool. However, enabling the Third-Party Anti-malware Removal Tool removes the third-party products and its traces from the applications. The tool detects the presence of any third-party application on the system and in case of a failed installation, an error message is displayed with the name of the application that caused the EPP installation to fail.

Using the Add Exclusions field, you can add the list of applications that should be excluded during the removal process. The Third-Party Anti-malware Removal Tool can fail to uninstall the third-party application in any of the following scenarios:

  • Third-party Anti-malware is not supported
  • Third-party Anti-malware is password protected
  • Stale entry of an old Anti-malware

Prerequisites to Enable Third-Party Anti-malware Removal tool

  • The minimum requirement for Agent version is to enable the Third-Party Anti-malware Removal Tool
  • OPSWAT-supported application. Go to the OPSWAT web page and click the Show Uninstall Supported Only button on the top-right corner to view the list of supported anti-virus.

Enabling the Third-Party Anti-malware Removal tool

After clicking the Anti-malware Setup button from the Configuration tab perform the following steps on the Anti-malware Setup page

  1. Enable the Third-Party Anti-malware Removal Tool.
  2. (Optional) In the Add Exclusions field list the application(s) that will be excluded during the uninstallation process.

    You can provide the application name in the Add Exclusion field, even though the Third-Party Anti-malware Removal tool is disabled.

    • Qualys Agent can also identify the application that caused the anti-malware installation failure. In such scenarios, an error message is displayed in the Anti-malware Status column of the Assets tab. Copy the application name and paste it in the Add Exclusion field.
  3. Click Save.

A notification message confirms the Third-Party Anti-malware Removal Tool has been enabled.