DocumentationRelease Notes
Release Notes
Back to All

BeyondTrust Discovery Agent 25.2.0.1791 release notes

about 4 hours ago

October 9, 2025

ℹ️

This release is available by download from the BeyondTrust Client Portal.

🆕 New features

Additional Kerberos support

Added support for Kerberos only environments by creating connections using the hostname instead of IP address.

Improved enumeration of MSSQL Databases

Improved support for enumerating MSSQL DB on ports not included in the scan/target port list.

Additional logic for scanners Added logic to make sure the scanner doesn't restart a running scan until we geta valid CP packet. This is needed to account for version dependent features.
Ability to report SSH Key Added the ability to report back SSH keys for Windows Users. This Supports OpenSSH on Windows.
Refinement to Phoenix.Core.log files Eliminated the excess Phoenix.Core.log file. The contents of that log are now in the Phoenix.Service.log.
Restrict execution of DLL and EXE files Restricted the execution of DLLs and EXEs via the Remote Agent to signed executables.

✨ Enhancements

With this release, we've added the following enhancements to the BeyondTrust Discovery Agent:

  • Removed unnecessary logfile warnings for MSSQL SID formatting.
  • Resolved issue where IOS XR OS information was missing.
  • Added support for long running SSH commands.
  • Improved SSH prompt detection.
  • Resolved the issue where a user enumeration would fail if the registry value was not a properly formatted SID.
  • Fixed a Checkpoint Gaia user enumeration parsing error

🛠️ Issues resolved

DescriptionResolution
Unnecessary logfile warnings for unexpected DB columnsRemoved unnecessary logfile warnings
Windows PowerShell doesn't properly send the command line options for btdiscovery.cmd to the program.Windows PowerShell commands work correctly.
There is an issue running the Discovery Agent with .NET Hosting 8.0.1.Either downgrade to 8.0.0 or upgrade to 8.0.2 or greater.
When you attempt to use Sybase authentication with IPv6, it does not authenticate.Sybase authentication is not supported for IPv6.
When you try to use MySQL9 on Linux, the connection does not validate.MySQL 9 on Linux enumeration is not supported at that time.

📝 Requirements

  • There is a product dependency on having the .NET 8 Hosting package installed.
  • OAuth authorization is dependent on having BI version 24.2.0
  • The Central Policy message to retrieve all scheduled scans is dependent on BI version 24.3.0 and higher.
  • Support for SSH Session encryption using the SHA1 cipher is removed. SHA256 or higher should be used.
  • Support for DSA encryption as an SSH authentication cipher has been removed.

⚙️ Signatures

  • The MD5 signature is: 9db142657e6431ef7fc3d00fdc6e9911
  • The SHA-1 signature is: 1b95664c97922e68cb4bb3ecbddd5537a33b1b2d
  • The SHA-256 signature is: c6b65d38011dea3f8cd979c880531b4d61d854feb227d46998c76fda1d609dac

⏰ Deprecation notice

Support for Windows 8 and Server 2012 as a scanner host is deprecated.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.