1. Home >
  2. Release 3.4

Release 3.4

August 09, 2024

What's New?

Custom Scans via Command Prompt Window

We have introduced a new enhancement to support custom scans on Windows assets. This enhancement lets you perform customized scans by defining scan criteria directly through the command prompt window. This will enhance your system monitoring and protection capabilities and better meet your needs.

Using the command prompt window, you can start a scan on the Windows endpoint.

Follow these steps:

  1. Go to C:\Program Files\Qualys\QualysEPP
  2. Execute this command – 

.\product.console.exe /c FileScan.OnDemand.RunScanTask custom path= “define the directory that needs to be scanned”

For Example

.\product.console.exe /c FileScan.OnDemand.RunScanTask custom path= “C:\logs”

For more information about running an OnDemand scan via the Command Prompt Window, refer to the EDR Online Help.

Quarantine Asset Updates

The Quarantine Asset window now includes two new configurations: Allowed IPs and Allowed Domains. These configurations are significant as they improve your network's security and functionality.

These configurations can be accessed with Cloud Agent for Windows version 5.6 or later. If the Agent version is below 5.6, users cannot use these configurations from the Assets tab.

Quarantined assets are isolated from the rest of the network to prevent potential security threats from spreading.

Allowing specific IP addresses to connect to the network during quarantine ensures that essential functions can still operate. In addition, security measures can be implemented without completely isolating the device from the entire network. Here are a few reasons why this might be necessary:

  • Critical Communications: Certain IP addresses might be linked to crucial servers or services, such as a company's email server or a cloud storage service, requiring continuous communication with the quarantined device.
  • Security Management: Security tools like antivirus software and network monitoring tools can apply updates and investigate issues to enhance network security.
  • Remote Diagnostics and Support: Remote support tools may need access to the quarantined device for issue resolution.
  • Control Over Network: By restricting access to trusted IP addresses, you gain tight control over the network, allowing only necessary connections and significantly reducing risks.

Providing access to specific domains even if the asset is quarantined means that specific domains can communicate with the network. Here are a few reasons why this might be necessary:

  • Access to Essential Services: Certain domains may host crucial services or applications that must remain accessible for continuous business operations, such as cloud storage, email services, or essential online applications.
  • Download Necessary Updates: Allowing domains of security software providers or update servers ensures the quarantined device can download necessary updates and patches, which is crucial for maintaining network integrity and resolving the security issue.
  • Remote Management and Support: IT support tools and remote management systems may require access to specific domains to diagnose and resolve quarantine issues.
  • Minimize Operational Disruption: Allowing specific, trusted domains to remain accessible maintains productivity and ensures necessary functions continue without exposing the network to risks.

To learn more about these configurations, refer to the EDR Online Help.

New TRPT Status Codes Added in the antimalware.status Token

We have added Third-Party Antimalware Removal Tool status codes related to antimalware.status token. Using the codes below, you can filter assets based on their TPRT status.

  • TPRT Download Error
  • TPRT Validation Error
  • TPRT Succeeded
  • TPRT Failed
  • TPRT Unsupported Product

The following screenshot is an example of the drop-down list of antimalware.status token:

Update: AMSI Log Enhancement

AMSI Log is now available in a new, dedicated tab, boosting the efficiency of your tasks. This improvement enhances the customer experience by providing faster and easier access to important log information, allowing you to monitor and troubleshoot more efficiently.

You can still access the AMSI Log from the Related Events tab. Simply use the QQL query 'event.hasamsi: true' to filter and view the AMSI Log.  

New Asset Search Tokens

We have introduced new search tokens to filter results based on other antivirus applications on your assets.

  • thirdparty.isremoved
  • thirdparty.isuninstalledsupported
  • thirdparty.prodname
  • thirdparty.prodvendor
  • thirdparty.prodversion
  • isrebootrequired

To learn more about these search tokens, refer to the EDR Online Help.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.