Anti-Virus and HIPS Exclusion / Whitelisting on Windows

Have Anti-Virus or HIPS software installed? It's required that the following files, directories, and processes are excluded or whitelisted in all security software installed on the system in order to prevent conflicts with the Cloud Agent.

Agent processes

QualysAgent.exe - this is the Qualys endpoint service

setup.exe - non-MSI installer needs access to disk and registry locations (see below)

uninstall.exe - this is the Qualys endpoint service uninstaller - needs r/w/d access to following disk and registry locations

File whitelisting

%PROGRAMDATA%\Qualys\QualysAgent - we read/write/create/delete files in this directory and sub-directories

%ProgramFiles(x86)%\Qualys\QualysAgent - this is where the service and uninstall live. The service will create processes so HIPS needs to make sure to unblock this action

Registry whitelisting

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QualysAgent - this is where the agent setup installs the service into the system.

HKEY_LOCAL_MACHINE\SOFTWARE\Qualys - this is where breadcrumb information lives to merge agent and appliance scanner results. The agent needs c/r/w/d access here; setup needs to create the key; uninstall needs ability to delete the key.

QualysAgent.exe

Calls CreateProcess to launch external proceses on occasion

Calls CoCreateInstance to instantiate COM objects

Creates/Reads/Writes/Deletes files out of its programdata directory

Creates/Reads/Writes/Deletes from the hklm\software\qualys registry key

Enumerates and reads from all file and registry locations