Install a Tenable Nessus Agent on Windows

Use the following procedure to install Tenable Nessus Agent on a Windows system. During the installation process, you link the agent to its manager Tenable Vulnerability Management or Tenable Nessus Manager) so that it can begin sending scan data once the installation is complete.

Before you begin:

Note: You may be required to restart your computer to complete installation.

Caution: If you install a Tenable Nessus Agent on a system where an existing Tenable Nessus Agent, Tenable Nessus Manager, or Tenable Nessus scanner is running nessusd, the installation process kills all other nessusd processes. You may lose scan data as a result.

Download Tenable Nessus Agent

On the Tenable Nessus Agent Download Page, download the package specific to your operating system.

Once you download the agent package, you can install and link the agent using the command line, or you can install and link the agent with the GUI installation wizard.

Install and Link via the Command Line

Note: You must have administrator-level privileges to deploy and link via the command line.

Note: This procedure describes deploying Tenable Nessus Agents via the command line. You can also deploy Tenable Nessus Agents with a standard Windows service such as Active Directory (AD), Systems Management Server (SMS), or other software delivery system for MSI packages. For more information on deploying via these methods, see the appropriate vendor's documentation.

You can install and link Tenable Nessus Agents via the command line with a number of linking parameters. For example:

msiexec /i NessusAgent-<version number>-x64.msi NESSUS_GROUPS="Agent Group Name" NESSUS_SERVER="192.168.0.1:8834" NESSUS_KEY=00abcd00000efgh11111i0k222lmopq3333st4455u66v777777w88xy9999zabc00 /qn

Once you install and link the agent, Tenable recommends that you verify that the agent is successfully linked to the manager by viewing the agent in the manager user interface.

Install and Link with the Installation Wizard

Note: You may have to restart your computer to complete installation on Windows.

  1. Navigate to the folder where you downloaded the Tenable Nessus Agent installer.
  2. Next, double-click the file name to start the installation process. The Welcome to the InstallShield Wizard for Nessus Agent window appears.
  3. In the Welcome to the InstallShield Wizard for Nessus Agent window, click Next to continue.
  4. In the License Agreement window, read the terms of the Tenable, Inc. Nessus software license and subscription agreement.
  5. Click I accept the terms of the license agreement.
  6. Click Next.
  7. In the Destination Folder window, click Next to accept the default installation folder.

    -or-

    Click Change to browse and select a different folder where you want to install Tenable Nessus Agents, then click Next.

  8. In the Setup Type window, do one of the following:

    • To install the agent with the System Tray Application, which allows you to view the agent status on your machine, select Custom, click Next, and complete the steps in the following drop-down menu:

    • To install the agent without the System Tray Application, select Typical and click Next.

  9. In the Configuration Options window, type the Agent Key values:

    Field Value
    Key

    (Required) Use the linking key you obtained from the manager.

    To retrieve the linking key from the manager, see the Tenable Nessus User Guide or the Tenable Vulnerability Management User Guide, depending on which manager you use.

    Server

    (Required) Enter the manager's host server:

    • To link to Tenable Vulnerability Management, enter sensor.cloud.tenable.com:443.

      Note: If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

      Note: For more information about linking agents to Tenable Vulnerability Management, see Link a Sensor in the Tenable Vulnerability Management User Guide.

    • To link to Tenable Nessus Manager, enter the IP/hostname of the manager with the appended port 8834; for example, 192.168.2.1:8834.

    Groups

    Specify the existing agent group or groups where you want to add the agent.

    If you do not specify an agent group during the installation process, you can later add your linked agent to an agent group.

  10. Click Next.
  11. In the Ready to Install the Program window, click Install.
  12. If presented with a User Account Control message, click Yes to allow the Tenable Nessus Agent to install.
  13. In the InstallShield Wizard Complete window, click Finish.

Once you install and link the agent, Tenable recommends that you verify that the agent is successfully linked to the manager by viewing the agent in the manager user interface.

Note: The agent name defaults to the name of the computer where you are installing the agent.

Tip: If you attempt to clone an agent and link it to Tenable Nessus Manager or Tenable Vulnerability Management, a 409 error may appear. This error appears because another machine was linked with the same UUID value in the HKLM/Software/Tenable/TAG file. To resolve this issue, replace the value in the HKLM/Software/Tenable/TAG file with a valid UUIDv4 value.

Verify the Linked Agent

Once you install and link the agent, use the following steps to view the new agent in the manager user interface:

  • To verify a linked agent in Tenable Vulnerability Management:

    1. In the upper-left corner, click the Menu button.

      The left navigation plane appears.

    2. In the left navigation plane, click Settings.

      The Settings page appears.

    3. Click the Sensors tile.

      The Sensors page appears. By default, Nessus Scanners is selected in the left navigation menu and the Cloud Scanners tab is active.

    4. In the left navigation menu, click Nessus Agents.

      The Nessus Agents page appears and the Linked Agents tab is active.

    5. Locate the new agent in the linked agents table.

  • To verify a linked agent in Tenable Nessus Manager:

    1. In the top navigation bar, click Sensors.

      The Linked Agents page appears.

    2. Locate the new agent in the linked agents table.