Nessus Agent 10.2.0 Release Notes - 2022-08-02

Note: As of Agent 10.2.0, Nessus Agent uses a new signing key that complies with more modern standards. To verify your Agent downloads, download the new key, RPM-GPG-KEY-Tenable-4096, from https://www.tenable.com/downloads/nessus-agents and import it into your command line installation toolset (for example, rpm --import). You can still use the legacy key, RPM-GPG-KEY-Tenable-2048, for Nessus Agent versions 10.1.4 and earlier.
Note: Tenable is aware of an issue where certain Linux-based agents become unresponsive after installing the EA version of Agent 10.2.0. To address this condition, reinstall the GA version of Agent 10.2.0 locally.

New Features

The following are the new features included in Tenable Nessus Agent 10.2.0:

  • Added a local NessusCLI setting that allows you to disable regular metadata updates. When enabled, metadata updates only occur at linking and when the agent runs a scan. For more information, see the Skip Asset Observation On Update setting in the Nessus Agent User Guide.

Changed Functionality and Performance Enhancements

The following are changed functionality and performance enhancements included in Tenable Nessus Agent 10.2.0:

  • Added the following operating system support for agents:

    • Debian 11

    • RHEL 9

    • Ubuntu 22.04

  • Added Graviton ARM support for agents on the following operating systems:

    • Red Hat/Oracle 7, 8, and 9

    • CentOS 7

    • Ubuntu 20.04 and 22.04

  • Added OpenSSL 3.0.5 support.

Bug Fixes

Bug Fix Defect ID
Resolved issue where a specific scheduler configuration would cause the agent to shut down. 5003a00001F54U1AAJ
Resolved issue where 8.x versions of agent would not install on CentOS 6. 5003a00001AeDVo

Upgrade Notes

  • Nessus Agent 10.2.0 introduces a new service called nessus-agent-module. The new service does not impact any agent functionality or operations. If you use an allow list in a third party endpoint security product, such as AV or host-based intrusion prevention, you need to add nessus-agent-module to the allow list. For more information, see File and Process Allow List in the Nessus Agent User Guide.

  • Tenable Nessus Agents upgraded via Tenable Nessus Manager cannot upgrade to 8.2.0 and later unless Tenable Nessus Manager is already updated to 8.12.0 or later.

  • New Tenable Vulnerability Management Domain - As a part of continuous security and scalability improvements to Tenable infrastructure, we have added a new sensor.cloud.tenable.com domain that Tenable Vulnerability Management-linked agents communicate with.

    • Starting with Agent 8.1.0, Tenable Vulnerability Management-linked agents communicate with Tenable Vulnerability Management using sensor.cloud.tenable.com. In case agents are not able to connect to the new domain, they fall back to using cloud.tenable.com. Agents with earlier versions continue to use the cloud.tenable.com domain.

    • Recommended Action: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com and all future subdomains, reducing operational overhead. Contact your network administrator for assistance with making necessary changes to your allow list.
  • You can upgrade to the latest version of Nessus Agent from any previously supported version.
  • If your upgrade path skips versions of the Agent, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.