Thursday, November 12, 2009

Perform an Offline MBSA Scan

This post shows you how to perform an offline scan with the microsoft baseline security analyzer. This is required when there is no WSUS or Microsoft update server on your network.

First you must have an up to date catalog file of all the updates that are available via microsoft update. Obviously you need to get to a PC with an internet connection to obtain this. The file that contains the update information is called wsusscn2.cab. This is always changing as new updates are released... but you can always download the latest copy by going to this link:

http://go.microsoft.com/fwlink/?LinkId=76054

Make a list of all computers you want to scan and save it in a text file like this:



Download and install MBSA from the following link:

http://www.microsoft.com/downloads/details.aspx?FamilyID=F32921AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en

Open a command prompt and navigate to:

C:\Program Files\Microsoft Baseline Security Analyzer 2

Run the following command:

mbsacli /catalog c:\wsusscn2.cab /listfile c:\computers.txt /wi /nvc /nd

/wi = Show all updates even if not approved on the WSUS server.
/nvc = Do not check for a new version of MBSA.
/nd = Do not download any files from the Microsoft Web site when scanning.

Wait for the scan to complete... once complete open up the MBSA console from the start menu. Click view existing security scan report.

No comments:

Post a Comment