Enterprise TruRisk™ Platform Release 10.36

October 23, 2025

Qualys Vulnerability Management (VM)

Enhanced Appliance Preview with Scanner Capacity Details

Earlier, we provided details of the scanner's health status by displaying the Heartbeat Checks Missed in the preview page of the Appliances (Scans > Appliances) and Scanner Capacity Graph in the Info page (Select any Scanner> Quick Actions menu > Info). 

You were able to view the following details in the preview page of the Scanner Appliance listing page:

  • Heartbeat Check Missed,
  • Scanning Engine Version
  • Latest Signature Version
  • Available Capacity

    Earlier section of preview page.

The Scanning Engine Version and the Latest Signature Version are available in the Scanner and Signature columns of the Appliance listing page.

When launching a scan, there was limited visibility into the total scan capacity units and Available Scan Capacity Units of a scanner, which caused a delay in the scan. To make this process smoother and improve the users' experience, we have enhanced the preview page with the following details by replacing the earlier Scanning Engine Version and the Latest Signature Version.

  • Scan Capacity Available(%): The percentage of total scan capacity available for new scan jobs. This was earlier displayed as Available Capacity.  It is renamed to Scan Capacity Available.
  • Total Scan Capacity Units: Total capacity of the scanner as per its configuration. 
  • Available Scan Capacity Units: Currently available free units for handling the scan targets.

You can also view the Scanner Capacity Graph in the preview page to help you select an appropriate scanner for launching the scans.

Additionally, we have added the following two new columns to the scanner listing page:

  • Total Scan Capacity Units 
  • Scan Capacity Available(%)

    Renamed sections of the preview page.

With these enhancements, you can easily check the scanner's availability and utilization before you launch the scan to select an appropriate scanner by viewing the data points and the scanner capacity graph. This helps you to select the scanner and start the scan without any delay.

Enhancements in Qualys Recommended Option Profile

In an earlier release, we had introduced the Qualys Recommended Option Profile for all new VM/VMDR subscriptions. Refer to Cloud Platform 10.30 Release Notes.   

With this release, we have enhanced the Qualys Recommended Option Profile for all new VM/VMDR subscriptions. This enhancement enables the default settings from the Qualys Recommended Option Profile to be automatically applied when creating a new Option Profile. These applied settings are designed to improve scanning efficiency and ensure adherence to best practices. 
Now, when you create a new Option Profile by navigating to Scans > Option Profiles > New > Option Profile > Scans > Performance > Configure, and select the Overall Performance as Normal, the following enhancements are included:

  • Scanner Appliances (under Hosts to Scan in Parallel) is increased from 30 to 50. This helps to speed up the scanning process, as more scanner appliances can function simultaneously.
  • Total Process and HTTP processes (under Process to Run in parallel (per Host)) is increased from 10 to 20. This allows each host to handle more scan tasks at once, improving overall scan throughput.

    Default settings of Qulays recommended option profile.

For existing recommended and non-recommended Option Profile users, the default settings for overall performance for Normal remain the same as earlier as 30, 10, and 10 for Scanner Appliances, Total Processes, and HTTP Processes.

Qualys API Support

For this enhancement, we have updated the API /api/4.0/fo/subscription/option_profile/vm/.  For more information, refer to Enterprise TruRisk Platform Release 10.36 API.

Validation for DNS Character Limit in VM-to-PCI Scan Sharing

Previously, when customers attempted to share VM scan results with PCI, the operation failed if the target asset group or FQDN contained DNS entries exceeding the character limit supported by PCI. This was due to PCI’s inability to store long DNS strings, as it does not support the CLOB datatype required for such data. The failure occurred during the import process at the PCI end when QWEB attempted to transfer scan details.  

With this enhancement, a validation message has been introduced during scan launch from both the VM and PCI portals. If the asset group or FQDN contains DNS entries exceeding 4000 characters, users will be notified before the scan is initiated. This proactive check prevents scan sharing failures and improves user experience.

Combination of asset group and FQDN will also display the validation message.

Launch Scan

This update affects only those customers who launch scans involving asset groups or FQDNs with DNS character lengths greater than 4000. 

This validation has been added for AGMS enabled customers only. 

The validation has been added to the following four scan launches: 

  • VM schedule scan 
  • Create/Update schedule scan API 3.0 onwards 
  • VM scan launch API

Enhancement to State Selection in User Creation 

With this feature, we have expanded the list of available states in the State field under General Information by adding Ladakh and Telangana. These new states are now visible when you create/edit a user by navigating to Users > New > General Information > States.

Ladakh and Telangana added under State.

Qualys API Support

For this enhancement,we have expanded the list of available states in the API /msp/user.php/user.php.  For more information, refer to Enterprise TruRisk Platform Release 10.36 API.

Clear Indication for Tagging Support on Deep Scan Results 

With this enhancement, the Asset Search page now clearly displays the message, Tagging is not supported for Deep Scan Results when viewing assets under VM > Assets > Asset Search

Display message tagging

This update ensures users are informed about the limitations in the first phase of Deep Scan Result support. 

Existing asset search functionalities remain intact, and the requested message is visible on the Asset Search Report page as expected:

Asset search report

Disconnected VMware ESXi Feature Enabled for All VMDR Subscriptions

With this enhancement, the Enable Disconnected ESXi in VM Option Profile feature is now available for all VMDR active subscriptions. The feature is enabled by default for new VMDR subscriptions and has been activated for existing subscriptions through a migration script.

Now, the Disconnected ESXi checkbox is visible on the New Option Profile page:

EXSi VM Option Profile

The user will have an option to perform a VM authenticated scan on VMware ESXi hosts via vCenter in the Option Profile.

Qualys Policy Compliance (PC)

 For the list of features and improvements we have made in Policy Compliance/Policy Audit, refer to the Policy Audit UI Release Notes for Release 1.4.  

Issues Addressed

The following reported and notable customer issues are fixed in this release:

Component/Category Application
 		 Description
VM - User Management Vulnerability Management We have updated the Online Help to inform that the manager can enable Symantec authentication individually for specific users, if not enabled globally. For more information, refer to Online Help.
VM - Remediation Report Vulnerability Management When users performed the Executive Remediation Report for all asset groups and applied the Overdue Tickets filter to the remediation, they discovered a discrepancy in the total number of overdue tickets. Relevant code changes have been made to fix the issue. Now, the users can view the same number of overdue tickets in both the report and the filtered list in the User Interface.
VM - Map Scan Vulnerability Management When users performed a MAP scan, the scan results displayed the status as finished, while the User Interface indicated the scan was interrupted. Backend data confirmed the interruption with a JOB Status Code, and the scanner appliance details were missing despite the scan running for over two hours.
This discrepancy occurs because of the current logic for scan results:

Only canceled is shown explicitly.
Any other status (for example, interrupted) is displayed as finished in the scan result section.

This is the expected behavior under the current design.
VM - Remediation Vulnerability Management When users searched QIDs on the Remediation tab, they noticed that the severity level of certain types of QIDs was incorrectly detected as Potential (yellow). However, after clicking the same QIDs, the severity level was displayed as Confirmed (red) in the General Information section. Relevant code changes are being made to fix the issue. Now, the users can view the same severity level for selected QIDs in the searched information and in the General Information section.
Documentation and
VM - Scan UI		 Vulnerability Management When users launched the scans when the concurrent limit was not reached, they observed the "Concurrent scan limit reached" error. Relevant code changes are being made to fix the issue. Now, the users can successfully launch the scans without encountering this error.
Documentation Vulnerability Management We have updated the documentation of Qualys Vulnerability Management - Scanning for Default Credentials and Commonly used passwords for QID 20424 (Postgres DB Default Credentials Detected). 
VM - Purge Assets Vulnerability Management When users attempted to purge a large number of hosts, the purging process was getting stuck due to some database errors.
Relevant code changes have been made to fix the issue. Now, users can do error-free purging, and respective hosts are correctly queued for purging.
VM - Assets Vulnerability Management When users added an asset to the Excluded Host List with an expiration date, the asset remained visible even after the expiration date had passed. This occurred even when the Remove IPs from Excluded Host List after expiration checkbox was selected. Relevant code changes have been made to fix the issue.
VM - Host Based Report Vulnerability Management When users generated a template-based scan report in CSV format with Do not show header in CSV report layout option enabled, the first row in the report appeared empty. Relevant code changes have been made to fix the issue.
VM - Remediation Report Vulnerability Management When the users generated a remediation report, it was observed that there was a discrepancy in the count of overdue tickets in the Remediation ticket listing page and the remediation report. Relevant code changes have been made to fix the issue. The counts are now consistent across both the listing page and the report. We have now documented this in the Online Help
VM - Authentication Records Vulnerability Management When users deleted an authentication record, it continued to appear in reports because the host’s authentication history remained unchanged. To completely remove scan data, you must purge the host. We have documented this in the Online Help.
Documentation Vulnerability Management When users scanned network blocks, some firewalls responded with TCP RST or SYN-ACK packets on behalf of non-existent hosts, causing false positives and creating ghost assets. To address this, the Ignore firewall-generated TCP RST packets and Ignore firewall-generated TCP SYN-ACK packets options have been introduced. When enabled, these options use heuristics to suppress such packets, improving scan accuracy. If these options are enabled unnecessarily, some hosts may appear as No Vulnerabilities Match Your Filters for These Hosts during scans. Enable these options only if this firewall behavior is confirmed in your environment. We have now documented this in the Online Help.
VM Vulnerability Management When the users reviewed logs on qagrec nodes, they observed excessive repetition of the log line [PROCESS_LOGGING] Process Logging Mode Set [Method=Default] [Logging_Mode=1] [Logging_Mode_Name=Minimum], which accounted for up to 40% of overall logs without adding meaningful information. To address this, the logic has been updated to suppress these entries when the logging mode is empty, reducing unnecessary log volume and improving log clarity.
VM - Authentication Records Vulnerability Management When users edited an authentication that included tags, they observed the UI was breaking. Relevant code changes are being made to fix the issue. Now, the users can experience a seamless and error-free User Interface.
VM - Scan API Vulnerability Management When users called the API and the values were set to ON for the following notifications: Delay in scan, Scan launch skipped, and Scan deactivated, the distribution groups were not displayed in the API response. Relevant code changes have been made to fix the issue. Now, the users can view distribution group information in the API responses for all the notifications (Before scan starts, After scan completes, Delay in scan, Scan launch skipped, and Scan deactivated)
VM - Scan API Vulnerability Management When the users observed the API output, the EASM scans appeared in the VMS scan list, scan summary APIs, and portal infra. Relevant code changes are being made to fix the issue. Now, the users can view the EASM scans listed only in the Portal infra API.
VM - Knowledge Base Vulnerability Management When users attempted to retrieve the knowledge base data through the API, they were unable to obtain the CVSSv3 score. Relevant code changes have been made to fix the issue. Now, users can retrieve knowledge base data through the API.
VM - Scan API Vulnerability Management When users had Network Support Feature enabled and tried to create/update their scheduled scan by assigning the input parameter scanners_in_network to 1 in the /api/2.0/fo/schedule/scan/ API, an error was encountered as Cannot launch scan. Relevant code changes have been made to fix the issue.
VM - API General Vulnerability Management When users attempted to create or resolve tags via the API, the operation failed with internal error code 1905 ("tags create or tag resolve is fail for tags: Cloud Agent Please try again").
In some cases, the HTTP status codes returned by different errors may exhibit inconsistent behavior. To ensure reliable and consistent error handling, we recommend that customers rely primarily on the internal error code included in the API response body. This internal error code provides a more accurate representation of the issue encountered.
VM - API General Vulnerability Management When users attempted to update a Static Search List containing a large number of QIDs (more than 4,000), the API call failed after processing some QIDs. This occurred because a new curl_init() connection was opened for each QIDS call to fetch vulnerability details, exhausting ephemeral ports on OCI-based pod infrastructure. To resolve this, we now initiate curl_init() only once and reuse it for subsequent QIDS calls. As a result, API calls for updating Static Search Lists with large QID volumes complete successfully without errors.

For the list of issues addressed in Policy Compliance/Policy Audit, refer to the Policy Audit UI Release Notes for Release 1.4