CIB Engineering

MBSA for what its worth can be a decent utility, and in my little opinion the command-line version (mbsacli.exe) is way better than the little gimped up web program installed with version 2.1.1. If you happened to stumble upon this site you are probably here because you are for answers, or have questions about the mbsa utility. for that, its probably a good idea to leave now before we confuse you any more.

To that point, here are a few quick and dirty Command-line examples to get you started with MBSA.

mbsacli /target %computername% > %computername%.txt << this command will attach to a single computer or server and scan for all vulnerabilities and then store the output in a file called %computername%.

mbsacli /target hostname /n os+iis+sql +password > hostnameoutput.txt << this command will attach to a single computer or server and check for only the updates that are missing, this command will also not scan for anything OS, IIS or sql related

mbsacli /r 10.10.0.1-10.10.0.254 /n os+ii s+sql+password > hostsoutput.txt<< this command will scan a range of computers by using IP addresses and only pull back the missing necessary updates.
 

Here are some of the errors we encountered while working with MBSA version 2.1.1 in a mixed server and desktop environment.
Security assessment: Incomplete Scan Computer name: * IP address: *.*.*.* Security report name: (4-2-2010 2-20 PM) WSUS server: Scan date: 4/2/2010 2:20 PM Scanned with MBSA version: 2.1.2112.0 Catalog synchronization date: 2010-03-29T19:48:27Z Security update catalog: Microsoft Update (offline), Windows Server Update Services   Security Updates Scan Results            Issue:  Security Updates            Score:  Unable to scan            Result: Cannot deploy security metadata. (0x00000040)
Security assessment: Incomplete Scan Computer name: * IP address: *.*.*.* Security report name:  (4-2-2010 1-00 PM) Scan date: 4/2/2010 1:00 PM Scanned with MBSA version: 2.1.2112.0 Catalog synchronization date:   Security Updates Scan Results            Issue:  Security Updates            Score:  Unable to scan            Result: Computer has an older version of the client and security database demands a newer version. Current version is  and minmum required version is 5.8.0.2678. To fix on 64bit os, install/update your windows update client (x64) To fix on 32bit os, install/update your windows update client (x32)
Security assessment: Incomplete Scan Computer name: * IP address: *.*.*.* Security report name:  (4-2-2010 3-20 PM) Scan date: 4/2/2010 3:20 PM Scanned with MBSA version: 2.1.2112.0 Catalog synchronization date:   Security Updates Scan Results            Issue:  Security Updates            Score:  Unable to scan            Result: Cannot contact Windows Update Agent on target computer, possibly due to firewall settings.