TOC & Recently Viewed

Recently Viewed Topics

Install a Nessus Agent on Windows

Caution: If you install a Nessus Agent on a system where an existing Nessus Agent, Manager, or Scanner is running nessusd, the installation process kills all other nessusd processes. You may lose scan data as a result.

Note: This procedure describes deploying Nessus Agents via the command line. You can also deploy Nessus Agents with a standard Windows service such as Active Directory (AD), Systems Management Server (SMS), or other software delivery system for MSI packages. For more information on deploying via these methods, see the appropriate vendor's documentation.

Deploy and Link via the Command Line

You can deploy and link Nessus Agents via the command line. For example:

msiexec /i NessusAgent-<version number>-x64.msi NESSUS_GROUPS="Agent Group Name" NESSUS_SERVER="192.168.0.1:8834" NESSUS_KEY=00abcd00000efgh11111i0k222lmopq3333st4455u66v777777w88xy9999zabc00 /qn

For Nessus Agents 7.0.3 or later, you can install the Nessus Agent on a system even if it is offline. Add the command line option NESSUS_OFFLINE_INSTALL="yes" to the command line input. The Nessus Agent will periodically attempt to link itself to either Tenable.io or Nessus Manager. If the agent cannot connect to the controller then it retries every hour, and if the agent can connect to the controller but the link fails then it retries every 24 hours.

Note: The NESSUS_GROUPS parameter accepts group names. Quotations are necessary only when listing multiple groups, or one group with spaces in its name. For example:

  • GroupName
  • "Group Name"
  • "Group, Another Group"

The following linking parameters are also available:

  • NESSUS_NAME
  • NESSUS_PROXY_AGENT
  • NESSUS_PROXY_PASSWORD
  • NESSUS_PROXY_SERVER
  • NESSUS_PROXY_USERNAME
  • NESSUS_CA_PATH
  • NESSUS_PLUGINS_FILEPATH

Download Nessus Agent

On the Nessus Agents Download Page, download the package specific to your operating system.

Start Nessus Agent Installation

  1. Navigate to the folder where you downloaded the Nessus Agent installer.
  2. Next, double-click the file name to start the installation process. The Welcome to the InstallShield Wizard for Nessus Agent window appears.

Complete the Windows InstallShield Wizard

Caution: On Windows 7 x64 Enterprise, Windows 8 Enterprise, and Windows Server 2012, you may be required to perform a reboot to complete installation.

Note: For Nessus Agents 7.0 and later, if you want to include the system tray application in your installation, see the procedure described in System Tray Application.

  1. In the Welcome to the InstallShield Wizard for Nessus Agent window, click Next to continue.
  2. In the License Agreement window, read the terms of the Tenable, Inc. Nessus software license and subscription agreement.
  3. Click I accept the terms of the license agreement.
  4. Click Next.
  5. In the Destination Folder window, click Next to accept the default installation folder.

    -or-

    Click Change to browse and select a different folder where you want to install Nessus Agents.

  6. In the Configuration Options window, type the Agent Key values:

    Field Required? Value
    Key yes Use the values you retrieved from the manager.
    Server (host) yes
    Groups no

    Specify existing agent groups(s) where you want to add the agent.

    If you do not specify an agent group during the install process, you can later add your linked agent to an agent group.

    Note: The agent name defaults to the name of the computer where you are installing the agent.

  7. Click Next.
  8. In the Ready to Install the Program window, click Install.
  9. If presented with a User Account Control message, click Yes to allow the Nessus Agent to install.
  10. In the InstallShield Wizard Complete window, click Finish.

Note: If you attempt to clone an Agent and link it to Nessus Manager or Tenable.io, a 409 error may appear. This error appears because another machine has been linked with the same uuid value in the HKLM/Software/Tenable/TAG file. To resolve this issue, replace the value in the HKLM/Software/Tenable/TAG file with a valid UUIDv4 value.

Verify a Linked Agent

To verify a linked agent in Nessus Manager or Tenable.io:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Agents.

    The Agents page appears.

  3. Locate the new agent in the linked agents table.

Copyright 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.