Microsoft Baseline Security Analyzer (MBSA) offline bulk scan process
The MBSA tool can be downloaded from the Microsoft.com website. The current address for version 2.1 is http://www.microsoft.com/downloads/details.aspx?familyid=F32921AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en.
MBSA can be run offline (if the machine being used to scan is not connected to the Internet). If using it in this configuration, it is necessary to ensure the latest updates are used.
- Security update catalog (wsusscn2.cab) is available from http://go.microsoft.com/fwlink/?LinkId=76054.
- Windows Update Redistribution Catalog (wuredist.cab) located at http://update.microsoft.com/redist/wuredist.cab.
- Authorisation catalog (muauth.cab) for Windows Update site access is available from http://go.microsoft.com/fwlink/?LinkId=43266 or by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab.
- Windows Update Agent standalone installers (if not already installed). The latest versions are available by examining the contents of the wuredist.cab file located at http://update.microsoft.com/redist/wuredist.cab.
- For x86-based computers (WindowsUpdateAgent30-x86.exe)
- For x64-based computers (WindowsUpdateAgent30-x64.exe)
- For ia64-based computers (WindowsUpdateAgent30-ia64.exe).
Once you have installed the latest updates, follow the steps below to run the scans.
Create a new text file called ‘computers.txt’ and list the names of the servers to be scanned – as shown in Figure 1 below. This should be saved on the computer being used to run the scan.
Figure 1: Computers.txt file contents
Open a command prompt and navigate to ‘C:\Program Files\Microsoft Baseline Security Analyzer 2’
Run the following command (This assumes that the wsusscn2.cab and the text file ‘computers.txt’ have been saved into the root of the C: drive.:
Mbsacli /catalog c:\wsusscn2.cab /listfile c:\computers.txt /wi /nvc /nd
/wi = show all updates even if not approved on the WSUS server.
/nvc = Do not check for a new version of MBSA.
/nd = Do not download any files from the Microsoft.com web site when scanning.
Wait for the scan to complete.
Open the MBSA console from the Start Menu.
Click ‘View existing security scan report’.