Anti-Virus and HIPS Exclusions on Windows

Have Anti-Virus or HIPS software installed? To avoid conflicts with Cloud Agent, ensure that you exclude the following files, directories, and processes from all security software installed on the system.

Agent processes

QualysAgent.exe - this is the Qualys endpoint service

setup.exe - non-MSI installer needs access to disk and registry locations (see below)

uninstall.exe - this is the Qualys endpoint service uninstaller - needs r/w/d access to following disk and registry locations

Files

%PROGRAMDATA%\Qualys\QualysAgent - we read/write/create/delete files in this directory and sub-directories

%ProgramFiles(x86)%\Qualys\QualysAgent - this is where the service and uninstall live. The service will create processes so HIPS needs to make sure to unblock this action

Registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QualysAgent - this is where the agent setup installs the service into the system.

HKEY_LOCAL_MACHINE\SOFTWARE\Qualys - this is where breadcrumb information lives to merge agent and appliance scanner results. The agent needs c/r/w/d access here; setup needs to create the key; uninstall needs ability to delete the key.

QualysAgent.exe

Calls CreateProcess to launch external proceses on occasion

Calls CoCreateInstance to instantiate COM objects

Creates/Reads/Writes/Deletes files out of its programdata directory

Creates/Reads/Writes/Deletes from the hklm\software\qualys registry key

Enumerates and reads from all file and registry locations