AnsweredAssumed Answered

Any success in whitelisting Dissolvable-agent?

Question asked by Michael Scheidell on Apr 15, 2019

We can whitelist ANYTHING in the directories here, but that is dangerous.

The agent is installed in two different locations depending on the platform (and to some degree a CPU type):

  • 32-bit Windows: <Windows installation directory>\system32\Qualys\qdaw3v01.exe (32-bit binary)
  • 64-bit Windows: <Windows installation directory>\SysWOW64\Qualys\qdaw3v01.exe (64-bit binary)
  • 64-bit Windows (Itanium CPU only): <Windows installation directory>\system32\Qualys\qdaw3v01.exe (32-bit binary)

they can't sign it, and hash (can) changes regularly, so whitelisting by name won't work in most systems.

How do you handle it? (if you want to keep it private without publicly revealing how you do it, PM me, if email addy isn't available, you can email michael at securityprivateers dot com.