locked
Not able to install built-in vulnerability assessment in my Windows machine RRS feed

  • Question

  • Hi Team,

    I using Azure security center with "Standard pricing tier".

    Windows server:

    I am not able to install "Built-in vulnerability assessment solution (Qualys)" in my Windows machine. (Attached the screen shot of the activity log).

    Not able to get the detailed error message.

    Kindly provide an solution to fix this issue.

    Monday, May 11, 2020 5:08 PM

All replies

  • Can you please make sure that the VM can communicate with Qualys's cloud service on below two IP addresses:

    • 64.39.104.113
    • 154.59.121.74
    Monday, May 11, 2020 11:52 PM
  • Hi Saurabh,

    I am running a ubuntu server & windows server in the same VirtualNetwork. I am able to install successfully in ubuntu server, but it is not working in windows.

    Also, there is no outbound restriction in my servers.

    Note: Is there any possible way to check the connectivity with Qualys cloud service. Because "ping" is not working for these ips.

    Tuesday, May 12, 2020 8:07 AM
  • Can you please try using PsPing to verify that you can reach these IP address. 

    RDP into the VM having issue and download the file from the link provided and extract the folder.
    Open Command prompt (in Admin mode) and change directory to extracted folder location. 

    Run the following commands to see if your VM can access Qualys IP addresses

    psping <ip address: port number>

    Qualys port =443

    Can you also try restarting the Windows Azure Guest agent before trying to install Qualys again -
    Open run command and type services.msc and look for the agent.


    Tuesday, May 12, 2020 3:57 PM
  • Hi Saurabh,

    After restarting "Windows Azure Guest Agent" now I am able to successfully install Qualys agent. Thank you for your support.

    Now I have been facing one more issue in Qualys scan.

    Through the security center, I have installed the Qualys agent in 6 servers. But I am not able to see any of the reports or recommendations from the Qualys scan.

    The section "Remediate vulnerabilities found on your virtual machines (powered by Qualys)" is not showing in my account.

    Attached the screenshot for your reference.

    Reference document i have followed : https://docs.microsoft.com/en-us/azure/security-center/built-in-vulnerability-assessment

    Kindly guide me to resolve this issue

    Tuesday, May 12, 2020 5:52 PM
  • Great to hear that you are able to install Qualys. It takes some time for the recommendations to start appearing. Please give it few hours to appear.  

    Please let me know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.

    Tuesday, May 12, 2020 6:04 PM
  • Hi Saurabh,

    Except for one windows server. I have installed the vulnerability agent 3 days back in all the remaining 5 servers.

    But still , The section "Remediate vulnerabilities found on your virtual machines (powered by Qualys)" is not showing in my account.  Even for the existing 5 servers, where the agent in running for more than 3 days.

    Tuesday, May 12, 2020 6:49 PM
  • Security Center presents one of two recommendations if it doesn't find a vulnerability assessment solution installed on a VM:

    Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys) - This recommendation only appears standard tiers. It's an invitation to install an Azure Security Center Vulnerability Assessment extension (powered by Qualys) for you at no additional cost. This extension reports its findings directly back to Security Center. To learn more, see Integrated vulnerability scanner for virtual machines.

    Vulnerability assessment solution should be installed on your virtual desktop machines - This recommendation appears for both standard and free tiers. Use this recommendation to install any of the supported partner solutions. You'll need to purchase a license for your chosen solution separately. Supported solutions report vulnerability data to the partner's management platform. In turn, that platform provides vulnerability and health monitoring data back to Security Center. You can identify vulnerable VMs on the Security Center dashboard. Switch to the partner management console directly from Security Center for additional reports and information.
    Thursday, May 14, 2020 10:09 AM