BeyondTrust Discovery Agent 26.1.1.2200 release notes
April 14th, 2026
This release is available by download from the BeyondTrust Client Portal.
🆕 New features
Improved communications between the scanner and the remote agent
We improved communication between the scanner and the remote agent, which speeds up scans, especially when errors occur.
Added the use of the "hostname" command to Linux/Posix target data collection
We added support for using the hostname command during Linux/Posix target data collection, giving the scanner more accurate system information.
Update third-party Nuget packages
We updated several third‑party NuGet packages to keep dependencies current and improve overall stability.
Added encryption for secrets used during installation.
We added encryption for the secrets used during installation to improve security and protect sensitive setup data.
✨ Enhancements
There are no new enhancements in this release.
⛔ Known issues
- Windows PowerShell doesn't properly send the command line options for btdiscovery.cmd to the program. This command needs to be run in a standard Windows Command Shell.
- There is an issue running the Discovery Agent with .NET Hosting 8.0.1. To resolve this issue, either downgrade to 8.0.0 or upgrade to 8.0.2 or greater.
- Sybase authentication is not supported for IPv6.
- MySQL 9 on Linux enumeration is not supported at this time.
🛠️ Issues resolved
| Description | Resolution |
|---|---|
| If there are no jobs in the queue, running the btdiscovery getjobs -- pipes command generates an exception error message. | No exception error message occurs when you run the getjobs command when named pipes are used and there are no jobs in the queue. |
| Previously, broken pipes were not noted as an error, so the scanner continued to try to issue remote commands, which resulted in extended scan times do to having to wait for the timeout to occur. | Error handling was improved in the BTExecClient which was not flagging broken pipes. |
| When you run the btdiscovery getc or btdiscovery testc commands, it may cause an encryption error which can corrupt the URLs used for OAuth. This resulted in the scanner not being able to communicate with BI, Resource Broker, and Password Safe. | OAuth URLs when the named pipes getc and testc commands work as expected. |
| The scanner fails to run if installation occurs in a directory with a path which was too short. | The scanner installs to a directory that is less than four levels deep. |
| A complete set of users are not being returned in a scan. | Domain users and Domain group enumeration works as expected. |
| The calculation for the Password Age value for Windows users is incorrect and doesn’t properly reference the Unix Epoch. | The calculation of the Password Age value works correctly. |
📝 Requirements
- There is a product dependency on having the .NET 8 Hosting package installed.
- OAuth authorization is dependent on having BI version 24.2.0.
- The Central Policy message to retrieve all scheduled scans is dependent on BI version 24.3.0 and later.
- A restart of the system may be required.
- SSH Session encryption using the SHA1 cipher is removed. SHA256 or higher should be used.
⚙️ Signatures
- The MD5 signature is: 9135217dca1c0f5d09e61910af073eeb
- The SHA-1 signature is: bc80e33cf2080b1bcda2ec4c03828ee0eaeacef1
- The SHA256 signature is: df1604e9e605d256827b54e1e1f8891ad02a0a26d9917870c4cf73251cdd1706
⏰ Deprecation notice
- Support for Windows Server 2016 as a scanner host is removed.
- Support for DSA encryption as an SSH authentication cipher is removed.
- Support for Windows 8 and Windows Server 2012 as a scanner host is removed.
