So I've been working with Qualys for many years and on many fronts. I currently am a QSA who frequently reviews merchants and service providers ASV Scans.
Qualys has done a great jobs of being the ASV of choice for most of my clients. The problem I find is that most merchants don't correctly configure their scans per PCI requirements. Mainly they don't input full web application URL into the scan tool. The best explanation and guidance I've found is on this PCI Compliance Site .
My Question is do other users run into this same problem and can Qualys do more to help their customers configure this correctly?