Agent Setup for Microsoft Windows

Setup of the Microsoft Windows Agent

To complete the assessment of a Windows device, we require you to install an agent onto the device. The agent installation is a simple task that can either be performed manually per device or can be installed via a Group Policy Object (GPO) or Microsoft Endpoint Manager (now InTune) via a new Line of Business App.

THIS IS NOT A DOUBLE CLICK TO INSTALL!

below are quick-click links to places within this document

Manual Deployment of standard .EXE file

You will need to have local administrative rights on the machine on which you are installing the software agent.

THIS IS NOT A DOUBLE CLICK TO RUN APPLICATION - SEE BELOW

  1. Download the setup file for your operating system from the URL you have been provided in the CE Plus Onboarding Email (if you need to, extract the executable file, msi or package file).



    DO NOT DOUBLE CLICK OR RUN THE EXE FILE DIRECTLY!

  2. If you are not already logged in as an administrator on the machine and will be elevating privileges to install, you will need to then move the .EXE file into a location where the elevated user will still be able to see it.  We suggest moving to a folder that you can find on your C:\ drive, such as C:\_Install.

    (Note: when you elevate privileges, your username within the context of the elevation changes, therefore %userprofile%\Downloads, which is where you have downloaded the agent to, will not be the same user that the elevation will use and you will not be able to see the file)
  3. Once you have the file in a location that any user of the system can access, you should open a command prompt, using elevation, so if you search for "CMD" you will then click on the "Run as administrator", which would then ask me to authenticate to elevate my access.

  4. From the command prompt, navigate to the location where you stored the .EXE file you downloaded earlier.
  5. You should then copy and paste the command line we have provided you in the email and run it by pressing ENTER.
    QualysCloudAgent.exe CustomerId={a code will be placed here} ActivationId={a code will be placed here} WebServiceUri=https://{the URL of the test platform will be placed here/}

    Where we show { and } these MUST remain as they are required, for example

    QualysCloudAgent.exe CustomerId={e9f8dfdd-36b4-fd2d-8954-4f3efcc6d47a} ActivationId={b43a6b97-bc0b-5274-264d-92dceb5edc65} WebServiceUri=https://qagpublic.qg2.apps.qualys.eu/CloudAgent/

  6. The installation is silent and you will not see much happen after the agent is installed - please contact one of the assessment team once you have completed the installation and they will confirm that we are able to see all your devices checking in.

MSI FILE

The MSI File can be used with the full command line which will include the specific command line parameters detailed within the email we sent you, prefixed by msiexec.exe /i......

Where we show { and } these MUST remain as they are required, for example:

msiexec.exe /i cloudagent_x64.msi CustomerId={e9f8dfdd-36b4-fd2d-8954-4f3efcc6d47a} ActivationId={b43a6b97-bc0b-5274-264d-92dceb5edc65} WebServiceUri=https://qagpublic.qg2.apps.qualys.eu/CloudAgent/

Msiexec.exe /i CloudAgent_x64.msi CustomerId={your customer ID information} ActivationId={your activation ID information} WebServiceUri=https://qagpublic.qg2.apps.qualys.eu/CloudAgent/

Endpoint Manager Deployment

The agent can also be rolled out to your devices via Microsoft EndPoint Manager (Intune) via the Windows, Apps, Line of Business Application option.

  1. Download the Windows Installer File (MSI) which we have provided
  2. Sign in to your endpoint management portal
    https://intune.microsoft.com/#home
  3. From the left-hand menu, select "APPS"  
  4. From the By Platform option, select "Windows" 
  5. Select "Add"

  6. Select "Line-of-business app" from the App Type menu 
  7. Click "Select" to proceed 
  8. Select your MSI file by clicking on "Select app package file" 





  9. Confirm that Endpoint Manager Add App has the correct MSI and settings (default settings on the page are OK) however, you will need to enter a publisher, type in "Qualys" and then click on "Next" 


  10. You can now choose to deploy the MSI via "Add all devices" (easiest option) or you can add a group (if you have one with machines allocated) where this will deploy to a selected group of machines. Select an option and click "Next" 

  11. Review all the settings for the App and click on "Create" 

Endpoint Manager WIN32 App

We actually find this the most reliable method for installation of Qualys via EndPoint Manager/Intune.

  1. Select Apps and then Windows from the Left and then Middle Menus
  2. Click on +Add and then select "Windows app (Win32) from the options
  3. Click "Select" from the option in the "Select app type" after selecting Win32 as in 2.
  4. Click on "Select app package file" and browse to the xxx.intunewin file, select, and click OK
  5. Complete any details you need to in the App Information Screen
  6. Complete the Install command, based on the command we have shared with you and click Next
  7. Update your operating system details, if required and click Next
  8. Select "Manually configure device detection rules" and set the rules
  9. Skip App Dependencies - click Next
  10. Skip Supersedence - click Next
  11. Assign to either "All Devices" or a group you have pre-created or have existing in your AAD
  12. Click next, review your settings and if you are happy, click "Create"

Group Policy Deployment

We recommend following Microsoft's own GPO deployment process - available here

QUALYS UNINSTALL / REMOVAL

When we conclude the assessment, your assessor will select to remove you from our Qualys system. Once you are removed your installed Qualys agents will self-remove the next time they check in to the platform. This works only once, so if you have a script installing Qualys, it will reinstall and you will then have to manually remove it.

You can manually uninstall Qualys using the uninstall command from the Qualys directory on your Windows system by running the following command:

"%programfiles%\qualys\qualysagent\uninstall.exe" Uninstall=True Force=True