Note: Passive Vulnerability Scanner (PVS) is now known as Nessus Network Monitor (NNM).
This document describes the new features and improvements that are introduced in PVS 5.2. A PDF file of these release notes is also available here.
- Upgrades from 4.2.1, 4.4.1, and 5.0.0 to 5.2.0 are supported. Installations running previous versions of PVS 4.2.1 must upgrade to at least 4.2.1 prior to upgrading to PVS 5.2. Refer to the PVS 5.2 User Guide for details on upgrading to PVS 5.2.
- PVS 5.2 is compatible with SecurityCenter 4.7.x and later.
- The HTML5 User Interface is automatically updated to version 1.8.0 via a plugin update.
Support is available for the following platforms:
- Red Hat Linux ES 5 / CentOS 5 64-bit
- Red Hat Linux ES 6 / CentOS 6 64-bit
- Red Hat Linux ES 7 / CentOS 7 64-bit
- macOS 10.9 - 10.12 64-bit
- Microsoft Windows Vista, 7, 8, Server 2008, and Server 2012 64-bit
File Names & MD5 Checksums
New SCADA Analysis Module
PVS includes a new analysis module that analyzes SCADA network traffic to discover SCADA assets and their vulnerabilities. This module provides the same capabilities as SCADA plugins that are loaded by PVS versions older than 5.2, with improved performance. In addition, the module provides deep visibility into the type of SCADA devices discovered. This module is enabled by default and can be disabled in environments that do not contain SCADA devices.
New SCADA Top-N charts
The following charts have been added to the dashboard in the PVS client and provide a high-level summary of SCADA assets, their vulnerabilities, and protocols used by them. The charts are disabled by default.
- SCADA Vulnerability Distribution by Severity
- Top 10 SCADA Hosts
- SCADA Host Distribution by Protocol
- SCADA Host Distribution by System Type
New Connection Analysis Module
The connection reporting features of the Tenable Network Monitor (TNM) are now available within PVS as part of a new Connection Analysis module. This module eliminates the need for TNM to obtain connection duration and bandwidth information, and extends the platform support to all platforms supported by PVS. Connection duration and bandwidth reporting for IPv6 and tunneled traffic is a new addition and also available with this module. This module is disabled by default.
Improved PVS 10G performance
PVS now uses a new high-performance regular expression matching library for pattern matching when analyzing network traffic in high performance mode.
Improved VLAN reporting for hosts
PVS includes the ID of the VLAN a host lies within, in the report sent to SecurityCenter. The PVS client includes support for a user to query hosts by VLAN ID and also reports the VLAN ID within the host's detail view.
Support for macOS 10.10, 10.11, and 10.12
PVS 5.2.0 supports macOS versions 10.9 to 10.12.
- HTML reports now include an option to include an Executive Summary chapter. This chapter contains the following sub-sections: Top 10 Vulnerabilities by Count, Top 10 Most Severe Vulnerabilities, Top 10 Hosts with Most Severe Vulnerabilities, and Hosts with Obsolete Operating Systems.
- Fixed an issue where PVS may stop processing packets in High Performance Mode (10G PVS) in a VM deployment on high bandwidth networks.
- The Events view in the PVS client includes byte transfer size details for connection events.
- The number of worker threads can be configured to a maximum of 16 in high performance mode.
- The SQLite version used by PVS has been upgraded to 3.13.0.
- The OpenSSL version used by PVS has been upgraded to 1.0.2j.
- The jQuery UI version used by PVS has been upgraded to 1.12.0.
- The Expat version used by PVS has been upgraded to 2.2.0.