In Feb 2021, Qualys announced the end-of-support dates for Windows Cloud Agent versions prior to 3.0 and Linux Cloud Agent versions prior to 2.6. Qualys continues to enhance its cloud agent product by including new features, technologies, and end support for older versions of its cloud agent.
Starting January 31st, 2023, the following platforms and their respective versions will become end-of-support. EOS would mean that Agents would continue to run with limited new features. If there is a need for any Technical Support for EOS versions, Qualys would only provide general technical support (Sharing KB articles, assisting in how to for upgrades, etc.) and not standard technical support (Which involves the Engineering team as well for bug fixes). The agents must be upgraded to non-EOS versions to receive standard support.
|Platform||End-of-Support agent versions|
|Windows||Prior to 4.0|
|Linux||Prior to 3.3|
|Linux ARM||Prior to 3.3|
|Solaris||Prior to 3.3|
|BSD||Prior to 3.3|
|IBM AIX||Prior to 3.3|
|MacOS||Prior to 2.5|
Note: please follow Cloud Agent Platform Availability Matrix for future EOS
How to find agents that are no longer supported today?
There are a few ways to find your agents from the Qualys Cloud Platform.
- QID 105961 EOL/Obsolete Software: Qualys Cloud Agent Detected
- Search by Agent Version
- Search by Software Lifecycle Stage
- Use Cloud Agent Dashboard
QID 105961 EOL/Obsolete Software: Qualys Cloud Agent Detected
Today, this QID only flags current end-of-support agent versions. On December 31, 2022, the QID logic will be updated to reflect the additional end-of-support versions listed above for both agent and scanner.
|Platform||End-of-Support agent versions|
|Windows||Prior to 2.1|
|Linux||Prior to 2.0|
|IBM AIX||Prior to 2.0|
|MacOS||Prior to 2.0|
Note: There are no vulnerabilities. This is simply an EOL QID. By default, all EOL QIDs are posted as a severity 5.
For example, you can find agents by the agent version number by navigating to Cloud Agent > Agent Management > Agents and using the following search query:
agentVersion<3.3* and operatingSystem:linux
For example, you can find agents by the software name and lifecycle stage by navigating to Global IT Asset Inventory > Inventory > Software and using the following search query:
software:(name:Qualys and lifecycle.stage: ‘EOL/EOS’)
Go to Dashboard and you’ll see widgets that show distribution by platform.
What action do I need to take?
Upgrade your deployed agents
Tip – All Cloud Agent documentation, including installation guides, online help and release notes, can be found at qualys.com/documentation.
Install the latest version for future deployments
You’ll want to download and install the latest agent versions from the Cloud Agent UI. Please refer Cloud Agent Platform Availability Matrix for details.
Best Practices for Agent Binary Upgrade
1) We recommend customers use the auto-upgrade feature or upgrade agents quarterly:
- Best: Enable auto-upgrade in the agent Configuration Profile. This method is used by ~80% of customers today. This is the best method to quickly take advantage of Qualys’ latest agent features. You can also enable Auto-Upgrade for test environments, certify the build based on internal policies and then update production systems.
- Better: Certify and upgrade agents via a third-party software package manager on a quarterly basis. Qualys is working to provide Agent version control from the UI as well where you can choose Agent version to which you want to upgrade.
- Good: Upgrade agents via a third-party software package manager on an as-needed basis.
2) Qualys highly recommends that customers download and update their Gold Image builds quarterly, even if auto upgrade is enabled in the Configuration Profile.
Why should I upgrade my agents to the latest version?
Beyond routine bug fixes and performance improvements, upgraded agents offer additional features, including but not limited to:
Cloud provider metadata – Attributes which describe assets and the environment in the Public Cloud (AWS, Azure, GCP, etc.)
Enhanced Java detections – Discover Java in non-standard locations
Middleware auto discovery – Automatically discover middleware technologies for Policy Compliance
Support for other modules – Patch Management, Endpoint Detection and Response, File Integrity Monitoring, Security Analytics
ARM support – ARM architecture support for Linux
User Defined Controls – Create custom controls for Policy Compliance
On-Demand Scan – Force agent to start a collection for Vulnerability Management, Policy Compliance, etc.
Multiple proxy support – Set secondary proxy configuration
Unauthenticated Merge – Merge unauthenticated scans with agent collections
If you have any questions or comments, please contact your TAM or Qualys Support.