Tenable Nessus Agent 2025 Release Notes

Tip: You can subscribe to receive alerts for Tenable documentation updates.

Tenable Nessus Agent 10.8.2 (2025-01-02)

Bug Fix Defect ID
Fixed an uncommon issue that caused agents to crash when certain error conditions were logged. 02155061

Fixed an issue that caused some agents running versions 10.8.0 or 10.8.1 to go offline following a differential plugin update.

02171347 and others

Upgrade Notes

  • There is a known issue which can cause Tenable Nessus Agent 10.8.0 and 10.8.1 to go offline when a plugin update triggers simultaneous compilation of mutually dependent libraries. To prevent further impact, Tenable has disabled the Tenable Vulnerability Management plugin updates for these two agent versions. Additionally, Tenable has disabled the 10.8.0 and 10.8.1 versions.

    This issue was caused initially by plugin compiler performance improvements released in 10.8.0 which introduced a race condition that can surface when mutually dependent libraries are compiled simultaneously. This issue was triggered by a plugin update released on December 31, 2024, that contained this unusually rare set of conditions.

    To fix the above issue, Tenable Nessus Agent version 10.8.0 or 10.8.1 must either be upgraded to agent version 10.8.2 or downgraded to 10.7.3.

    There are two methods you can use to recover the offline agents. Choose the method that follows your organization's agent management standards:

    • Upgrade to 10.8.2 or downgrade to 10.7.3

      If your organization uses internal automation or manually updates using install packages, use the following steps to bring agents back online:

      1. Download the Tenable Nessus Agent 10.8.2 or 10.7.3 install package.

      2. Upgrade agents with the 10.8.2 package or downgrade agents with the 10.7.3 package.

        No further action is required once you upgrade or downgrade using this method.

    • OR, Perform a plugin reset

      If your organization uses automated channels or agent profiles to upgrade agents, use the following steps to bring agents back online. Once you complete the steps, the agents resume running and download the necessary updates once they are back online.

      1. If your organization uses agent profiles in Tenable Vulnerability Management or Tenable Nessus Manager and the agent profiles are set to version 10.8.0 or 10.8.1, update your agent profiles to 10.8.2 or 10.7.3. If your organization does not use agent profiles, skip this step.

      2. Depending on your operating system, run one of the following scripts to reset the agent plugins:

        • Windows (PowerShell)

          Copy 
          $ServiceName="Tenable Nessus Agent";if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {Write-Host "This Script Must Be Ran as Administrator."} else {try {Write-Host "Stopping Nessus Agent"; Stop-Service $ServiceName; $service=(Get-Service -Name $ServiceName -ErrorAction Stop); timeout /T 5; if ($service.Status -eq "Stopped"){cd "C:\Program Files\Tenable\Nessus Agent"; .\nessuscli.exe plugins --reset; .\nessuscli.exe plugins --info; Start-Service $ServiceName; Get-Service -Name $ServiceName; Write-Host "Plugin Reset and Agent Started"} else {Write-Host "Nessus Agent Not Stopped"}} catch {Write-Host "Plugin Refresh Unsuccessful"}}

        • Windows (32-bit)

          Copy 
          $ServiceName="Tenable Nessus Agent";if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {Write-Host "This Script Must Be Ran as Administrator."} else {try {Write-Host "Stopping Nessus Agent"; Stop-Service $ServiceName; $service=(Get-Service -Name $ServiceName -ErrorAction Stop); timeout /T 5; if ($service.Status -eq "Stopped"){cd "C:\Program Files (x86)\Tenable\Nessus Agent"; .\nessuscli.exe plugins --reset; .\nessuscli.exe plugins --info; Start-Service $ServiceName; Get-Service -Name $ServiceName; Write-Host "Plugin Reset and Agent Started"} else {Write-Host "Nessus Agent Not Stopped"}} catch {Write-Host "Plugin Refresh Unsuccessful"}}

        • Unix (run as root)

          Copy 
          systemctl stop nessusagent && /opt/nessus_agent/sbin/nessuscli plugins --reset && systemctl start nessusagent

        • Unix (for systems that require sudo)

          Copy 
          sudo systemctl stop nessusagent && sudo /opt/nessus_agent/sbin/nessuscli plugins --reset && sudo systemctl start nessusagent

        • macOS (run as root)

          Copy 
          launchctl stop com.tenablesecurity.nessusagent && /Library/NessusAgent/run/sbin/nessuscli plugins --reset && launchctl start com.tenablesecurity.nessusagent

        • macOS (for systems that require sudo)

          Copy 
          sudo launchctl stop com.tenablesecurity.nessusagent && sudo /Library/NessusAgent/run/sbin/nessuscli plugins --reset && sudo launchctl start com.tenablesecurity.nessusagent

      Alternatively, you can reset and upgrade the agent plugins manually:

      1. If you use agent profiles in Tenable Vulnerability Management or Tenable Nessus Manager, update your agent profiles' agent versions to 10.8.2 or 10.7.3. If your organization does not use agent profiles, skip this step.

      2. Stop the agent service.

      3. Run the following plugin reset command in nessuscli:

        Copy 
        # nessuscli plugins --reset

        Note: This reset command should have the full path to nessuscli based on the operating system that the agent is installed on. See Tenable Nessus Agent CLI Commands to view the full nessuscli path per operating system.

      4. Start the agent service.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.