Release 3.6.1

March 03, 2025

What's New?

New Enhancement: Retry Failed Anti-Malware Installation

We have added a new capability in the Assets tab that lets you retry failed Antimalware Protection (EPP) installations with a single click. Previously, there was no direct way to reinstall failed EPP installations. With this update, you can now easily retry the EPP installation, ensuring seamless protection for your assets.

You can retry the anti-malware installation on individual assets or install it on multiple assets using the Actions drop-down menu.

One-Click Retry EPP Installation

This enhancement is available only on Windows Agent version 6.1.0 and later and is supported on assets where EPP installation has failed.

When the re-installation begins, the Anti-Malware status updates to 'Re-installing.' You can monitor the progress in the Anti-Malware Status column.

View re-installation status on the Assets page

New Response Option

On the Remediation > Log page, we have introduced a new response option called "Anti-malware Install" in the response.action QQL. This option filters assets where an attempt was made to re-install Anti-malware.

For more information on this enhancement, see Retry Failed Anti-Malware Installation section in the EDR Online Help.

New Enhancement: Scan Now

Qualys EDR 3.6.1 introduces Scan Now, a real-time scanning feature that provides immediate endpoint assessment capabilities. This enhancement allows security teams to initiate instant scans during incident response, thereby helping to reduce the time required for threat detection and containment.

You can initiate this scan from Assets. Hover over the desired asset, scroll to the bottom of the list in the Quick Actions menu, and click Scan Now. You can also scan on multiple assets using the Actions drop-down menu.

Scan Now works only on Windows Agent 6.1.0 and later. Scan Now option is disabled (greyed out) for agents below the minimum version.

Initiate Scan Now from Assets

Key Benefits

The following are some key benefits to use this scan:

Instant Threat Detection and Response	Traditional On-Demand Scanning requires manual configuration, which can delay response times. The Scan Now enhancement simplifies this process with one-click, immediate scanning capability, enabling security teams to identify and contain active real-time threats before propagating through the system.
Enhanced Incident Investigation	Security teams can now respond to alerts with greater agility by instantly initiating scans on affected endpoints, eliminating the need to wait for scheduled scans.
Streamlined User Experience	The Scan Now enhancement significantly improves operational efficiency by: - Eliminating the need for manual scan parameter configuration. - Providing an intuitive, single-click interface.
Minimized Attack Dwell Time	By allowing immediate scanning when suspicious activity is detected, Scan Now significantly reduces the time when potential threats can operate unnoticed. This quick response capability is essential for minimizing the potential damage that extended exposure to threats can cause within the system.
Comprehensive Scanning Strategy	Scan Now enhances existing scanning capabilities to establish a strong security framework: Scheduled Scans provide regular security checks. On-Demand Scans offer detailed assessments of the system. Scan Now addresses the critical need for immediate, real-time scanning in time-sensitive situations.

This multi-layered approach ensures comprehensive system protection while maintaining the flexibility to respond to emerging threats instantly.

For more information on this enhancement, see Scan Now section in the EDR Online Help.