Nessus FAQs

Nessus Enterprise:

Q. How many scanners are included with Nessus Enterprise?
Q. Can I add more scanners to Nessus Enterprise?
Q. Do I need to buy multiple Nessus Enterprise subscriptions?
Q. How many scanners will one Nessus Enterprise support?

Nessus General Questions:

Q. Should I upgrade to Nessus 5?
Q. What is included in the Nessus download?
Q. What OS platforms does Nessus 5 have builds for?
Q. What are the system/hardware requirements for using Nessus?
Q. What does Nessus 5 cost?
Q. How do I upgrade to Nessus 5?
Q. Will Nessus 5 work with SecurityCenter?
Q. Are there detailed instructions on installing and configuring Nessus 5?
Q. Where can I go for more information?
Q. What is Nessus Enterprise Cloud?

Nessus Licensing:

Q. How is Nessus licensed?
Q. Can I use Nessus at work?
Q. Where can I find the Nessus License Agreement?
Q. Is Nessus a trademark of Tenable Network Security?
Q. How does the Nessus license work in a VM (virtual machine) environment?
Q. I'm a consultant; can I use Nessus 5 to conduct my client's audits?
Q. We are a Managed Security Service Provider (MSSP); can we install Nessus 5 on a server appliance that we provide to our customers?
Q. We are a software or hardware manufacturer; can we include Nessus in the products we sell to our customers?

Nessus Support:

This section contains details about Nessus support operations that apply only to Tenable's customers that are using Nessus in combination with the the paid Nessus subscription.

Q. Where can I go to get help on an issue I'm having with Nessus if I'm not a customer?
Q. What is the Tenable Support Portal?
Q. How does the Tenable Support Portal benefit customers?
Q. Must I use the Tenable Support Portal when requesting support?
Q. How do I obtain a Tenable Support Portal account?
Q. How many Technical Contacts am I allowed?
Q. How do I add or change the Technical Contact information?
Q. What kind of Support and Maintenance is available from Tenable on Nessus and Nessus Enterprise Cloud?
Q. Does Tenable Nessus equally support all operating system and hardware combinations?
Q. What are Fully Supported platforms?
Q. What are Limited Support platforms?
Q. Where is the list showing which platforms fall into which tier?
Q. What versions of Nessus does Tenable support?
Q. Will you support user-patched versions of Nessus 4.x or higher binaries?
Q. Do you support alpha and beta Nessus 4.x or higher binaries?
Q. May Tenable alter its list of supported software?
Q. What is an issue's expected resolution time?
Q. What documents will I receive after ordering support?
Q. Does support cover the Nessus 2.x GPL version of the software?
Q. Are only Nessus 4.4 and higher software products covered by Tenable Support?
Q. I work on behalf of third-party customers; how do I obtain Nessus support for them?
Q. I work on behalf of third-party customers; can I use my Nessus contract to open issues on their behalf?
Q. May I request to escalate an issue's priority?
Q. Must customers provide Tenable with relevant information to receive help?
Q. Is Tenable support provided according to industry norms of "good faith" effort?
Q. Do Nessus contracts automatically renew?
Q. Where should I send notices required under the Nessus contract?
Q. What are the definitions of Release Types?
Q. What are the definitions of Support Components?

Nessus Configuration and Troubleshooting:

Q. How can I change the password of a Nessus user?
Q. I attempted to install Nessus via RPM, but I get an error. Why can't I install Nessus this way?
Q. How do I run plugins from the command line and access a knowledge base?

Nessus Windows-specific:

Q. When I try to install Nessus Windows, why am I receiving the error, "Error 1607: Unable to Install InstallShield Scripting Run Time"?
Q. Is there a difference in running Nessus on a Windows Server operating system (such as Server 2003 or 2008) versus a Windows desktop operating system (such as XP, Vista, or Windows 7)?
Q. Can I use Nessus on a system with a Host-based Intrusion Prevention System (HIPS) installed?

Compliance Checks

Q. What do the compliance checks audit against?
Q. How do I create my own audit policies?
Q. Can the audit policies test for "XYZ"?
Q. Do I need to run an agent to perform these checks?
Q. What sort of performance impact will these have on the scanned servers?
Q. What do I need to run compliance checks?
Q. How is a compliance check different than a vulnerability scan?
Q. What systems can be audited?
Q. What policies do you audit against?
Q. Are compliance checks available for all Nessus platforms?
Q. How do I get compliance checks?
Q. Is there a charge for the compliance check plugins?
Q. How do I configure the compliance check plugins to match my security policy?
Q. How do I enable the compliance checks during my scan?
Q. Are compliance checks enabled by default when I do a scan?
Q. Why do I get the error message "Supplied credentials don't have enough privileges to audit the remote host" when I try and execute compliance checks?

Tenable Plugin Subscriptions:

Q. Where can I get a copy of the Tenable Subscription Agreement?
Q. How do you license the Subscriptions from Tenable?
Q. What is a "Registered Scanner"?
Q. What is a "Nessus Home Subscription" and what can I do with these plugins?
Q. What is an "Evaluation" Subscription and what can I do with these plugins?
Q. What is a "Nessus Subscription" and what can I do with these plugins?
Q. What are "Inclusive Plugins" and what can I do with these plugins?
Q. What are the benefits of the Nessus subscription compared to the Nessus Evaluation?
Q. What are my options for purchasing a Nessus Subscription from Tenable?
Q. How do I renew my Nessus Subscription?
Q. I am a home user; can I download Nessus and scan my network and my friends' networks for free?
Q. I work for a company, and use Nessus to scan our network; am I required to subscribe to the full version of Nessus to use the latest updates for Nessus?
Q. I work for a college/university, and use Nessus to scan our network; am I required to purchase Nessus?
Q. I work for a company, and use Nessus to scan our lab network prior to using Nessus in production; am I required to purchase Nessus to use the latest updates for Nessus for our testing purposes?
Q. I work for a government department/agency/bureau (Federal, State, Local, and International), and use Nessus to scan our network; am I required to purchase Nessus to use the latest updates for Nessus?
Q. I want to evaluate Nessus at my workplace. Do I need to purchase Nessus simply to perform an evaluation?
Q. We are a product vendor; can I include Nessus with our product?
Q. We have purchased a product from a vendor that provides the Nessus engine with their product and has referred us to Tenable to subscribe.
Q. We are a MSSP and use Nessus to perform scanning services; are we required to purchase Nessus to use the latest updates for Nessus?
Q. I work for a charity and would like to use Nessus to scan our network; how do I apply to receive Nessus for free?
Q. I work as an information security teacher/trainer and would like to use Nessus as part of my class; how do I apply to receive Nessus for free?
Q. Which plugins can I distribute in my book, magazine, or CD?
Q. Can I resell Nessus?
Q. Can I request plugin modifications from Tenable as part of my Nessus subscription?
Q. Can I write custom plugins for my Nessus Scanner?
Q. How do I install my Activation Code?

Nessus Enterprise:

Q. How many scanners are included with Nessus Enterprise?

A. Nessus Enterprise is a scanner that also provides Nessus scanner management and sharing capabilities. If you would like to purchase Nessus Enterprise plus additional Nessus scanners, discounted packages are available through Tenable Authorized Partners.
Back to Nessus Enterprise FAQ

Q. Can I add more scanners to Nessus Enterprise?

A. Yes. Additional Nessus scanners can be added to your Nessus Enterprise scanners, which are designed to manage multiple Nessus scanners and provide sharing capabilities. You can purchase additional scanners through Tenable Authorized Partners and the Tenable Store.
Back to Nessus Enterprise FAQ

Q. Do I need to buy multiple Nessus Enterprise subscriptions?

A. One Nessus Enterprise subscription will manage multiple Nessus scanners. To do so requires only one Nessus Enterprise subscription and multiple Nessus subscriptions to meet your needs. However, depending on your network architecture and security policies, you may want network segments under separate Nessus Enterprise.
Back to Nessus Enterprise FAQ

Q. How many scanners will one Nessus Enterprise support?

A. Although there is no technical limit to the number of scanners each Nessus Enterprise supports, upgrading to SecurityCenter as you approach 7-10 scanners is more cost-effective and provides additional functionality and threat management benefits.
Back to Nessus Enterprise FAQ

Nessus General Questions:

Q. Should I upgrade to Nessus 5?

A. Yes. Nessus 5 includes important improvements over Nessus 4.4, including a browser-based installation wizard, configuration and management done 100% through GUI, new plugin filtering when creating scan policies, new result severity levels (Informational and Critical), streamlined results navigation, report customizing, four new pre-configured and PDF report formats, and much more.
Back to General FAQ

Q. What is included in the Nessus download?

A. When you download Nessus, you receive the Nessus 5 scanning engine (server) that includes a web-based Adobe Flash client. To receive plugin updates from Tenable under either Nessus or Nessus Home, you will need to register your scanner with Tenable through Tenable.com.
Back to General FAQ

Q. What OS platforms does Nessus 5 have builds for?

A. Nessus 5 is available and supported for a variety of operating systems and platforms:

  • Debian Debian 6 and 7 / Kali Linux (i386 and x86-64)
  • Fedora 19 and 20 (i386 and x86-64)
  • FreeBSD 9 (i386 and x86-64)
  • Mac OS X 10.7 and 10.8 (i386 and x86-64)
  • Red Hat ES 4 / CentOS 4 (i386)
  • Red Hat ES 5 / CentOS 5 / Oracle Linux 5 (i386 and x86-64)
  • Red Hat ES 6 / CentOS 6 / Oracle Linux 6 (i386 and x86-64) [Server, Desktop, Workstation]
  • SuSE 10.0 (x86-64) and 11 (i386 and x86-64)
  • Ubuntu 9.10, 10.04, 11.10, 12.04, 12.10, 13.04, 13.10, and 14.04 (i386 and AMD64)
  • Windows XP, Server 2003, Server 2008, Server 2008 R2 *, Vista, 7, 8, and Server 2012 (i386 and x86-64)

To see the list, please visit the download page.
Back to General FAQ

Q. What are the system/hardware requirements for using Nessus?

Tenable recommends a minimum of 2 GB of memory to operate Nessus. To conduct larger scans of multiple networks, at least 3 GB of memory is recommended, but it may require up to 4 GB for heavy usage including audit trails and PDF report generation.

A Pentium 3 processor running at 2 GHz or higher is recommended. When running on Mac OS X, a dual-core Intel® processor running at 2 GHz or higher is recommended. Deploying Nessus on 64-bit systems is preferred. The system should have at least 30 GB of free disk space for Nessus and subsequent scan data.

Nessus can be run under a VMware instance, but if the virtual machine is using Network Address Translation (NAT) to reach the network, many of Nessus’ vulnerability checks, host enumeration and operating system identification will be negatively affected.
Back to General FAQ

Q. What does Nessus 5 cost?

A. The Nessus 5 scanner is available as a free download. To receive updates for new vulnerability checks, select the appropriate plugin subscription from Tenable depending on the intended use. See Subscription FAQ below.
Back to General FAQ

Q. How do I upgrade to Nessus 5?

A. Nessus 5 is available for download and detailed instructions are available in the Nessus 5.0 Installation and Configuration Guide.
Back to General FAQ

Q. Will Nessus 5 work with SecurityCenter?

A. Yes. Nessus 5 is fully compatible with Tenable SecurityCenter. Tenable SecurityCenter centralizes security management for multiple security and network administrators across multiple organizations. Scheduled vulnerability scanning, real-time IDS event analysis, asset discovery, asset management, vulnerability remediation management, incident response, network topology discovery and organizational executive reporting for hundreds of administrators is accomplished through a single easy-to-use web interface.
Back to General FAQ

Q. Are there detailed instructions on installing and configuring Nessus 5?

A. Yes. A detailed Nessus Installation and Configuration Guide and Nessus User Guide are available for download.
Back to General FAQ

Q. Where can I go for more information?

A. If you still have questions about Nessus 5, feel free to contact us, visit Tenable.com, or post to the Tenable Discussion Forums.
Back to General FAQ

Q. What is Nessus Enterprise Cloud?

A. Nessus Enterprise Cloud is Tenable's on-demand perimeter scanning service and includes the latest security tests for publicly-available security patches and disclosed vulnerabilities.
To Nessus Enterprise Cloud FAQs

Nessus Licensing:

Q. How is Nessus licensed?

A. Nessus is licensed per installation, so for each Nessus scanner that you have installed and operating, it would require a Nessus subscription.
Back to License FAQ

Q. Can I use Nessus at work?

A. You must purchase Nessus to use Nessus outside of the home or personal use.
Back to License FAQ

Q. Where can I find the Nessus License Agreement?

A. The Nessus License Agreement is available online.
Back to License FAQ

Q. Is Nessus a trademark of Tenable Network Security?

A. Yes. Nessus is a registered trademark of Tenable Network Security. Tenable does not grant to you, either expressly or by implication, any license or permission under the License Agreement to use any of the Tenable marks (including trademarks, service marks, trade names, trade dress, symbols, logos, designs, domain names, slogans and other source identifiers).
Back to License FAQ

Q. How does the Nessus license work in a VM (virtual machine) environment?

A. Each installation of Nessus requires Tenable's license whether it is standalone or in a virtual machine (VM) environment. The same is true for subscription licensing.
Back to License FAQ

Q. I'm a consultant; can I use Nessus 5 to conduct my client's audits?

A. Tenable permits you to use Nessus to audit the security of third-party networks, but requires that you purchase a Nessus Subscription. You must purchase Nessus to use it commercially with the latest updates and have access to technical support and knowledgebase articles. Nessus Home cannot be used for consulting commercially.

A very common scenario for Tenable is to license several Nessus scanners to a service provider who operates an equivalent number of Nessus scanners to check for vulnerabilities on their customers' systems and networks. The Nessus license is tied to the Nessus scanner. If the Nessus scanner is mobile (such as on a laptop), then the license is mobile. We do not tie it to an IP address. There is no limitation to the amount of scans completed or IPs scanned. However, the Tenable Plugins are licensed only for use with registered Nessus scanners obtained directly from Tenable.com or Tenable.com.
Back to License FAQ

Q. We are a Managed Security Service Provider (MSSP); can we install Nessus 5 on a server appliance that we provide to our customers?

A. No. If you are an MSSP, you cannot install Nessus on an appliance, either virtual or physical, that you provide to your customers.
Back to License FAQ

Q. We are a software or hardware manufacturer; can we include Nessus in the products we sell to our customers?

A. No. You cannot include Nessus without acquiring a license from Tenable to do so. You can inquire about an OEM agreement with Tenable for the Nessus engine and the Tenable Plugins on a case-by-case basis. To inquire about an OEM agreement for Tenable's Nessus software, please contact us with your request.
Back to License FAQ

Nessus Support:

This section contains details about Nessus support operations that apply only to Tenable's customers have purchased a Nessus Subscription.

Q. Where can I go to get help on an issue I'm having with Nessus if I'm not a customer?

A. Please join our Discussion Forums for Nessus and ask questions there.
Back to Support FAQ

Q. What is the Tenable Support Portal?

A. The Tenable Support Portal is a web application used by Tenable Support engineers to manage requests with our customers on the incidents they file, provide a knowledgebase of information about Tenable products, additional downloads (e.g., compliance and audit files) and manage subscription licenses. The Tenable Support Portal may be accessed at the following URL: https://support.tenable.com/support-center/

Back to Support FAQ

Q. How does the Tenable Support Portal benefit customers?

A. The Tenable Support Portal enables customers to easily submit all support issues. It keeps all related messages, files and other details grouped together on an issue-by-issue basis. It also provides access to the Nessus Knowledgebase. We have created a short paper about all of its features and content.
Back to Support FAQ

Q. Must I use the Tenable Support Portal when requesting support?

A. When you purchase Nessus, you must provide us with the name and email address of your Technical Contact Person(s). A separate Tenable Support Portal account is automatically created for each Technical Contact Person. Support requests are accepted via the Tenable Support Portal or an email may be sent to nessus-support@tenable.com. Note that email requests must be sent from one of the email addresses provided to Tenable as a support contact, for security reasons.
Back to Support FAQ

Q. How do I obtain a Tenable Support Portal account?

A. To "log in" for the first time, please use the "First Time Login?" link on the login page, enter your email address, click "Send New Password", and follow the instructions in the email you will receive. Your email address must be the same as the one provided on your support contract.
Back to Support FAQ

Q. How many Technical Contacts am I allowed?

A. Each customer is allowed to have a maximum of five (5) Technical Contacts at any given time, regardless of the number of scanners covered.
Back to Support FAQ

Q. How do I add or change the Technical Contact information?

A. The Primary Contact (PC) for the account has the ability to add and deactivate a contact from the Tenable Support Portal. Please have the PC log in to the Tenable Support Portal, and then select “Add Contact” to add or deactivate a registered contact . For new contacts, we will send an account activation email once the account has been created. To update the information for an existing registered contact, please email licenses@tenable.com with the requested changes. We will reply with a confirmation email once your changes are made.
Back to Support FAQ

Q. What kind of Support and Maintenance is available from Tenable on Nessus and Nessus Enterprise Cloud?

A. Tenable offers a premium level of support that is standard for its Nessus and Nessus Enterprise Cloud customers that are running Nessus on Fully Supported platforms. Maintenance and Standard Support include access to software upgrades, hotfixes, patches, access to Nessus for current Plugins, and access to Tenable's Technical Support team via Live Chat, Email, Webex, and web Support Portal. Live Chat Support is available 9:00AM – 5:00PM EST. Email and remote Webex support is available 6:00AM – 9:00PM EST. Access to the Tenable Support Portal for web ticket submission, product downloads, and documentation downloads is 24 x 7 x 365 over the web. Access to Tenable plugin feeds over the Internet is 24 x 7 x 365 and is available as long as one's subscription is current.
Back to Support FAQ

Q. Does Tenable Nessus equally support all operating system and hardware combinations?

A. No. Nessus runs on many different combinations of operating systems and hardware platforms. Tenable divides these into one of two tiers:

  • Fully Supported (FS)
  • Limited Support (LS)

Back to Support FAQ

Q. What are Fully Supported platforms?

A. These are operating system and hardware combinations that are primary platforms for Nessus usage. Tenable builds and tests binaries for these combinations using Tenable's own hardware. All forms of Nessus 5 binaries can be included under this tier: Certified, Production (GA), Alpha, and Beta. There should be no technical scenarios on these platforms that the Tenable Nessus Support Team cannot resolve to a reasonable level.
Back to Support FAQ

Q. What are Limited Support platforms?

A. These are specific operating system and hardware combinations for which Tenable provides only limited support. Tenable cannot provide full support for Nessus installed on an operating system for which commercial support is unavailable from the OS provider. In addition, there may be other mitigating technical or logistical reasons for not providing full support for Nessus on a particular hardware/OS combination.
Back to Support FAQ

Q. Where is the list showing which platforms fall into which tier?

A. Currently supported platforms are listed on the website, but as a general rule, the following is expected to apply to supported platforms and platforms that will be provided a Nessus binary but without any support, implied or otherwise.

Two tiers of support are being offered for Nessus on a given platform: "Fully Supported" and "Limited Support". Fully Supported includes support for bug fixes, changes, and future feature additions. On Limited Support platforms, Nessus is offered "as is" and may or may not be continued in the future. On Limited Support platforms, Tenable makes no commitment that bugs will be fixed; although Tenable may do so. Limited Support platforms do come with access to Nessus updates; however, they do not come with access to Tenable Customer Support. Only the Fully Supported platforms come with the ability to contact Tenable Customer Support for problems regarding the Nessus binary. Otherwise, all support issues must be taken to the Nessus Discussion Forums.

Fully Supported covers the current release and one prior (N & N-1). On Limited Support platforms, Tenable only provides a Nessus binary with no implied support and only on the most current release (N), except in the case of Windows XP for which there is only one version. Each version is assumed to be at the most recent patch level available.

Full Support (FS)

Full support from bugs to feature requests is provided on the following platforms:

Red Hat Enterprise Server N & N-1
CentOS N & N-1
SuSE N & N-1
Mac OS X N & N-1
Solaris N & N-1
Windows Server 2003 N & N-1
Windows Server 2008 N
Windows XP Professional N
Windows Vista N
Windows 7 N

Limited Support (LS)
Tenable provides a binary with no implied support. We may or may not correct problems and a version may or may not be updated in the future. Newer releases may not be made available.

Fedora Core N
FreeBSD N
Debian N
Ubuntu N

Back to Support FAQ

Q. What versions of Nessus does Tenable support?

A. Currently, Tenable supports Nessus version 4.4 and above. This covers Nessus 4.4 and Nessus 5. As newer versions are introduced, support for past versions will gradually phase out.
Back to Support FAQ

Q. Will you support user-patched versions of Nessus 4.x or higher binaries?

A. No.
Back to Support FAQ

Q. Do you support alpha and beta Nessus 4.x or higher binaries?

A. No. However, any customer that is invited to participate in an alpha and/or beta release will receive timely responses to reported problems. Due to the nature of testing and development efforts, some issues may not be resolved in an alpha/beta release until the eventual public release of the new version.
Back to Support FAQ

Q. May Tenable alter its list of supported software?

A. Yes. Tenable reserves the right to discontinue support of versions of its software, other than the then-current version, at any time.
Back to Support FAQ

Q. What is an issue's expected resolution time?

A. Tenable Support responds to all email queries for support within one business day. Resolution time is the time within which support engineers will endeavor to resolve your issue. There are no guarantees about resolution times; however most customers have their issues resolved in one business day. Depending on the complexity of the issue, resolution may take a few hours to a few days or longer. In some cases, successful resolution or a work-around may not be possible. Issues involving the functionality of the Nessus engine will be corrected in a timely manner. When necessary, plugins will be altered and fine-tuned to provide the best overall responses to the entire customer base but there may be OSs, applications, and other network devices that will respond in ways that prevent problems or disruptions from being resolved. In such cases, it is Tenable's policy that the applicable vendor is liable for the correction of the response or behavior of their products.
Back to Support FAQ

Q. What documents will I receive after ordering support?

A. You will receive a welcome email containing details of your order and instructions on how to get started. If you do not receive the email shortly after ordering, email nessus-support@tenable.com for assistance.
Back to Support FAQ

Q. Does support cover the Nessus 2.x GPL version of the software?

A. No.
Back to Support FAQ

Q. Are only Tenable Nessus 4.4 and higher software products covered by Tenable Support?

A. Yes. Although Tenable tries to take a broad and inclusive view of technical support, our support formally covers only authorized, unmodified versions of the Nessus 4.4 and higher binaries, tools, and our own utilities. This does not include any user-compiled products or third-party developed products. Tenable does not provide support for the underlying operating system, hardware, applications, or third-party products that access a Nessus 4.4 and higher server. Further, Tenable is not required to provide support services regarding the following: (a) any software other than supported software; (b) any classroom training or on-site consulting; (c) design of any application; (d) patches or modifications to the source code of the supported software authored by anyone other than Tenable; (e) installation, configuration, or malfunctions of any part of the customer's computer or networking hardware equipment; or (f) installation, configuration, or malfunctions of any part of the customer's operating system, including without limitation kernels, libraries, patches, and drivers.
Back to Support FAQ

Q. I work on behalf of third-party customers; how do I obtain Nessus support for them?

A. Each customer must buy their own Nessus contract. They must use Nessus to receive support.
Back to Support FAQ

Q. I work on behalf of third-party customers; can I use my Tenable Nessus contract to open issues on their behalf?

A. No. If your customers require Nessus support, they must download their own Nessus software from Tenable and buy their own Nessus contract.
Back to Support FAQ

Q. May I request to escalate an issue's priority?

A. Tenable determines the initial priority of your issues. At any time, you may request to escalate or downgrade the priority of an issue via the Tenable Support Portal.
Back to Support FAQ

Q. Must customers provide Tenable with relevant information to receive help?

A. Yes. When submitting requests for support, the customer must provide to Tenable all data that is relevant for resolving each technical support request. Relevant data may include, but is not limited to, log files, database dumps, program scripts, descriptions of the hardware and software environment, examples of inputs as well as expected and actual outputs. This information should be as complete as possible, but sensitive information (e.g., account names, passwords, internal IP addresses) should be sanitized before sending to Tenable.
Back to Support FAQ

Q. Is Tenable support provided according to industry norms of "good faith" effort?

A. Yes. Tenable will use its good faith, commercially-reasonable efforts to attempt to diagnose any failure of the supported software used by the customer to conform to written specifications and to advise the customer of appropriate remedies.
Back to Support FAQ

Q. Do Nessus contracts automatically renew?

A. No. They renew annually only if a Nessus subscription has been renewed and paid by their term anniversary date until canceled by the customer or Tenable. Contracts that lapse are not subject to a payment to cover the gap in coverage; however, your license to use the plugins terminates with the subscription and you are not able to use the plugins until your subscription is valid.
Back to Support FAQ

Q. Where should I send notices required under the Nessus contract?

A. Tenable Network Security, Inc.
7021 Columbia Gateway Drive, Suite 500
Columbia, MD 21046 – USA
Attn: Sales Operations

Back to Support FAQ

Q. What are the definitions of Release Types?

A. See below:

- Alpha Release
Alpha is for preview purposes only. It may contain known bugs or functionality that is not implemented yet.

- Beta Release
Beta releases are appropriate for use with new development. Within beta releases, the features and compatibility are expected to remain consistent. However, beta releases may contain numerous and major unaddressed bugs and are not recommended for deployment in production environments.

- GA/Production Release
GA (Generally Available, formerly named Production) releases are stable, having successfully passed through all earlier release stages and have been verified through widespread use to be reliable, free of known bugs at the time of release and suitable for use in production systems.
Back to Support FAQ

Q. What are the definitions of Support Components?

A. See below:

- Server Machine
A server machine is a complete computing system, including one or more CPUs, memory, disk storage, operating system, and network connections. A "Per Server" license covers a single server machine, which is owned or controlled by the Customer, regardless of the number of CPUs, connections, or user instances. A server machine may be used as a scanning server, replication master, replication slave, or cluster node.

- Technical Contact Person
An individual person authorized to open support issues with Tenable and communicate with the Nessus Support Team.

- Administrative Contact Person
The Administrative Contact is the customer's representative who names their Technical Contact Persons and who handles administrative issues regarding their Nessus contract.
Back to Support FAQ

Nessus Configuration and Troubleshooting:

Q. How can I change the password of a Nessus user?

A. Password changes are done through the Nessus web interface. From the menu, select "Users," select the user for whom you want to change the password, click "Edit", change the password, confirm, and click "Submit".
Back to Configuration FAQ

Q. I attempted to install Nessus via RPM, but I get an error. Why can't I install Nessus this way?

A. If you downloaded the Nessus RPM to a Windows system and then transferred it to your Unix system, the name of the Nessus RPM file will likely be something similar to Nessus-5[1].0.0-es4.i386.rpm. RPM cannot handle square brackets (i.e., [1]). Rename the file to Nessus-5.0.0-es4.i386.rpm and re-attempt the installation.
Back to Configuration FAQ

Q. How do I run plugins from the command line and access a knowledge base?

A. In Nessus 5, a Knowledge Base (KB) is saved with each scan performed (system resources permitting) and is accessed from the web interface. The web interface is also used to enable and disable plugins.

In Nessus 4.4, you can have the NASL interpreter load the KB for a specific host with the "-k" option. For example, you could test for the First4Internet CodeSupport ActiveX control by running:

$ nasl -k /opt/nessus/var/nessus/<user>/kbs/<target> \

-t <target> codesupport_activex_code_exec.nasl

Note: this requires that you have access to the KB and that the KB has already been populated by any plugin dependencies. Tenable has an extensive blog post on the usage of the NASL command line tool.
Back to Configuration FAQ

Nessus Windows-specific:

Q. When I try to install Nessus Windows, why am I receiving the error, "Error 1607: Unable to Install InstallShield Scripting Run Time"?

A. This error code can be produced if the Windows Management Instrumentation (WMI) service has been disabled for any reason. Please verify that the service is running.

If the WMI service is running, then this may be a problem between the Microsoft Windows operating system settings and the InstallShield product that is used for installing and removing Nessus Windows. There are knowledge base articles from both Microsoft and InstallShield that detail potential causes and the resolution of the issue.

Back to Windows Specific FAQ

Q. Is there a difference in running Nessus on a Windows Server operating system (such as Server 2003 or 2008) versus a Windows desktop operating system (such as XP, Vista, or Windows 7)?

A. Yes. Microsoft Windows desktop systems have network limitations that may impact the performance of Nessus. The TCP/IP stack limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit is reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate (10 per second). If too many enter the queue, they may be dropped.

This has the effect of causing a Nessus scan on a Windows desktop operating system to potentially have false negatives. For better accuracy, it is recommended that Nessus on a Windows desktop operating system have its port scan throttle setting down to the following, which is found in the "Performance" setting type under General Settings of a new policy:

Max number of hosts: 10
Max number of security checks: 4
Max number of packets per second for a port scan: 50

For increased performance and scan reliability, it is highly recommended that Nessus Windows be installed on a server product from the Microsoft Windows family, such as, Windows Server 2003, 2008, or 2008 r2.
Back to Windows Specific FAQ

Q. Can I use Nessus on a system with a Host-based Intrusion Prevention System (HIPS) installed?

No. During the process of scanning a remote target, Nessus must forge TCP/UDP packets and send probes that are often considered "malicious" by HIPS software. If the HIPS system is configured to block malicious traffic, it will interfere with Nessus and cause the scan results to be incomplete or unreliable.
Back to Windows Specific FAQ

Compliance Checks:

Q. What do the compliance checks audit against?

A. The compliance checks can audit for the presence of security policies, such as password complexity and system settings, such as registry values on Windows operating systems. For Windows systems, the compliance audits can test for a large percentage of anything that can be described in a Windows policy file. For Unix systems, the compliance audits test for running processes, user security policy, and content of files.
Back to Compliance Checks FAQ

Q. How do I create my own audit policies?

A. Tenable has made documentation available for writing custom audit policies as well as several command line tools and very detailed example policies. In most cases, Tenable customers have been able to use the default audit policies and remove unneeded tests. In cases where more detail is needed than the current example tests, Tenable has documented examples for each type of Unix and Windows audit point. These can be modified with values that are in line with your organizations configuration guidelines. The documentation is available on our Tenable Support Portal on the "Downloads" page.
Back to Compliance Checks FAQ

Q. Can the audit policies test for "XYZ"?

A. Tenable often receives "policy" testing requests for technical parameters outside of the scope of the audit checks. The compliance checks can audit the underlying configuration of the operating system; however they cannot test for items such as detecting dual boot servers, user login behavior, CPU utilization, or when a program was last used. On a case by case basis, some applications may have log files and registry settings that may contain this sort of information, but as a base function of the compliance checks, they do not detect this sort of information by default.
Back to Compliance Checks FAQ

Q. Do I need to run an agent to perform these checks?

A. No. All of these checks are performed 100% with credentialed network scans from Nessus. The scans could also be performing vulnerability and patch audits at the same time, if desired.
Back to Compliance Checks FAQ

Q. What sort of performance impact will these have on the scanned servers?

A. Tenable has attempted to minimize the amount of network traffic created during the scan and the amount of CPU and system usage on the scanned systems. The impact should be minimal.
Back to Compliance Checks FAQ

Q. What do I need to run compliance checks?

A. Compliance checks are plugins available for Nessus. The user must be subscribed to Nessus or be a SecurityCenter user.
Back to Compliance Checks FAQ

Q. How is a compliance check different than a vulnerability scan?

A. Nessus can perform vulnerability scans of network services and also log into servers to discover any missing patches. However, the lack of vulnerabilities does not mean a server is configured correctly. The advantage of using Nessus to perform vulnerability scans and compliance audits is that all of this data can be obtained at one time. Having knowledge of how a server is configured, how it is patched, and which vulnerabilities it has can help to prioritize systems for mitigating risk.
Back to Compliance Checks FAQ

Q. What systems can be audited?

A. Nessus can perform audits on Windows and several Unix-compatible systems:

Windows:

  • Windows 2000
  • Windows XP
  • Windows 2003 Server
  • Windows 2008 Server
  • Windows Vista
  • Windows 7

Unix-Compatible:

  • Solaris
  • Linux
  • FreeBSD/OpenBSD/NetBSD
  • HP/UX
  • AIX
  • Mac OS X

Other Platforms:

  • Cisco
  • SCADA

Back to Compliance Checks FAQ

Q. What policies do you audit against?

A. Tenable has developed several different audit policies for Unix and Windows platforms. These are available as .audit text files to Nessus subscribers on our Tenable Support Portal on the "Downloads" page. Tenable has taken into consideration many aspects of common compliance audits, such as the requirements of SOX, FISMA, HIPAA, PCI, and others while writing these. CIS Benchmarks, NIST, NSA, and other organizations' recommended best practices are audited against as well.

We also provide files to audit databases, presence of anti-virus software, detection of viruses and searching for plain text sensitive content. Audit files are created and updated regularly both by Tenable staff and the Tenable community.
Back to Compliance Checks FAQ

Q. Are compliance checks available for all Nessus platforms?

A. To run the compliance checks, Nessus must be purchased. The underlying operating system that Nessus is running does not matter. You can perform compliance audits of a Windows 2003 server from a Mac OS X system, and you can also audit a Solaris server from a Windows system.
Back to Compliance Checks FAQ

Q. How do I get compliance checks?

A. If you are a Tenable SecurityCenter or Nessus subscriber, your Nessus scanner will already have the plugins required to perform compliance audits. Update your plugins to obtain them.

However, at the Tenable Support Portal on the "Downloads" page, Tenable has made several compliance audit policies available for download, as well as tools to help you develop your own policies.
Back to Compliance Checks FAQ

Q. Is there a charge for the compliance check plugins?

A. The compliance check plugins are a complimentary upgrade for Nessus subscribers.
Back to Compliance Checks FAQ

Q. How do I configure the compliance check plugins to match my security policy?

A. Detailed documentation is available on our Tenable Support Portal on the "Downloads" page.
Back to Compliance Checks FAQ

Q. How do I enable the compliance checks during my scan?

A. To enable the use of an .audit file for a given scan, create or edit a "policy." Under the "Compliance" tab, there are several fields that can specify separate Unix and Windows audit files.
Back to Compliance Checks FAQ

Q. Are compliance checks enabled by default when I do a scan?

A. No. They are enabled after you have manually selected an audit file to perform the scan.
Back to Compliance Checks FAQ

Q. Why do I get the error message "Supplied credentials don't have enough privileges to audit the remote host" when I try and execute compliance checks?

A. The account being used for sign on credentials must have permissions to read the local machine policy. If a target host does not participate in a Windows domain, then the account must be a member of the host's administrators group. If the host participates in a domain, then the domain's administrator group will be a member of the host's administrators group and the account will have access to the local machine policy if it is a member of the domain's administrator group.
Back to Compliance Checks FAQ

Tenable Plugin Subscriptions:

Q. Where can I get a copy of the Tenable Subscription Agreement?

A. The Tenable Subscription Agreement can be viewed online.
Back to Plugin FAQ

Q. How do you license the Subscriptions from Tenable?

A. A Subscription license is an annual subscription. It is required for each installation of Nessus. The Subscription license is tied to the Nessus scanner. If the Nessus scanner is mobile (such as, on a laptop), then the license is mobile. Tenable does not tie the Subscription license to an IP address.
Back to Plugin FAQ

Q. What is a "Registered Scanner"?

A. A Registered Scanner is the Nessus vulnerability scanner (obtained directly from Tenable.com, Tenable.com, or any authorized source as listed on Tenable's website) and registered with Tenable.
Back to Plugin FAQ

Q. What is a "Nessus Home Subscription" and what can I do with these plugins?

A. The Nessus Home subscription is available for non-commercial home use ONLY. The Nessus Home Subscription is a non-commercial subscription that permits you to use the plugins in conjunction with Registered Scanners for your personal use solely to detect vulnerabilities only on your own personal system (or for your own personal network) that you use for non-commercial purposes or on the personal system (or for the personal network) of another natural person in a non-commercial arrangement. You are not eligible to subscribe to the Nessus Home Subscription if you are a corporation, a governmental entity, or any other form of organization. You may not subscribe to the Nessus Home Subscription to use the plugins on a computer owned by your employer or otherwise use the plugins for the benefit of or to perform any services for any corporation, governmental entity, or any other form of organization.
Back to Plugin FAQ

Q. What is an "Evaluation" Subscription and what can I do with these plugins?

A. The Evaluation Subscription is perfect for organizations that would like to try Nessus before purchasing a commercial license. The Evaluation Subscription permits you to use the plugins in conjunction with Registered Scanners and provides the following features: Real-time vulnerability updates, vulnerability scanning, mobile apps for iPhone and Android, and scanning up to a maximum of 16 IPs. The Evaluation Subscription is limited to 7 days. To continue scanning with Nessus in a commercial environment, you must purchase a Nessus Subscription.
Back to Plugin FAQ

Q. What is a "Nessus Subscription" and what can I do with these plugins?

A. The Nessus subscription is required for ALL uses of Nessus outside of the home. The Nessus Subscription is a commercial subscription that permits you to use the plugins in conjunction with Registered Scanners to detect vulnerabilities only on your system or network or on the system or network of a third party for which you perform scanning services, auditing services, incident response services, quality assurance and other lab testing, vulnerability assessment services, or other security consulting services; provided that you have paid the applicable annual subscription fee for each Registered Scanner in conjunction with which you will use the plugins. You will receive the Nessus Subscription and email support if you use this subscription with the supported commercial version of Nessus (for clarification, a commercial version of Nessus means Nessus version 3.0 or higher that was developed, copyrighted, and distributed by Tenable or authorized distributor of Tenable and not released as open source or licensed under the GPL). The term "Supported" means the list of Operating System distribution(s) included in the Plugin FAQ or Nessus FAQ found on any Tenable website, including Tenable.com. For the Nessus Subscription, you agree to pay a subscription fee to Tenable for each system on which you have installed a Registered Scanner.
Back to Plugin FAQ

Q. What are "Inclusive Plugins" and what can I do with these plugins?

A. The term "Inclusive Plugins" means any plugin that you obtained directly from Tenable.com, Tenable.com, or any authorized sources as listed on Tenable's website (Tenable.com), including as part of a download of Nessus vulnerability scanner software. You may use the Inclusive Plugins for personal or commercial use. You may not use the Inclusive Plugins with the Nessus Home or Nessus subscription. You may not add any third-party plugins to the Inclusive Plugins or register with any source of plugins, whether such source is self-updating or manual. You agree to use the plugins only in conjunction with Nessus vulnerability scanner programs obtained directly from Tenable.com or any authorized sources as listed on Tenable's website.
Back to Plugin FAQ

Q. What are the benefits of the Nessus subscription compared to the Nessus Evaluation?

A.

Nessus Evaluation Nessus
Designed for Commercial Organizations that want to evaluate Nessus Commercial Organizations
Real-Time Vulnerability Updates
Vulnerability Scanning
Mobile Apps For iPhone and Android
Maximum Number of IPs Scanned 16 Unlimited
Sensitive Data Searches
Web Application Scanning
Configuration Auditing
Scan Scheduling
Compliance Checks (PCI, CIS, FDDC, NIST, etc.)
SCADA Plugins
Access to the VMware Virtual Appliances
Product Support
Price Free for 7 Days $1,500 / year

Back to Plugin FAQ

Q. What are my options for purchasing Nessus from Tenable?

A. Tenable has two avenues for you to become a Nessus subscriber:

  • For those users who purchase through resellers, Tenable has developed channel relationships with Authorized Nessus Partners that will allow you to purchase through your preferred partner. To inquire about Tenable's Authorized Resellers, please contact subscriptionsales@tenable.com.
  • For those users who prefer to use their credit card for purchases, Tenable's Online Store will continue to serve your needs.

Back to Plugin FAQ

Q. How do I renew my Nessus Subscription?

A. If your product can be renewed online, you will be directed to the Tenable Online Store after logging into the Tenable Support Portal and selecting the items you would like to renew by clicking on "renew" from the Activation Code tab.
Back to Plugin FAQ

Q. I am a home user; can I download Nessus and scan my network and my friends' networks for free?

A. Yes. You can download Nessus, use Nessus Home, and use Nessus to audit any computer or network, as long as you use it for non-commercial purposes and you are authorized to scan the network. Please make sure to review the Subscription License.
Back to Plugin FAQ

Q. I work for a company, and use Nessus to scan our network; am I required to subscribe to Nessus to use the latest updates for Nessus?

A. Yes. If you work for a company and are using Nessus to audit the security of the company for which you work, you must purchase Nessus to use it commercially with the latest updates. Nessus Home cannot be used for commercial purposes.
Back to Plugin FAQ

Q. I work for a college/university, and use Nessus to scan our network; am I required to purchase Nessus?

A. Yes. If you work for a college/university and are using Nessus to audit the security of the college/university for which you work, you must purchase Nessus to use it commercially with the latest updates. Nessus Home cannot be used for commercial purposes.
Back to Plugin FAQ

Q. I work for a company, and use Nessus to scan our lab network prior to using Nessus in production; am I required to purchase Nessus to use the latest updates for Nessus for our testing purposes?

A. Yes. If you work for a company and are using Nessus in a lab for testing or research purposes for the company for which you work, you must purchase Nessus to use it commercially with the latest updates. Nessus Home cannot be used for commercial purposes.
Back to Plugin FAQ

Q. I work for a government department/agency/bureau (Federal, State, Local, and International), and use Nessus to scan our network; am I required to subscribe to Nessus to use the latest updates for Nessus?

A. Yes. If you work for a government department/agency/bureau, whether in the US or internationally, and are using Nessus to audit the security of the government department/agency/bureau for which you work, you must purchase Nessus to use it commercially with the latest updates. Nessus Home cannot be used for commercial purposes.
Back to Plugin FAQ

Q. I want to evaluate Nessus at my workplace. Do I need to purchase Nessus simply to perform an evaluation?

A. No. You can download Nessus from Tenable.com and sign up for a free 7-day Nessus Evaluation before purchasing a commercial license. The Nessus Evaluation does not give you access to the Tenable Support, nor to the full feature set of Nessus, but should be adequate to test Nessus. Learn more and begin the Nessus Evaluation process.


Back to Plugin FAQ

Q. We are a product vendor; can I include Nessus with our product?

A. No. Tenable Plugins, which are only available through Nessus or Nessus Home, are subject to a license that prohibits you from including them in your own product. In other words, the Tenable Plugins are licensed only for use with Registered Nessus Scanners obtained directly from Tenable.com. Your customers are prohibited from using Tenable's plugin subscriptions with the Nessus scanner you provide with your product.
Back to Plugin FAQ

Q. We have purchased a product from a vendor that provides the Nessus engine with their product and has referred us to Tenable to subscribe.

A. If you have purchased a product from a vendor who provides you Nessus as part of their product, you cannot use Tenable's subscriptions with that product. Please contact your product vendor from which you purchased the product for your options.
Back to Plugin FAQ

Q. We are a MSSP and use Nessus to perform scanning services; are we required to purchase Nessus to use the latest updates for Nessus?

A. Yes. If you are a MSSP and are using Nessus to perform remote scanning services, you must purchase Nessus to use it commercially with the latest updates. As a reminder, if you are a MSSP, you cannot install Nessus 5 on an appliance, either virtual or physical, and provide it to your customers as Nessus 5 can only be used by you to provide remote scanning services of external IP addresses. In addition, you cannot sell, resell, loan, or otherwise provide access to third parties the new Nessus XMLRPC interface, Nessus client interface, or Nessus communication interface shipped by Tenable and provided to you.
Back to Plugin FAQ

Q. I work for a charity and would like to use Nessus to scan our network; how do I apply to receive Nessus for free?

A. Tenable is offering a free Nessus subscription to charities that qualify. Please review our Charitable Program to determine if you qualify.
Back to Plugin FAQ

Q. I work as an information security teacher/trainer and would like to use Nessus as part of my class; how do I apply to receive Nessus for free?

A. If you work as an information security teacher or trainer and would like to use Nessus and Tenable's plugins as part of your curriculum, please review our Information Security Training Program and make sure that you are in compliance with Tenable's Subscription Agreement.
Back to Plugin FAQ

Q. Which plugins can I distribute in my book, magazine, or CD?

A. You must obtain express written consent from Tenable Network Security to redistribute any Tenable Plugins or a copy of Nessus.
Back to Plugin FAQ

Q. Can I resell Nessus?

A. Yes. Tenable has established channel relationships that allow you to resell Nessus to your customer. To inquire about our Authorized Resellers, please contact subscriptionsales@tenable.com.
Back to Plugin FAQ

Q. Can I request plugin modifications from Tenable as part of my Nessus subscription?

A. Yes, we welcome feedback to enhance or fix existing plugins and will consider requests for future plugin releases.
Back to Plugin FAQ

Q. Can I write custom plugins for my Nessus Scanner?

A. Tenable Network Security encourages users of the Subscriptions to write and develop new Nessus plugins.

(i) If You feel custom plugins developed by You or Your organization will benefit Nessus Home and Nessus subscribers, You should consider submitting them to Tenable so that the plugins can be tested and distributed as part of the Subscription. Tenable may accept or reject plugin submissions based on code quality, relevance, performance, and other factors. Submitted plugins may include copyright information about the authors, and Tenable will continue to include the copyright information in the plugin. Submitted plugins may not include any licensing terms, usage agreements, or distribution clauses that would interfere with Tenable making the plugin available to subscribers to a Subscription, or would limit Tenable's right to modify the plugin if, for example, changes may be useful to improve its accuracy, performance, network impact, or other parameters.

(ii) Custom Plugins. You may use the Tenable ".inc" files provided with the Subscription, as well as the built-in NASL functions to write custom plugins for Your internal use and internal redistribution, provided, however, that they may not be privately or publicly distributed, whether for free or for a fee.

(iii) Plugin writers should also be aware that many of the APIs available in the NASL language and various ".inc" libraries, may be used to write custom plugins, but such plugins may only be distributed within Your organization and may not be distributed publicly, whether for free or for a fee. For example, custom plugins that specifically make use of authenticated logins to remote systems via Secure Shell or Windows Domain, that use the libraries included in the Subscriptions or that have previously been distributed with the Registered Feed may not be publicly distributed. To ensure that Your custom plugins do not make use of a library that prohibits public distribution, You should audit them to see which libraries are being invoked and then read each corresponding license.
Back to Plugin FAQ

Q. How do I install my Activation Code?

A. After registering for either Nessus or Nessus Home, enter the Activation Code you received via email into the web GUI.
Back to Plugin FAQ