icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

New in Nessus 6.3

The Nessus 6.3 release includes a number of new capabilities, including Nessus Agents being available for the Nessus Manager product, as well as a number of new dashboards.

Nessus Agents

As part of Nessus 6.3, Tenable has released Nessus Agents, a new way to conduct vulnerability assessments designed to help organizations solve some of the problems encountered with traditional, network-based methods such as scanning portable devices like laptops and scanning without credentials.

Nessus Agents & Nessus Manager

Nessus Agents can be installed manually or be deployed using most software management systems. They run under the local SYSTEM account in Windows, and require sufficient privileges to install software under that account on setup.

Installing Nessus Agents

Nessus Agents can be installed manually or be deployed using most software management systems. They run under the local SYSTEM account in Windows, and require sufficient privileges to install software under that account on setup.

Nessus Agents currently support 32 and 64-bit editions of the following operating systems:

  • Windows 7
  • Windows Server 2008 and Server 2008 R2
  • Windows Server 2012 and Server 2012 R2
  • Windows 8


Starting an agent-based assessment will look very familiar to existing Nessus users, with a few slight differences. There are templates specifically for Agents in the Scan Library and you will select groups of agents to serve as targets for an assessment instead of selecting a scanner or manually entering targets.

In addition, when you set up a scan, you specify frequency and time the scan should start, as well as the Scan Window – the window of time in which targeted agents can check in and upload their results for a particular assessment.

Scan Results

Scan results from Nessus Agents will also look familiar to Nessus users. Results are organized by the hostname of the device on which the agent is installed, and display the number of detected vulnerabilities. Results management, for the most part, remains similar to that of traditional Nessus usage, where reports can be generated and sent to administrators or analysts for action.


Nessus 6.3 also includes new Nessus dashboards. Dashboards display a variety of Nessus scan results to help users identify things like patching of critical systems and reliability of scan results.

Enabling and Disabling Scans from the Scan List

A new feature in Nessus 6.3 enables users, when in scan list mode to disable controllable scans through the use of checkboxes or an option in the "More" dropdown menu.


Changelog - 6.3.7


New Features, Improvements, Platform Support

  • Add support for OVAL files to SCAP templates

Bug Fixes

  • Upgrade SQLite to
  • Managed scanners may fail to sleep when not busy

Changelog - 6.3.6


  • Scans started from SecurityCenter may experience degraded performance

Changelog - 6.3.5


  • SC policies are not always removed from policies.db
  • Update Cisco ISE connector text to reflect compatibility with ISE 1.2
  • Proxy requests are duplicating the port when fetching updates
  • Unix Compliance audit files listed under Windows on 32 bit platforms
  • Seeing "function call from non-address variable" in the nessusd.dump in US-1A
  • Agent scans might not execute due to an incorrect ip address
  • Scanner job list will append running jobs over and over on update
  • When scanner (old or new) registers, the scanner cannot be deleted until nessus is restarted
  • Unlinking an agent does not remove the agent from the manager if the web service was not reloaded
  • If a user clicks "re-key", the newly generated key cannot be used to link a scanner or an agent until the Nessus instance is restarted
  • Sleep time too short on agent - seeing warnings in log
  • Issue continuing agent scan after reloading with multiple scans in queue
  • Disabling one plugin, disables all plugins in family, family status says 'mixed' on 32 bit OS only

Changelog - 6.3.4


  • Update Debian package descriptions to remove references to Nessus version
  • Remote Scanner plugin tar file is not generating correctly on Centos 7
  • Nessus installer fails on Debian when upgrading existing install
  • Update OpenSSL to 1.0.0r
  • Agent scans are showing duplicate entries in Reference Information under Plugin Details
  • Host detail information is only present for one agent in a multiple agent scan
  • Searching through the agent lists displays a perpetual loading spinner
  • Agent results are not reporting correctly when multiple agent scans are running
  • Users can not stop Agent scans
  • In settings/port scan, netscan(wmi) is listed twice
  • Nessus is not freeing gzip memory once an http session is over

Changelog - 6.3.3


  • Airwatch - Unable to scan via GUI
  • Possible deadlock condition on manager if plugins-attributes.db is corrupted.
  • Offline update fails with current plugin file (all-2.0.tar.gz)
  • Bug report email address no longer exists
  • Command Line Output for Offline Registration Uses Wrong URL for Nessus 6.3+
  • Master password does not work through GUI
  • Remote scan job reference is not saved on reload
  • Manager: autoupdates fork aborts during update
  • Dashboard file is not deleted on disk when scan is removed
  • Agent plugin output displaying incorrect data

Changelog - 6.3.2


  • Attempts to upgrade to 6.3.1 fail with “Could not validate preference” in logs and require a reset of the activation code

Changelog - 6.3.1


  • Write errors in the logs
  • Canceling out of changing your password goes to scans
  • web server binds on instead of listen_address
  • Some Nessus Home installation are stuck in "Unknown mode" after upgrade
  • Web server (6.3) not accessible with some network interface configurations
  • No Scanner Found when upgrading an unregistered scanner from 6 to 6.3
  • Incorrect logging of the local address
  • UI not refreshing for group functions and removing secondaries in IE 11 (9 and 10 as well)
  • During initial setup, all wizards display "Welcome to Nessus" as the <h4> tag for the page
  • Issue with agent groups not appearing after creation in IE 11
  • Upgrade using 6.3 msi from 5.2.8 causes error during install 1920 "failed to start"
  • Registering Nessus 6.3 in IE returns to the welcome screen
  • SC-managed scanners should have full scan and policy capability

Changelog - 6.3.0


New Features, Improvements, Platform Support

  • Nessus Agents for Windows
  • Scan Dashboards
  • Only use responsive layout on mobile devices
  • Add the ability to disable/enable scans from the scan list
  • New Licensing Model
  • Scan multiple DB instances in single compliance scan

Bug Fixes

  • nessusmgt can crash when run with no arguments
  • Filtering plugins to disable 1 plugin disables entire family
  • Files for active SCAP components do not download from policy editor
  • Autoupdates that require soft restart don't work as expected
  • Running a diff on a scan requires edit access due to lack of ability to select scans with read only.
  • API: Creating a job with improperly formated RRULES json property causes job to become corrupt and folder inaccessible.
  • VMware compliance scans don't work from Compliance Wizard, work fine from advanced option
  • Modified time format in Scans/Policy screen is 24 hour time w/ PM indicator
  • Windows Installer does not install plugins-core, or installs it to the wrong place
  • Undefined host in /scans/XX/hosts/undefined/plugins/YY produces 404
  • Vulns list auto-scrolls back up
  • Network Port Scanner: Overriding Firewall Detection defaults from TCP will clear enabled override type from SYN, and vice versa
  • When uploading scan results, the results go into 'My Scans' regardless of the folder selected.
  • Test for /nessus6-api.html#/resources/scans/launch incorrectly encodes alt_targets
  • Changing the custom host does not restart the webserver

Known Issues

  • SecurityCenter-managed Nessus 6.3 scanners currently do not have have full policy and scan capability; this will be addressed in an upcoming release. It is not advised to install or upgrade Nessus scanners managed by SecurityCenter to Nessus 6.3.