August 15, 2020 Agents for Windows

The Tenable agents are installed on the endpoint, a Windows 10 Pro laptop in this case. The agent reports back to and not a local on-prem Nessus.SC installation. This is good for remote machines since a VPN is not required.

Install the agents

  1. Download the agent installer from
  2. Log into at
  3. Make sure you are in the “New Interface”
  4. Click the hamburger menu (upper left = menu)
  5. Click Settings
  6. Click Sensors
  7. Click Agents
  8. Click Add Agent
  9. Copy the Linking Key (e.g. fake1234258622fakeb9f0d10fake695f653cde212dffb1653b6dcade33f94
  10. Note that the host =
  11. Install the agent either manually via via the deployment method of choice.
  12. I’ve found that nessuscli.exe is the easiest way to get them working. Located in the C:\Program Files\Tenable\Nessus Agent> folder

Troubleshooting the Agents

After completing the steps above, I keep getting Aborted as a scan result. I think this is because I forgot to tell the agent what Agent Group it is a part of. Now what?!

The best way to t-shoot agent issues, is with the NessusCli. Again, it’s typically located in the C:\Program Files\Tenable\Nessus Agent> folder.


Here are the options to use with nessuscli.exe.

Usage: nessuscli []
Usage: nessuscli help
Fix Commands:
fix [--secure] --list
fix [--secure] --set
fix [--secure] --get
fix [--secure] --delete
fix --reset
Link Commands:
agent link --key= --cloud or --host= --port= [optional parameters]
agent unlink [--force]
agent status [--remote | --local]
agent update --file=
agent relink --host= --port= [cloud linked agents only]
Bug Reporting Commands:
bug-report-generator --quiet [--full] [--scrub]

Notice the options revolve around Fix, Link, and Bug Reporting. Link is what we used during the install process. I know that worked already since the nessuscli agent status command shows, “[info] [agent] Linked to:”

The fix command

To add the Agent Group name of “SecurityTeam” to the installed agent, type nessuscli fix --group=SecurityTeam

Ok, now configure the scan job for the Agent Group. Start it, and check the agent status again

The interface says the same thing, good sign.

Scan pending…