Tenable Nessus Agent 2023 Release Notes

Tenable Nessus Agent 10.5.0 (2023-12-12)

The following are new features included in Tenable Nessus Agent 10.5.0:

  • Added support for differential scan reporting: a future Tenable Vulnerability Management feature.

The following enhancements are included in Tenable Nessus Agent 10.5.0:

  • Improved agent plugin download logic when launching staggered scans.

Bug Fix Defect ID
Fixed a permissions issues that caused automatic upgrades to fail on SELinux-enabled systems. 01630995, 01709066
Fixed an issue that caused the agent service to stop after automatic upgrades on Unix systems. 01675402, 01659798

The following are supported platform updates made in Tenable Nessus Agent 10.5.0:

  • Added support for the following operating systems:

    • Fedora 38 and 39

    • Debian 12

    • Amazon Linux 2023

  • Removed support for the following operating systems:

    • Fedora 35 and 36

    • Amazon Linux 1

    • macOS 11

  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.

Tenable Nessus Agent 10.4.4 (2023-11-16)

The following are security updates included in Tenable Nessus Agent 10.4.4:

  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.

Tenable Nessus Agent 10.4.3 (2023-10-31)

The following are security updates included in Tenable Nessus Agent 10.4.3:

  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.

Tenable Nessus Agent 10.4.2 (2023-08-16)

The following enhancements are included in Tenable Nessus Agent 10.4.2:

  • Added support for macOS 14.

  • Improved the processing of known_CA.inc during plugin updates.

The following bug fixes are included in Tenable Nessus Agent 10.4.2:

  • Updated OpenSSL to version 3.0.10 to address reports of vulnerable OpenSSL binary in Tenable Nessus Agent.

  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.

Tenable Nessus Agent 10.4.1 (2023-07-06)

The following are security updates included in Tenable Nessus Agent 10.4.1:

Bug Fix Defect ID
You can now assign a network while performing an offline Tenable Nessus Agent installation via the Nessus CLI. 01522374
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.

Tenable Nessus Agent 10.4.0 (2023-04-26)

The following are new features included in Tenable Nessus Agent 10.4.0:

The following are changed functionality and performance enhancements included in Tenable Nessus Agent 10.4.0:

  • Improved agent behavior when Tenable Nessus Manager certificates age out.

  • Improved the unzip functionality in the Tenable Nessus and Tenable Nessus Agent scanning engine.

Bug Fix Defect ID
Added read permissions for the system tray database. 01330613
Fixed an issue where an agent would stop updating after running a scan for more than 24 hours. 01410781
Staggered Nessus GET certificate requests and improved the sleep time handling on failures. 01527389, 01511266, 01528548, 01529186, 01534150
  • You can upgrade to the latest version of Tenable Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Tenable Nessus Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with.

    • Tenable Vulnerability Management-linked Tenable Nessus Agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. If agents versions 8.1.0 through 10.3.1 are not able to connect to the new domain, they fall back to using cloud.tenable.com. Tenable Nessus Agent 10.3.2 and later do not fall back using the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.