Nessus General Questions:
What’s the current version of Nessus?
The most current version of Nessus is always available from the Tenable Downloads
page. We encourage customers to upgrade to the latest release to take advantage of new capabilities and
performance and platform improvements.
What OS platforms does Nessus have builds for?
Nessus is supported on a variety of operating systems and platforms, including:
- Debian / Kali Linux
- Mac OS X
- Red Hat / CentOS / Oracle Linux
- SUSE Linux
- Windows Server 2008 and Windows Server 2012
- Windows 7, 8 and 10
For the most current information and specific versions supported, see the System Requirements section of Nessus Documentation on our website.
What are the system/hardware requirements for using Nessus?
For the latest system and hardware requirements, see the Nessus Installation and Configuration Guide on the Nessus Documentation area of our
Are there detailed instructions on installing and configuring Nessus?
Yes. A detailed Nessus Installation and Configuration Guide and Nessus User Guide are available in the Nessus Documentation area of our website.
Where can I go for more information?
If you still have questions about Nessus, feel free to contact us, visit tenable.com, or post to the Tenable Community.
Where can I obtain Nessus training?
You may find Tenable training here: https://www.tenable.com/education.
How can I buy Nessus?
You can get a Nessus subscription from Tenable or from one
of our many partners. Flexible licensing options are available depending on the number of IP addresses and/or
hosts you wish to scan and if you prefer to run Nessus on premises or in a cloud hosted environment.
Can I evaluate Nessus?
Yes, we would love for you to evaluate Nessus.
Can I use Nessus to perform internal network scanning for PCI?
Yes, you can use Nessus Professional to perform internal network scans as required by the PCI DSS 11.2.1
This section contains details about the three Nessus offerings, Nessus Expert, Nessus Professional and Nessus Essentials
What is the difference between the offerings?
- Nessus Essentials - This is our introductory Nessus offering that is geared towards educators, students and individuals starting their careers in Cyber Security. Free of charge, you can use this tool to scan your IT assets for education purposes or even your home office (up to 16 IP’s).
- Nessus Professional - This is the first step into our more advanced Nessus offerings, geared towards consultants, pen testers and SMB’s. Nessus Professional provides unlimited IT scans to use anywhere to scan for vulnerabilities.
- Nessus Expert - This is our premium Nessus offering that we highly recommend for ALL consultants, pen testers, developers and SMB’s. Nessus Expert, built for the modern attack surface, allows you to extend beyond your traditional IT assets by fortifying your web applications, securing your cloud infrastructure and gaining visibility into your internet-connected attack surface.
Can you explain more about the added functionality in Nessus Expert?
Nessus Expert builds upon Nessus Professional by providing coverage for two additional areas that include:
- Web application scanning - This dynamic application security testing (DAST) feature provides comprehensive visibility and insight into web application security issues. It safely scans modern web applications, accurately identifying vulnerabilities in custom application code as well as vulnerable versions of third party components that make up the bulk of the application.
- Scanning your infrastructure as code (IaC) - This is the beginning of the ‘shift left’ movement where you can scan code repositories (unlimited) to assess for vulnerabilities before deployment. This prevents pushing vulnerabilities unknowingly into the cloud, which proves to be costly and disruptive to business to fix.
- External Attack Surface - Simply put, you don't know what you don't know. Especially internet-connected assets that contain critical vulnerabilities that can bring your business to a halt. Nessus Expert allows you to scan up to 5 domains to discover and assess all subdomains that are associated. Need to scan more domains? We have you covered.
Not completely sure?
If you are not in the classroom, Try Nessus Expert for 7 days, free!
This section contains details about Nessus support operations that apply only to Tenable's customers who have
purchased a Nessus subscription.
Where can I go to get help on an issue I'm having with Nessus if I'm not a customer?
Visit the Tenable Community to see if your questions have already
been asked and answered.
Where can I get support for Nessus?
Support is available in the Tenable Community: http://community.tenable.com
You can use the Community to manage your cases, view our Knowledge Base, access training, chat with us, view
product documentation and downloads, and more.
This portal allows you to manage the Tenable product(s) you purchased and authorized Support contacts.
How do I obtain a Tenable Community account and/or add additional people to the account?
When you purchase Nessus, you provide Tenable with the name and email address of your Technical Contact
Person(s). A Tenable Community account is created for each Technical Contact Person and they will be set up as a
Primary Contact (PC).
The Primary Contact (PC) will receive a welcome email with instructions on completing the setup of their
Tenable Community account. The PC then has the ability to add and deactivate a contact from the Tenable Community. Please have the PC log in to the Tenable Community,
and then select “Add Contact” to add or deactivate a registered contact. For new contacts, we will send an
account activation email once the account has been created.
To update the information for an existing registered contact, the PC can visit the ‘My Contacts’ page of the
What kind of Support and Maintenance is available from Tenable for Nessus Professional?
Maintenance and Standard Support include access to software upgrades, hotfixes, patches, access to current
Plugins, and access to Tenable's Technical Support team 24x7 via the following resources:
- Live Chat Support
- Access to support in the Tenable Community
- Access to Tenable plugin feeds via the Internet
Advanced Support is available for Nessus Professional with an additional subscription. The Advanced level of
technical support helps to ensure faster response times and resolution and gives customers access to phone
support 24x7. Also included are committed response time SLAs of - P1: <2hrs, P2: <4hrs, P3: <12hrs, P4:
<24hrs. Full details about all of our technical support plans can be found here.
May I request to escalate my issue's priority?
Tenable determines the initial priority of your issue, though at any time, you may request to escalate or
downgrade the priority of an issue via the Tenable Community.
What information should I provide with my support request?
When submitting requests for support, the customer must provide to Tenable all data that is relevant for
resolving each technical support request. Relevant data may include, but is not limited to, log files, database
dumps, program scripts, descriptions of the hardware and software environment, examples of inputs as well as
expected and actual outputs. This information should be as complete as possible, but sensitive information
(e.g., account names, passwords, internal IP addresses) should be sanitized before sending to Tenable.
What is an issue's expected resolution time?
Tenable Support has an initial response time objective of one business day for new cases.
Resolution time is the time within which Support Engineers will attempt to resolve your issue. There are no
guarantees about resolution times; however most customers have their issues resolved in one business day.
Depending on the complexity of the issue, resolution may take a few hours to a few days or longer. In some
cases, successful resolution or a work-around may not be possible. Issues involving the functionality of the
Nessus engine will be corrected in a timely manner. When necessary, plugins will be altered and fine-tuned to
provide the best overall responses to the entire customer base but there may be OSs, applications, and other
network devices that will respond in ways that prevent problems or disruptions from being resolved. In such
cases, it is Tenable's policy that the applicable vendor is liable for the correction of the response or
behavior of their products.
What versions of Nessus does Tenable support?
Currently, Tenable Support covers authorized, unmodified versions of Nessus binaries, tools, and our own
utilities. This does not include any user-compiled products or third-party developed products. Tenable does not
provide support for the underlying operating system, hardware, applications, or third-party products that access
a Nessus server. Further, Tenable is not required to provide support services regarding the following:
- any software other than supported software;
- any classroom training or on-site consulting;
- design of any application;
- patches or modifications to the source code of the supported software authored by anyone other than Tenable;
- installation, configuration, or malfunctions of any part of the customer's computer or networking hardware
- installation, configuration, or malfunctions of any part of the customer's operating system, including
without limitation kernels, libraries, patches, and drivers.
Will you support user-patched versions of Nessus 4.x or higher binaries?
Does support cover the Nessus 2.x GPL version of the software?
Where should I send notices required under the Nessus contract?
Tenable Network Security, Inc.
6100 Merriweather Drive, 12th Floor
Columbia, MD 21044
Can I use Nessus at work?
Nessus Professional is licensed with an annual subscription and is designed to be used in a work setting. It
includes the ability to to scan unlimited IPs, portable use anywhere operability, and advanced features such as
configuration assessment, Live Results and custom reporting. It is ideal for consultants, pen testers and
Nessus® Essentials is free to use to scan any environment, but it is limited to 16 IP addresses per scanner. It
is ideal for educators, students, and anyone starting out in cyber security.
How does the Nessus license work in a VM (virtual machine) environment?
Whether you are using Nessus in a physical or a virtual environment, the IP addresses or hosts that you are
scanning from must be licensed.
I'm a consultant; can I use Nessus to conduct my client's vulnerability scanning?
Yes, Tenable permits you to use Nessus to scan third-party networks. Nessus Professional is ideal for
consultants, providing unlimited assessments, the ability to use it anywhere, and features such as custom
reporting to tailor reports by client or team.
I need to be highly mobile. Does Nessus offer a portability option?
Nessus can be deployed on a variety of platforms including Raspberry Pi. Regardless as to where you are, where
you need to go or how distributed your environment is, Nessus is fully portable.
We are a software or hardware manufacturer; can we include Nessus in the products we sell to our customers?
If you’re interested in an OEM agreement with Tenable for the Nessus engine and the Tenable Plugins, please contact us.
Can Nessus be used to scan OT environments?
We do not recommend Nessus scanning OT assets. However, up to 50% of an OT environment contains IT based
assets. Tenable.ot is specifically built for OT environments and contains Nessus inside. We have built the logic
so that Tenable.ot will secure your OT, and Nessus will scan your IT assets in the OT environment. Doing so
ensures your entire OT infrastructure has the visibility, security and control that is required without
destabilizing the environment by running IT based scans on OT gear.
What are Nessus Agents?
Nessus Agents are available with Tenable.io Vulnerability Management and Tenable On-Prem Agent Manager. Nessus
Agents are an additional sensor type that can be used to increase visibility and provide flexibility to obtain
scan results where traditional network scans might fail.
When would I use Nessus Agents?
Most organizations will use a mix of agent-based and agent-less scanning in their Vulnerability Management
programs. Nessus Agents provide a subset of the coverage in a traditional network scan but are attractive in a
number of scenarios, including:
- Scanning of transient endpoints that are not always connected to the local network. With schedule based
traditional network scanning, these devices are often missed, causing gaps in visibility. Nessus Agents allow
for reliable compliance audits and local vulnerability checks to be performed on these devices providing some
visibility where there previously was none.
- Scanning assets for which you do not have credentials or could not easily obtain credentials: The Nessus
Agent when installed on the local system can run the local checks.
- Improving overall scan performance: Since agents operate in parallel using local resources to perform local
checks, the network scan can be reduced to just remote network checks, speeding scan completion time.
What platforms are supported by Nessus Agents?
Nessus Agents currently support a variety of operating systems including:
- Amazon Linux
- Debian Linux
- OS X
- Red Hat Enterprise Linux
- Ubuntu Linux
- Windows Server 2008 and 2012, and Windows 7 and 8
For the most current information and specific versions supported, see the Nessus Agents Download Page on our website.
Which Tenable products work with Nessus Agents?
Nessus Agents work with both Tenable.io Vulnerability Management and SecurityCenter (SC) and/or SecurityCenter
Continuous View (SCCV). Nessus Agents can be directly deployed and managed from the Tenable.io console. Managing
Nessus Agents for use with SC or SCCV requires the On-Prem Agent Manager.
What is the resource consumption of Nessus Agents?
The performance overhead of the Nessus Agent is minimal, and can minimally reduce overall network overhead.
Instead, agents use local resources to scan the system or device where they are located instead of consuming
network resources for scanning purposes
How are Nessus Agents updated?
Nessus Agents can be deployed using most software management systems and auto-update once deployed.
How do I launch a scan using Nessus Agents?
Current Nessus users will find that launching an agent-based scan looks familiar to running a scan in Nessus,
with just a few small differences.
- To get started, select a scan template from the “Agents” section of the Scan Library.
- Next, instead of selecting a scanner or manually entering targets, select the group of agents to serve as
targets for the scan (you’ll be presented with a drop down list of groups to choose from).
- Finally, specify how long a scan is to listen for the agent to connect; this is the window of time that
targeted agents can check in, receive a new policy and upload their results for a particular scan.
Can I review the scan results from Nessus Agents that have reported back before the schedule is completed?
How often do Nessus Agents check-in?
Nessus Agents check in using a staggered method that is based on the number of agents linked to Tenable.io
Vulnerability Management or On-Prem Agent Manager. Check-in frequency starts at 30 seconds and can vary up to
2000 seconds, and is adjusted by Tenable.io/On-Prem Agent Manager based on management system load (number of
Can I see which Nessus Agents have checked-in and which ones have not?
The Agent Management interface enumerates a number of management related details about the agent, such as Last
Check In time and Last Scan.
What privileges does the Nessus Agent require to run?
The Nessus Agent runs under the Local System account. You need sufficient privileges to install software that
runs under this account.
Can a laptop or desktop user disable the agent?
Yes, if the user has administrative privileges on their system.
Can I export a report while a schedule is running?
No, the scan must be completed before a report can be exported.
Can the Nessus Agent leave a report on the user desktop? E.g., Graph, score etc.?
No. Nessus Agents send results back to their manager, where the resulting data can be included in reports.
Which Nessus plugins will Nessus Agents run?
Nessus Agent policies include plugins that perform local checks appropriate to the platform on which the agent
is running. No connections to services on the host are created.
These plugins include those that perform patch auditing, compliance checks, and malware detection.There are
several exceptions, including:
- Plugins that work based on remotely disclosed information cannot run on agents
- Agents do not perform network based scanning externally and therefore network checks cannot be run.
The Tenable Research team is constantly adding and updating plugins. For a comprehensive list of plugins,
please visit: /plugins.
Can I use Agent-based scanning alone?
While we recommend a combination of traditional scanning with agent-based scanning to ensure full visibility
into your entire network, there are some scenarios where the only sensor available for a device might be a
Nessus Agent. The Nessus Agent will be able to provide visibility into local checks and vulnerabilities where
there otherwise would have been none.
What are ways to automate deploying/grouping agents?
You can use scripting or any patch management solution such as SCCM. Below are nessus agent commands that can
be utilized in scripts to automate agent deployment/grouping.
Note: On-Prem Agent Manager (for SC/SCCV) will be over port 8834. Tenable.io will be over 443.
/opt/nessus_agent/sbin/nessuscli agent link --key=apikey --groups="Red Hat linux"
/opt/nessus_agent/sbin/nessuscli agent link --key=apikey --groups="Amazon linux"
Windows Member Server:
msiexec /i NessusAgent-<version number>-x64.msi NESSUS_GROUPS="Windows,
Windows Member Servers" NESSUS_SERVER="hostname:8834" NESSUS_KEY=apikey /qn
What versions of Nessus support Mobile Device Management (MDM) system integration?
Nessus Professional does not support MDM. When packaged with SecurityCenter and Tenable.io, Nessus Manager
includes pre-built MDM integrations.
Nessus Configuration and Troubleshooting:
How can I change the password of a Nessus user?
Password changes are done through the Nessus web interface. Click on your account name in the upper right
corner, select "Settings," click on “Accounts,” click on the user for whom you want to change the password,
click "Change Password," change the password, confirm, and click "Save."
I attempted to install Nessus via RPM, but get an error. Why can't I install Nessus this way?
If you downloaded the Nessus RPM to a Windows system and then transferred it to your Unix system, the name of
the Nessus RPM file will likely be something similar to Nessus-5.0.0-es4.i386.rpm. RPM cannot handle square
brackets (i.e., ). Rename the file to Nessus-5.0.0-es4.i386.rpm and re-attempt the installation.
Is there a function to help me troubleshoot errors?
As networks become more sophisticated and complex, zeroing in on potential issues have become increasingly time
consuming. Nessus comes with a built-in packet capture feature that enables a powerful debugging capability to
troubleshoot customer scanning issues. Additionally, Nessus contains a new resource center that provides users
with relevant information at their fingertips. User specific guides provide actionable tips and guidance based
on the operations and functions being performed.
Nessus Windows specific:
When I try to install Nessus Windows, why am I receiving the error, "Error 1607: Unable to Install
InstallShield Scripting Run Time"?
This error code can be produced if the Windows Management Instrumentation (WMI) service has been disabled.
Please verify that the service is running.
If the WMI service is running, then this may be a problem between the Microsoft Windows operating system
settings and the InstallShield product that is used for installing and removing Nessus Windows. There are
knowledge base articles from both Microsoft and InstallShield that detail potential causes and the resolution of
Is there a difference in running Nessus on a Windows Server operating system (such as Server 2008 or 2012)
versus a Windows desktop operating system (such as Windows 7 or Windows 8)?
Yes. Microsoft Windows desktop systems have network limitations that may impact the performance of Nessus. The
TCP/IP stack limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit is
reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate (10 per second).
If too many enter the queue, they may be dropped.
This has the effect of causing a Nessus scan on a Windows desktop operating system to potentially have false
negatives. For better accuracy, it is recommended that Nessus on a Windows desktop operating system have its
port scan throttle setting down to the following, which is found in the "Performance" setting type under General
Settings of a new policy:
Max number of hosts: 10
Max number of security checks: 4
Max number of packets per second for a port scan: 50
For increased performance and scan reliability, it is highly recommended that Nessus Windows be installed on a
server product from the Microsoft Windows family, such as Windows Server 2008, or 2012.
Can I use Nessus on a system with a Host-based Intrusion Prevention System (HIPS) installed?
No. During the process of scanning a remote target, Nessus must forge TCP/UDP packets and send probes that are
often considered "malicious" by HIPS software. If the HIPS system is configured to block malicious traffic, it
will interfere with Nessus and cause the scan results to be incomplete or unreliable.
What do the compliance checks audit against?
The compliance checks are written based on community best practice guidance and security policies, such CIS
benchmarks. For Windows systems, the compliance audits can verify password complexity, system settings, registry
values and most settings that can be described in a Windows policy file. For Unix systems, the compliance audits
test for running processes, user security policy, system level settings and values within application
How do I create my own audit policies?
Tenable has documentation available for writing custom audit policies. In many cases, Tenable customers are
able to use the default audit policies and remove or modify the included tests to satisfy their requirements. In
cases where more detail is needed than simple modifications, Tenable has documented examples for each type of
check. These can be used to create fully customized checks in line with your organization’s configuration
guidelines. The documentation is available on the Nessus
Documentation area of our website.
Can the audit policies test for "XYZ"?
Tenable often receives "telemetry" testing requests for technical parameters outside of the scope of the audit
checks. The compliance checks can audit the underlying configuration of the operating system; however they were
not designed for items such as dual boot servers, user login behavior, CPU utilization, or when a program was
last used. On a case by case basis, some applications may produce log files or registry settings that capture
this sort of information, but as a base function of the compliance checks, they do not detect this sort of
information by default.
Do I need to run an agent to perform these checks?
No. You can run scans using agents or agent-less.
How is a compliance check different from a vulnerability scan?
Nessus can perform vulnerability scans of network services and also log into servers to discover any missing
patches. However, a lack of vulnerabilities does not mean a server is well configured. The advantage of using
Nessus to perform compliance audits alongside vulnerability scans is that all the data can be obtained and
evaluated at one time. Having knowledge of how a server is configured in addition to which vulnerabilities are
present and how it is patched helps to prioritize systems and mitigate risk.
What systems can be audited?
Nessus can perform audits on Windows and several Unix-compatible systems, including:
- Windows 2008 Server
- Windows 2012 Server
- Windows 2016 Server
- Windows 2019 Server
- Windows 7
- Windows 10
- Mac OS X
- Palo Alto
- Amazon AWS
- Microsoft Azure
- MS SQL Server
- Many others
What standards do you audit against?
Tenable has developed over 600 different audit policies that take into consideration many aspects of common
compliance requirements, such as SOX, FISMA, HIPAA, and others. Certified audits for CIS Benchmarks, DISA STIGs,
vendor guidance and other organizations' recommended best practices give users a comprehensive view of their
organization’s configuration status. All audit files also include comprehensive cross references to well known
standards from authorities like NIST, PCI and ISO.
Audit files are created and regularly updated by Tenable staff.
Are compliance checks available for all Nessus editions?
Compliance checks are available for Nessus Professional. They are not available for Nessus Essentials.
Are all compliance checks available from all Nessus platforms?
Yes; the operating system on which Nessus is running does not matter. You can perform compliance audits of a
Windows server from a Mac OS X system, and you can also audit a Linux server from a Windows system.
How do I get compliance checks?
If you are a Tenable Nessus Professional user, your Nessus scanner will already have the plugins required to
perform compliance audits. Update your plugins to obtain them. Nessus Professional customers who have a version
of Nessus v6.x or later will see compliance checks in the Nessus user interface.
In addition to the audit files bundled in each Nessus release, Tenable has made all of the compliance audit
policies available for download at the Tenable Downloads page.
Is there a charge for the compliance check plugins?
No. The compliance check plugins are included with your Nessus subscription.
How do I configure the compliance check plugins to match my security policy?
Detailed documentation is available in the PDF on the Nessus
Documentation area of our website.
Are compliance checks enabled by default when I do a scan?
No. They are enabled after you have manually selected an audit file to perform the scan.
Why do I get the error message "Supplied credentials don't have enough privileges to audit the remote host"
when I try to execute compliance checks?
The account being used for sign on credentials must have permissions to read the local machine policy. If a
target host does not participate in a Windows domain, then the account must be a member of the host's
administrators group. If the host participates in a domain, then the domain's administrator group will be a
member of the host's administrators group and the account will have access to the local machine policy if it is
a member of the domain's administrator group.
Tenable Plugin Subscriptions:
What are Nessus plugins?
As information about new vulnerabilities are discovered and released into the general public domain, Tenable's
research staff designs programs to enable Nessus to detect them. These programs are named 'plugins' and are
written in the Nessus Attack Scripting Language (NASL). The plugins contain vulnerability information, a generic
set of remediation actions and the algorithm to test for the presence of the security issue. Plugins also are
utilized to obtain configuration information from authenticated hosts to leverage for configuration audit
purposes against security best practices.
How many Nessus plugins are there?
View the latest information regarding Nessus plugins where a total
count of plugins and CVEs covered are listed, in addition to a plugin family listing.
How do I access Nessus plugins?
Nessus plugins are available for download through the feed available in the Nessus UI as well as in offline
mode through a download process via the Nessus command line which issues a challenge code that can be entered at
How frequently are Nessus plugins updated?
Nessus plugins are updated daily, based on when vendors and security research sites publish new
vulnerabilities. The updates are automatically available via the plugin feed to Nessus to be loaded into your
next scan policy.
When new updates become available, can I scan just with these updates in between my normal scan intervals?
Nessus can automatically perform an offline vulnerability assessment with every plugin update. From here you
can easily run a scan to validate the presence of the vulnerability which accelerates the accurate detection and
prioritization of issues.
Can I use plugins while evaluating a version of Nessus?
Absolutely! If you are interested in evaluating Nessus and working with plugins, download or request an evaluation.
Which plugins can I distribute in my book, magazine, or CD?
You must obtain express written consent from Tenable Network Security to redistribute any Tenable Plugins or a
copy of Nessus.
Can I request plugin modifications from Tenable as part of my Nessus subscription?
Yes, we welcome feedback to enhance or fix existing plugins and will consider requests for future plugin