Tenable Nessus Agent 2025 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

Tenable Nessus Agent 10.8.2 (2025-01-02)

Bug Fix Defect ID
Fixed an uncommon issue that caused agents to crash when certain error conditions were logged. 02155061

Fixed an issue that caused some agents running versions 10.8.0 or 10.8.1 to go offline following a differential plugin update.

02171347 and others

Upgrade Notes

  • There is a known issue which can cause Tenable Nessus Agent 10.8.0 and 10.8.1 to go offline when a plugin update triggers simultaneous compilation of mutually dependent libraries. To prevent further impact, Tenable has disabled the Tenable Vulnerability Management plugin updates for these two agent versions. Additionally, Tenable has disabled the 10.8.0 and 10.8.1 versions.

    This issue was caused initially by plugin compiler performance improvements released in 10.8.0 which introduced a race condition that can surface when mutually dependent libraries are compiled simultaneously. This issue was triggered by a plugin update released on December 31, 2024, that contained this unusually rare set of conditions.

    To fix the above issue, Tenable Nessus Agent version 10.8.0 or 10.8.1 must either be upgraded to agent version 10.8.2 or downgraded to 10.7.3.

    There are two methods you can use to recover the offline agents. Choose the method that follows your organization's agent management standards:

    • Upgrade to 10.8.2 or downgrade to 10.7.3

      If your organization uses internal automation or manually updates using install packages, use the following steps to bring agents back online:

      1. Download the Tenable Nessus Agent 10.8.2 or 10.7.3 install package.

      2. Upgrade agents with the 10.8.2 package or downgrade agents with the 10.7.3 package.

        No further action is required once you upgrade or downgrade using this method.

    • OR, Perform a plugin reset

      If your organization uses automated channels or agent profiles to upgrade agents, use the following steps to bring agents back online. Once you complete the steps, the agents resume running and download the necessary updates once they are back online.

      Note: Triggering a plugin reset on a large number of agents will result in a large spike in network traffic.

      Additionally, after performing a plugin reset, agents will download a full plugin set as soon as the agents launch a scan or are assigned a triggered scan. When a large number of agents perform this full plugin set download simultaneously, it results in a large spike in network traffic.

      If your organization has a large agent deployment and wants to avoid potential network spikes, Tenable recommends staggering the plugin resets to spread out the plugin downloads. There are multiple ways to do this, depending on your organization's scanning setup, including the following:

      • If you have agents that are assigned triggered agent scans, stagger the plugin reset:

        • If you run the Nessus 10.8.0 / 10.8.1 Agent Reset scan to perform the plugin reset (step 2 in the following process), configure the Stagger Scan Start scan setting before running the scan.

        • If you manually run the provided script or scripts to perform the plugin reset (step 2 in the following process), stagger the commands according to your organization's infrastructure management.

      • Reset subsets of agents and launch an immediate scan on those agents afterward.

      • Reset all agents but stagger subsequent scan launches.

      1. If your organization uses agent profiles in Tenable Vulnerability Management or Tenable Nessus Manager and the agent profiles are set to version 10.8.0 or 10.8.1, update your agent profiles to 10.8.2 or 10.7.3. If your organization does not use agent profiles, skip this step.

      2. Do one of the following:

        • Create and run a scan with the Nessus 10.8.0 / 10.8.1 Agent Reset credentialed scan template in Tenable Vulnerability Management, Tenable Security Center, or Tenable Nessus Manager. Target any of your agents that need to be reset.

          For more information on this scan template, see the related Tenable Research Release Highlight.

        • Alternatively, if you do not run the Nessus 10.8.0 / 10.8.1 Agent Reset scan, run one of the following scripts manually to reset the agent plugins, depending on your operating system:

          • Windows (PowerShell)

            Copy 
            $ServiceName="Tenable Nessus Agent";if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {Write-Host "This Script Must Be Ran as Administrator."} else {try {Write-Host "Stopping Nessus Agent"; Stop-Service $ServiceName; $service=(Get-Service -Name $ServiceName -ErrorAction Stop); timeout /T 5; if ($service.Status -eq "Stopped"){cd "C:\Program Files\Tenable\Nessus Agent"; .\Nessuscli.exe plugins --reset; .\Nessuscli.exe plugins --info; Start-Service $ServiceName; Get-Service -Name $ServiceName; Write-Host "Plugin Reset and Agent Started"} else {Write-Host "Nessus Agent Not Stopped"}} catch {Write-Host "Plugin Refresh Unsuccessful"}}

          • Windows (32-bit)

            Copy 
            $ServiceName="Tenable Nessus Agent";if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {Write-Host "This Script Must Be Ran as Administrator."} else {try {Write-Host "Stopping Nessus Agent"; Stop-Service $ServiceName; $service=(Get-Service -Name $ServiceName -ErrorAction Stop); timeout /T 5; if ($service.Status -eq "Stopped"){cd "C:\Program Files (x86)\Tenable\Nessus Agent"; .\Nessuscli.exe plugins --reset; .\Nessuscli.exe plugins --info; Start-Service $ServiceName; Get-Service -Name $ServiceName; Write-Host "Plugin Reset and Agent Started"} else {Write-Host "Nessus Agent Not Stopped"}} catch {Write-Host "Plugin Refresh Unsuccessful"}}

          • Unix (run as root)

            Copy 
            systemctl stop nessusagent && /opt/nessus_agent/sbin/nessuscli plugins --reset && systemctl start nessusagent

          • Unix (for systems that require sudo)

            Copy 
            sudo systemctl stop nessusagent && sudo /opt/nessus_agent/sbin/nessuscli plugins --reset && sudo systemctl start nessusagent

          • macOS (run as root)

            Copy 
            launchctl stop com.tenablesecurity.nessusagent && /Library/NessusAgent/run/sbin/nessuscli plugins --reset && launchctl start com.tenablesecurity.nessusagent

          • macOS (for systems that require sudo)

            Copy 
            sudo launchctl stop com.tenablesecurity.nessusagent && sudo /Library/NessusAgent/run/sbin/nessuscli plugins --reset && sudo launchctl start com.tenablesecurity.nessusagent

      You can also reset and upgrade the agent plugins manually via nessuscli:

      1. If your organization uses agent profiles in Tenable Vulnerability Management or Tenable Nessus Manager and the agent profiles are set to version 10.8.0 or 10.8.1, update your agent profiles to 10.8.2 or 10.7.3. If your organization does not use agent profiles, skip this step.

      2. Stop the agent service.

      3. Run the following plugin reset command in nessuscli:

        Copy 
        # nessuscli plugins --reset

        Note: This reset command should have the full path to nessuscli based on the operating system that the agent is installed on. See Tenable Nessus Agent CLI Commands to view the full nessuscli path per operating system.

      4. Start the agent service.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.