How-to: Install Qualys Cloud Agent and FireEyeHX Endpoint Protection

Owned by Paul Dean
Last updated: yesterday at 10:30 am
4 min read

Questions Addressed

  • What is Qualys Cloud Agent?

  • What is FireEye HX Endpoint Security Software?

  • How do I install Qualys Cloud Agent and FireEyeHX End Point Security?

What is a Qualys Cloud Agent and what is a FireEye HX Endpoint Protection Software?

Qualys Cloud Agent is a patch status reporting agent to help identify when software are not current.  FireEye HX is an anti-virus anti-malware agent.  Both are required to stay compliant with UCSD Cybersecurity Certification for Research and the CCR Guidance for SIO.

macOS Installation 

macOS Qualys Cloud Agent Requirements

  • Your hosts must be able to reach UCSD Qualys Cloud Platform over HTTPS port 443.

  • To install Cloud Agent for macOS, you must have root privileges, non-root with Sudo root delegation, or non-root with sufficient privileges (VM license only). 

  • Minimum 512 MB RAM system memory.

  • Minimum 200 MB disk space.

macOS FireEyeHX Requirements

  • macOS 10.9+

  • 2GB RAM

Installing macOS Qualys Cloud Agent and FireEyeHX:

  1. Complete IGPP Host Registration form to obtain download info

    1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

  2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & FireEyeHX/macOS

  3. Double-click the installation file, IGPP_Security_Bundle_20210806.pkg, to launch the setup wizard.

  4. Follow the prompts, select “Continue” on the “Introduction” panel, “Install” on the “Installation Type” panel, and enter the password for your account on your macOS system, and select “Install Software.”

    1. During this process, you may receive warnings about kernel extensions being blocked from FireEye, Inc. and Bitdefender SRL. Click “Open System Preferences” and navigate to the “Security and Privacy” panel. Click “Allow” and select both extensions.

  5. Restart your computer after installation completes.

**Note: If you are installing on Qualys and FireEye on a machine running MacOS Sequoia, you will need to approve the file extension for FireEye by performing the following steps or the FireEye installation will hang and fail:

  1. Navigate to

    1. Systems Settings

    2. General

    3. Login Items & Extensiions

    4. Network Extensions

    5. Modify the extensions for FE and Qualys

 

Verify Installation

  1. Open Terminal window and enter the following commands to verify Qualys Cloud Agent and FireEyeHX are running:

     

    ps -ef | grep qualys | grep -v grep

     

    ps -ef | grep xagt | grep -v grep

    1. If the agents were installed properly, these commands will initiate responses.

    2. A successful install will also put files in the /Applications/QualysCloudAgent.app directory and /Library/FireEye directory

Windows Installation

Windows Qualys Cloud Agent Requirements

  • Your hosts must be able to reach UCSD Qualys Cloud Platform over HTTPS port 443.

  • To install Cloud Agent for Windows, you must have Local or Domain administrator privileges on your hosts.

  • Proxy configuration is supported.

Windows FireEyeHX Requirements

  • Windows 7+ Server 2008+

  • 2GB RAM

Installing Windows Qualys Cloud Agent and FireEyeHX:

  1. Complete IGPP Host Registration form to obtain download info

    1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

  2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & FireEyeHX/Windows

  3. Double-click the installation file, IGPP_Security_Bundle_20210806.exe, to launch the setup wizard.

  4. If there is a pop-up stating Microsoft Defender SmartScreen prevented an unrecognized app from starting, select “More Info,” verify the “Publisher” field indicates “University of California, San Diego,” and select “Run Anyway.”  This package has been code-signed using the UCSD certificate chain.

    1. You may not see this error as the reputation has increased enough with Microsoft Defender SmartScreen.

  5. On the next pop-up, select the “Install” button.

  6. The User Account Control should prompt you to allow this file to run

    1. Once again, verify that the Publisher field indicates “University of California, San Diego.” Select “Yes” and the installer will run.

  7. Once the installer completes, select the “Close” button.

  8. Restart your computer after installation completes.

Verify Installation

  1. Verify the packages are installed correctly by going to Control Panel → Apps & Features → Program List

    1. Search for ‘FireEye Endpoint Agent” and “Qualys Cloud Security Agent”.

  2. Open Task Manager and verify the following are listed under the Processes tab:

    1. Qualys Cloud Agent

    2. xagt

    3. xagtnotif

Linux Installation

Linux Qualys Cloud Agent Requirements

  • Your hosts must be able to reach your Qualys Cloud Platform (or the Qualys Private Cloud Platform) over HTTPS port 443.

  • To install Cloud Agent for Linux, you must have root privileges, non-root with Sudo root delegation, or non-root with sufficient privileges (VM license only).

  • Requires minimum 512MB RAM, if using VM/PC.

  • Requires minimum 1GB RAM, if using for VM/PC + FIM.

  • Minimum 200MB of disk space.

Installing Linux Qualys Cloud Agent

  1. Complete IGPP Host Registration form to obtain download info

    1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

  2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & FireEyeHX/Linux

  3. Obtain the activation key from igppticket@ucsd.edu, then run the following command(s):

Linux installation command(s) - RPM

sudo rpm -ivh QualysCloudAgent.rpm sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=<activation_key> CustomerId=9c0e25e7-89e4-5af6-e040-10ac13043f6a

Linux Installation Command(s) - DEB

 

Proxy Configuration: 

  1. If necessary, create /etc/sysconfig/qualys-cloud-agent

  2. Add the following line to the qualys-cloud-agent file: 

     

NOTE: May take 15 minutes or more for new hosts to show up in Asset Search on Qualys web console. 

 

Restart agent:

 

Uninstall agent:

 

https://www.qualys.com/docs/qualys-cloud-agent-linux-install-guide.pdf

 

Linux FireEyeHX Requirements

  • RHEL 6.8+

  • CentOS 6.9+

  • SUSE 11.3+

  • Open SUSE 15.1+

  • Ubuntu 12.04+

  • Amazon Linux

  • Oracle Linux

  • 2GB RAM

Installing Linux FireEyeHX

  1. Complete IGPP Host Registration form to obtain download info

    1. If your machine is already registered with the IGPP HelpDesk, contact us at igppticket@ucsd.edu to obtain download info

  2. Navigate to Google Drive IGPP Software Guest/Endpoint Protection/Qualys Cloud Agent & FireEyeHX/Linux

  3. Create a directory: 

     

  4. Uncompress downloaded file: 

     

  5. Determine installation file and run installer: 

     

  6. Import configuration file: 

     

  7. Check current status of xagt.service while the service is not running: 

     

  8. Start xagt.service: 

     

  9. Re-check status of xagt.service to make sure the service is running now: 

     

  10. To check if FireEye connected successfully: