Questions Addressed

• What is Qualys Cloud Agent?

• What is Trellix Endpoint Security Software?

• How do I install Qualys Cloud Agent and Trellix End Point Security?

What is a Qualys Cloud Agent and what is a Trellix HX Endpoint Protection Software?

Qualys Cloud Agent is a patch status reporting agent to help identify when software are not current.  Trellix HX is an anti-virus anti-malware agent.  Both are required to stay compliant with UCSD Cybersecurity Certification for Research and the CCR Guidance for SIO.

macOS Installation 

macOS Qualys Cloud Agent Requirements

• Your hosts must be able to reach UCSD Qualys Cloud Platform over HTTPS port 443.

• To install Cloud Agent for macOS, you must have root privileges, non-root with Sudo root delegation, or non-root with sufficient privileges (VM license only). 

• Minimum 512 MB RAM system memory.

• Minimum 200 MB disk space.

macOS Trellix Requirements

• macOS 10.9+

• 2GB RAM

Installing macOS Qualys Cloud Agent and Trellix:

1. Complete IGPP Host Registration form to obtain download info

   1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & Trellix/macOS

3. Double-click the installation file, IGPP_Security_Bundle_20210806.pkg, to launch the setup wizard.

4. Follow the prompts, select “Continue” on the “Introduction” panel, “Install” on the “Installation Type” panel, and enter the password for your account on your macOS system, and select “Install Software.”

   1. During this process, you may receive warnings about kernel extensions being blocked from Trellix, Inc. and Bitdefender SRL. Click “Open System Preferences” and navigate to the “Security and Privacy” panel. Click “Allow” and select both extensions.

5. Restart your computer after installation completes.

**Note: If you are installing on Qualys and Trellix on a machine running MacOS Sequoia, you will need to approve the file extension for Trellix by performing the following steps or the Trellix installation will hang and fail:

1. Navigate to

   1. Systems Settings

   2. General

   3. Login Items & Extensiions

   4. Network Extensions

   5. Modify the extensions for FE and Qualys

Verify Installation

1. Open Terminal window and enter the following commands to verify Qualys Cloud Agent and Trellix are running:

    

   ps -ef | grep qualys | grep -v grep

    

   ps -ef | grep xagt | grep -v grep

   1. If the agents were installed properly, these commands will initiate responses.

   2. A successful install will also put files in the /Applications/QualysCloudAgent.app directory and /Library/Trellix directory

Open

Open

Windows Installation

Windows Qualys Cloud Agent Requirements

• Your hosts must be able to reach UCSD Qualys Cloud Platform over HTTPS port 443.

• To install Cloud Agent for Windows, you must have Local or Domain administrator privileges on your hosts.

• Proxy configuration is supported.

Windows Trellix Requirements

• Windows 7+ Server 2008+

• 2GB RAM

Installing Windows Qualys Cloud Agent and Trellix:

1. Complete IGPP Host Registration form to obtain download info

   1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & Trellix/Windows
   https://drive.google.com/drive/folders/1NXJZltKwZ-ZQ8_dxjyovA0oWfEkLz6XH?usp=sharing

3. Double-click the installation file, IGPP_Security_Bundle_20210806.exe, to launch the setup wizard.

4. If there is a pop-up stating Microsoft Defender SmartScreen prevented an unrecognized app from starting, select “More Info,” verify the “Publisher” field indicates “University of California, San Diego,” and select “Run Anyway.”  This package has been code-signed using the UCSD certificate chain.

   1. You may not see this error as the reputation has increased enough with Microsoft Defender SmartScreen.

5. On the next pop-up, select the “Install” button.

6. The User Account Control should prompt you to allow this file to run

   1. Once again, verify that the Publisher field indicates “University of California, San Diego.” Select “Yes” and the installer will run.

7. Once the installer completes, select the “Close” button.

8. Restart your computer after installation completes.

Verify Installation

1. Verify the packages are installed correctly by going to Control Panel → Apps & Features → Program List

   1. Search for ‘Trellix Endpoint Agent” and “Qualys Cloud Security Agent”.

2. Open Task Manager and verify the following are listed under the Processes tab:

   1. Qualys Cloud Agent

   2. xagt

   3. xagtnotif

Open

Open

Linux Installation

Linux Qualys Cloud Agent Requirements

• Your hosts must be able to reach your Qualys Cloud Platform (or the Qualys Private Cloud Platform) over HTTPS port 443.

• To install Cloud Agent for Linux, you must have root privileges, non-root with Sudo root delegation, or non-root with sufficient privileges (VM license only).

• Requires minimum 512MB RAM, if using VM/PC.

• Requires minimum 1GB RAM, if using for VM/PC + FIM.

• Minimum 200MB of disk space.

Installing Linux Qualys Cloud Agent

1. Complete IGPP Host Registration form to obtain download info

   1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & Trellix/Linux

3. Obtain the activation key from igppticket@ucsd.edu, then run the following command(s):

Linux installation command(s) - RPM

Linux Installation Command(s) - DEB

Proxy Configuration: 

1. If necessary, create /etc/sysconfig/qualys-cloud-agent. 

2. Add the following line to the qualys-cloud-agent file: 

   https_proxy=https://proxy.ucsd.edu:3128

    

NOTE: May take 15 minutes or more for new hosts to show up in Asset Search on Qualys web console. 

Restart agent:

Uninstall agent:

Linux Trellix Requirements

• RHEL 6.8+

• CentOS 6.9+

• SUSE 11.3+

• Open SUSE 15.1+

• Ubuntu 12.04+

• Amazon Linux

• Oracle Linux

• 2GB RAM

Installing Linux Trellix

1. Complete IGPP Host Registration form to obtain download info

   1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & FireEyeHX/Linux

3. Create a directory: 

   mkdir fireeye

    

4. Uncompress downloaded file: 

   tar -zxvf IMAGE_HX_AGENT_LINUX_35.31.12.tgz -C fireeye/

    

5. Determine installation file and run installer: 

   sudo dnf -y localinstall xagt-35.31.12-1.el7.x86_64.rpm

    

6. Import configuration file: 

   sudo /opt/fireeye/bin/xagt -i fireeye/agent_config.json

    

7. Check current status of xagt.service while the service is not running: 

   systemctl status xagt.service

    

8. Start xagt.service: 

   systemctl start xagt.service

    

9. Re-check status of xagt.service to make sure the service is running now: 

   systemctl status xagt.service

    

10. To check if Trellix connected successfully: 

    sudo /opt/fireeye/bin/xagt -G

     

Open

Open