1. Home >
  2. Qualys EDR >
  3. Release 3.7

Qualys EDR Release 3.7 - New Features and Updates

April 15, 2025 

New Enhancements in Advanced Hunting

In an earlier release, we introduced the Advanced Hunting tab under Hunting, featuring a set of predefined queries developed by our Threat Research team. These queries enabled quick identification of potential threats, anomalies, or suspicious activities in your environment. You could also create and save custom queries to tailor their threat-hunting efforts.

With this update, we have expanded functionality, providing more control over both System-Generated and Custom Queries. These enhancements offer greater flexibility and efficiency in managing your hunting queries.

System-Generated Queries

View Details You can access the read-only details of a query by using the View Details option from the Quick Actions menu, without having to run or save the query.
Clone Query You can clone system queries by using the Clone Query option from the Quick Actions menu.


Custom Queries

Edit Query You can modify saved custom queries by using the Edit Details option from the Quick Actions menu.
Clone Query You can create duplicates of existing custom queries for further refinement by using the Clone Query option from the Quick Actions menu.

For more information, refer to the Manage Queries section in the EDR Online Help.

Added JSON Support for Web Access Control Exclusions in the Antimalware Profile

We have added support for uploading JSON files to improve the management of Web Access Control exclusions within the Antimalware Profile.

This enhancement allows you to upload predefined JSON files, which significantly saves time by reducing manual entry. You can manage multiple exclusions simultaneously, ensuring accuracy and reducing human errors with correctly formatted exclusions. Overall, this feature makes it easier and more user-friendly to manage Web Access Control exclusions.

For more information, refer to the Web Access Control Exclusion section in the EDR Online Help.

JSON File Format ExampleJSON File Format Example

{
"contentControl": {
   "webAccessControl": {
       "exclusions": [
                 {
                      "value": "*amamzon.in",
                       "status": "allowed",
                       "schedule": null
                 },
                 {
                        "value": "*swivbn.com",
                         "status": "blocked",
                         "schedule": null
                  },
                  {
                          "value": "*swivsdbn.com",
                          "status": "blodcked",
                           "schedule": null
                    }
                ]
             }
      }
}

 

New Enhancements in Asset Configuration

The following new enhancements are added to the Asset Configuration functionality: 

Extended Quarantine Capabilities for Linux Assets

You can now quarantine Linux assets and allow network access for specified applications through exclusions, ensuring critical applications can operate effectively without completely isolating Linux assets. 

Exclusions for Windows and Linux applications can be configured within the same quarantine settings, streamlining security operations and enhancing efficiency by eliminating the need for separate configuration workflows. 

Exclusions can be added for quarantined assets if the Linux agent version is 7.1.1 or higher.

For more information, refer to the Understanding Quarantining Assets section in the EDR Online Help.

IPv6 configuration is not supported on Linux assets.

Independent Configuration of IPv4 and IPv6 Settings for Allowed IPs

You can now independently configure IPv4 and IPv6 settings—IPv4 in the IPv4 settings and IPv6 in the IPv6 settings—providing clearer organization and more granular control over network parameters. 

This separation enhances flexibility by allowing each protocol to be managed according to specific needs. It also reduces the risk of configuration errors by ensuring distinct settings for both IPv4 and IPv6. 

As a result, network management becomes simpler and more intuitive, streamlining processes and improving overall efficiency.

For more information, refer to the Allowing IPs section in the EDR Online Help.

IPv6 is supported only on Windows assets.

New Override Host Config Option for Quarantined Assets

The Override Quarantined Host Configuration is a security feature that enables you to bypass or adjust restrictions on a quarantined host. 

Earlier, to modify the IPs, applications, and domains for a quarantined host, you had to unquarantine the asset, update the list of allowed IPs, applications, and domains, and quarantine the asset again. 

With the Override Quarantine Asset Config option, you can modify the list of allowed IPs, applications, and domains while the asset is quarantined. 

To use this enhancement, navigate to Assets. In the Assets list, locate the quarantined asset you want to override. Hover over the asset, and from the Quick Actions menu, click Override Quarantined Host Config.

For more information, refer to the Override Quarantined Host Configurations section in the EDR Online Help.

  • When you modify the Allowed Applications list, the existing configurations are replaced, not appended. Hence, the applications that were added to the Allowed Applications list are blocked. 
  • This enhancement is supported only on the assets with Cloud Agent for Windows Agents 6.1.1 and later and Cloud Agent for Linux 7.1.1 and later. 

 

 

 

 

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.