Tenable Nessus Agent 2024 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

Tenable Nessus Agent 10.8.0 (2024-11-12)

The following are new features included in Tenable Nessus Agent 10.8.0:

  • Continuous assessment scanning for Linux.

    • Agents that are installed on Linux hosts and linked to Tenable Vulnerability Management now support the continuous assessment scanning feature. Continuous assessment scanning enables continuous software inventory monitoring on the host and is configurable via agent profiles in the Tenable Vulnerability Management user interface.

      Continuous assessment scanning is not compatible with agents on which NIAP mode is enforced.

      For more information, see Agent Continuous Assessment Scanning in the Tenable Vulnerability Management User Guide.

The following enhancements are included in Tenable Nessus Agent 10.8.0:

  • Improved debug output by capturing software library details.

  • Improved logging for nessus-service.exe on Windows.

  • Improved performance of plugin compilation.

  • Agents no longer support TLS versions 1.1 and earlier.

Bug Fix Defect ID
Fixed an issue that caused some agents to create orphaned processes when stopping or pausing a scan. 02063481
Fixed SSL errors that occurred when using the nessuscli command line flag --reset-all to create a fresh agent image. 02054662
Removed support for nessusd command line option for setting a master password (-K). 02034977
Updated the Plugin Disk Usage health alert threshold to a more appropriate value. 02090915, 02088697, 02089271, 02104953
Fixed an issue that prevented some agents from being stopped or restarted after an upgrade. 01715462, 01786230, 01921503
Fixed an issue that caused agents to crash on x86/x86_64 hardware that lacked the x86 crc32 instruction (for example, very old AMD processors). 02097974

The following are supported platform updates made in Tenable Nessus Agent 10.8.0:

  • Added support for the following platforms:

    • Fedora 40

    • Windows Server 2025

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.7.3 (2024-09-11)

The following are security updates included in Tenable Nessus Agent 10.7.3:

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.7.2 (2024-07-25)

The following enhancements are included in Tenable Nessus Agent 10.7.2:

  • The time elapsed since scan execution completed when uploading a triggered scan result is now provided to the user.

Bug Fix Defect ID
Reduced physical memory usage (RSS) at the time of plugin set updates. 02011617

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.7.1 (2024-07-02)

Bug Fix Defect ID
Tenable Nessus Agent no longer uses Transparent Huge Pages on Linux systems by default. 02011617

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.7.0 (2024-06-27)

The following are new features included in Tenable Nessus Agent 10.7.0:

  • Added backend support for declarative plugin updates for agents linked to Tenable Vulnerability Management.

  • Added backend support for Tenable Sensor Proxy fallback. The fallback feature is scheduled for release later in 2024.

The following enhancements are included in Tenable Nessus Agent 10.7.0:

  • Improved handling of reports larger than 2 GB.

Bug Fix Defect ID
Fixed an issue that caused some relinked agents to be added to groups they had been removed from. 01755129, 01796781
Fixed an issue where the nessusagent.service file was installed with incorrect permissions. 01763994
Fixed an issue where the agent TLS configuration could be overridden unintentionally by another system configuration. 02013996, 01812309, 01873286, 01873286, 02004363

Added fallback upgrade logic so that unresponsive WMI environments no longer block Windows upgrades.

 01919946

The following are supported platform updates made in Tenable Nessus Agent 10.7.0:

  • Removed support for the following platforms:

    • Red Hat Enterprise Linux 6

    • Debian 10

    • Ubuntu 14.04

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.6.4 (2024-05-16)

The following are security updates included in Tenable Nessus Agent 10.6.4:

  • Addressed a vulnerability that allowed low-privileged users to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability during the Windows Tenable Nessus Agent installation process.

  • Addressed a vulnerability in which the Windows Tenable Nessus Agent setup process could have failed to set proper access rights for the installation folder if you chose a custom installation path during installation.

    For more information, see the Tenable Product Security Advisory.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.6.3 (2024-05-02)

The following enhancements are included in Tenable Nessus Agent 10.6.3:

  • Eliminated redundant metadata uploads from Tenable Nessus Agent to Tenable Vulnerability Management during the early stages of a scan.

  • Removed nessusd.dump entries that show the message: Error: function 'get_int()' has no argument 'key'.

Bug Fix Defect ID
Enhanced Tenable Nessus Agent's capability to recover from operating on a system with an incorrect future time setting. This improvement prevents potential software and plugin update failures. 01919946

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.6.2 (2024-04-15)

Bug Fix Defect ID
Prevented a scenario in which multiple simultaneous scans assigned to an agent that has not retrieved plugins yet could execute without plugins. 01785607

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.6.1 (2024-04-05)

Bug Fix Defect ID
Fixed an issue that caused agents to restart when certain DNS errors occurred. 01851304, 01896427
Fixed an issue where a small subset of executable files of agents installed on Windows systems did not have digital signatures. 01875389

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.6.0 (2024-03-28)

The following are new features included in Tenable Nessus Agent 10.6.0:

  • Tenable Nessus Agent now supports Automatic Asset Merging (an upcoming feature in Tenable Vulnerability Management) through the use of an agent identification service.

The following enhancements are included in Tenable Nessus Agent 10.6.0:

  • Offline installations now support indefinite linking attempts until successful.

  • The nessuscli install-relay command now supports proxy authentication. To view the new proxy parameters, see the install-relay description in Tenable Nessus Agent CLI Commands.

  • Improved the plugin update process to avoid partial plugin updates.

Bug Fix Defect ID
Improved error handling under low memory conditions to increase scanner stability. 01788324, 01782329, 01790186, 01778293, 01789790, 01780350

The following are supported platform updates made in Tenable Nessus Agent 10.6.0:

  • Added foundational support for TencentOS, which will be available for download once plugins for the operating system are complete.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.4.5 (2024-01-10)

Bug Fix Defect ID
Fixed an issue that caused agents to clear profile configurations after incorrectly decompressing a profile configuration directive. 01742389, 01741656

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

Tenable Nessus Agent 10.5.1 (2024-01-10)

Bug Fix Defect ID
Fixed an issue that caused failing downloads to not incrementally delay correctly, which lead to repeated download attempts. 01701708

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.