Reporting
      Back to home
      1. Knowledge Base
      2. Assessment Setup
      3. Reporting

      Qualys "Scan Now" / "Scan on Demand"

      How can you cause a Qualys scan to happen faster than the 4+ hours (4 to 6 hours) that we have now?

      Our Qualys system will complete a vulnerability assessment of your devices every 4+ hours (generally 4 to 6 hours) which, if you are completing vulnerability remediation work over time, is generally fine, however, sometimes there is a need to kick off the re-scan a little quicker.

      Qualys report that this is how you can achieve that:

      WINDOWS

      ADD SCAN ON DEMAND FROM ADMIN COMMAND PROMPT

      REG ADD "HKLM\SOFTWARE\Qualys\QualysAgent\ScanOnDemand\Vulnerability" /v ScanOnDemand /t REG_DWORD /d 1

      ADD SCAN ON RESTART FROM ADMIN COMMAND PROMPT

      REG ADD "HKLM\SOFTWARE\Qualys\QualysAgent\ScanOnDemand\Vulnerability" /v ScanOnStartup /t REG_DWORD /d 1

      The agent monitors the Qualys registry hive at
      HKLM/Software/Qualys/QualysAgent/ScanOnDemand key in real-time for specific values and initiates the scan for each supported manifest based on the values set.

      For Cloud Agent for Windows version 4.8 or later, when a module is activated, the agent
      creates the registry structure and subkeys for on-demand scan automatically. For versions
      earlier than 4.8, only root keys are created and the subkeys, data, and values to configure
      and execute the scans need to be set manually, using scripts, or registry configuration
      tools. 

      Registry Tree

      Registry Configuration Settings

      The following table describes the configuration settings and functionality for the Scan on
      Demand and Scan on Startup feature.

      Example

      Configuration example for CPU Limit of 100%, Scan on Demand data of "1" to execute
      immediately, and Scan on Startup data of "1" to execute on agent service startup.

      NOTE:

      If the agent is already performing a manifest collection or is in the delta
      upload/PendingDelta state, the agent will not initiate the on-demand or on-startup scan.
      This ensures data integrity between the agent and the platform for the in-progress scan.

      Network Blackout Windows take precedence.

      • Scan on demand or startup when the agent is in a network blackout window
        will still execute, but the delta will not upload to the Qualys platform until the agent is out
        of a network blackout window.
      • If the agent is in a network blackout window that is preventing the previous scan's delta
        to be uploaded, the scan on demand or scan on startup will not execute until the previous
        scan's delta upload is fully completed.
      • The agent will not execute an on-demand or on-startup scan for a manifest type that is
        not assigned (activated).

      DUPLICATED DEVICES AFTER RELOAD (GHOSTS)

      If you reload a device, Qualys will see this as a new device, as the UUID used by Qualys will be different when you reinstall the device - if you want to keep that the same, so our system updates your existing entity, please export the registry key, where the UUID is stored, before you reload the device. 

      From an admin command prompt run:

      reg export hklm\software\qualys c:\qualysregkeys.reg

      If you would prefer we remove the device, just ask and we will delete it, otherwise it remains on your device issue list.

      macOS

      To force Qualys to complete an on-demand scan on an Apple macOS, you can execute the terminal script:

      /Applications/QualysCloudAgent.app/Contents/MacOS/cloudagentctl.sh action=demand type=vm cputhrottle=0

      LINUX OS

      To force Qualys to complete an on-demand scan on a Linux-based system, you can execute the terminal script:

      /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand type=vm cputhrottle=0