회신: PC에 mbsa2.0을 설치하고 검색을 하였을 경우 발생할 수 있는 모든. 오류코드를 알고자 합니다. RRS feed

  • 질문

  • 아직 MBSA 2.0 Localized Manual은 없는 것 같습니다.

    하기 url 에서 MBSA 2.0 에 대한 Datasheet 를 제공하고 있으니 참조하시기 바랍니다.



    Q. How do the new Advanced Update Services scanning options work?

    By default, a scan uses the Update Services server the client is assigned to, if any, as well as the Microsoft Update catalog. The results are compared and any unapproved Update Services updates are given an informational score (blue star) in the report. This allows MBSA to report best practice guidance on the settings for each update with or without an Update Services server.

    Using the advanced options, security auditors can choose not to scan with the Update Services list of approved updates or Update Services administrators can choose not to scan with the Microsoft Update list of available updates and focus only on the approved set of updates.

    If an administrator chooses not to scan with the list of available updates on Microsoft Update, clients without an Update Services server cannot be scanned and will return an error, indicating they may not be getting the correct set of managed updates.

    Q. How quickly can MBSA 2.0 scan one or more computers for security updates?

    Performance depends upon the speed of the connection to the Microsoft Update site or Update Services server, as well as how recently the client has synchronized the catalog from its server. The number and types of products installed can also influence the performance of a scan. Be sure to check these timings based on your own hardware configuration and server settings since performance will vary.

    Note: Scanning for the various administrative vulnerabilities can add time to this process, particularly when performing the check for weak passwords.

    Q. How many computers can MBSA 2.0 scan simultaneously?

    Scanning in MBSA 2.0 is not performed in parallel unless multiple copies of MBSA 2.0 are run at the same time to scan different computers. Mbsacli.exe can be used with the new /listfile (list of computer names or IP addresses) parameter to scan computers listed in a text file containing computer names or IP addresses. This file can be a maximum of 100 MB in size. Using scripting (not provided with the MBSA 2.0 download package) administrators can populate this text file from an Update Services server target group or from Active Directory.

    Q. How many different security update catalogs does MBSA 2.0 support when scanning?

    Prior versions of MBSA relied upon only an offline catalog for scanning. As the size of this catalog increases over time, the network performance can degrade. By being integrated with Windows Server Update Services, MBSA 2.0 is able to scan using the client's assigned Update Services server catalog as well as the Microsoft Update site catalog. These server-based catalogs are preferred sources, but MBSA automatically reverts to the use of the offline catalog if needed. If an Update Services server is not assigned to the target computer, MBSA will automatically revert to the Microsoft Update site.

    By preferring the server-based catalogs, ongoing scanning performs better in terms of network use and speed of scanning because the technology used by the Update Services server and the Microsoft Update site synchronizes clients' local catalog using only the changes since the last synchronization. When Automatic Updates has been configured, this synchronization occurs on a local schedule, so typically the MBSA scan using the Windows Update Agent Windows API will result in very short synchronization times.

    Q. Previous versions of MBSA always tried to download a .cab file when scanning; why doesn't MBSA 2.0 do this?

    MBSA downloads the file at the initial scan, or any time the file has changed on the Microsoft Web site. Internet activity caused by MBSA 2.0 can be completely eliminated by using the /nvc (no tool version check), /catalog (offline catalog file), and /nd (do not download) parameters of the command-line tool described in MBSA Help.

    Note: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after security bulletins are released by Microsoft. This is especially important in the case of the security update catalog ( because Microsoft releases an updated version of this file whenever new security bulletins are released or updated.

    Q. What happened to the HFNetChk-style scan of previous versions of MBSA?

    The previous MBSA detection engine has been replaced with the Windows Update Agent, and it has been fully integrated into the MBSA-style scan. For users accustomed to the /HF mode of scanning in previous versions of MBSA, a lightweight solution requiring only Mbsacli.exe and Wusscan.dll is provided using the /xmlout (xml data) parameter. This parameter provides basic output to the console in XML format, making integration with other solutions fast and easy. The output includes all the data elements of the /HF mode and more.

    Q. What happened to the ability to use only MBSACLI.EXE /HF to perform security update checks without performing a full MBSA 2.0 installation?

    Although the /HF parameters have been replaced with updated MBSA 2.0 features, a local security update scan that does not include administrative vulnerabilities can be performed using a minimum of MBSA 2.0 files.

    To perform a local security update scan, copy the MBSACLI.EXE and WUSSCAN.DLL files from a full MBSA 2.0 installation to a new directory on the local machine. You must also download the latest version of the security update catalog ( file and place it in the C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache directory

    Security update catalog (, available from the Microsoft Web site

    If this is the first attempt to scan the target machine using MBSA 2.0 or you want to ensure the WUA client on the local machine is updated to the latest version, you must also place the authorization catalog and latest Windows Update Agent installer file in the same C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache directory

    Authorization catalog for Windows Update site access (, available from the Microsoft Web site

    Windows Update Agent (if not already installed):

    For x86-based computers (WindowsUpdateAgent20-x86.exe), available from the Microsoft Web site

    For x64-based computers (WindowsUpdateAgent20-x64.exe), available from the Microsoft Web site

    The /XMLOUT switch must be used to output scan results in this mode. And only a subset of the MBSA 2.0 command-line features is available in this mode:

    /catalog (to specify an alternate location for the file)

    /wa (show only updates approved on WSUS server)

    /wi (show all updates regardless of those approved on WSUS server)

    /nvc (do not check for newer version of MBSA)

    /nd (do not attempt to download files from Microsoft Update site)

    /unicode (render out in Unicode compliant format)

    When using the /xmlout parameter, you must explicitly redirect the XML output into a file using standard console redirection. Also, the XML results must be processed separately from MBSA because they observe a different format than the full MBSA report files. The benefit of this parameter is to avoid the full installation package of MBSA 2.0 when only checking for updates on a single computer. If the minimum system requirements are met, only the engine files mentioned above are needed.

    Q. Why have several command line options like -nosum and -z been removed from MBSA 2.0?

    The MBSA 2.0 detection engine is now based on the Windows Update Agent, and the logic used when scanning for updates is based on rules defined in the Microsoft Update catalog. The options in previous versions of MBSA to enable or disable certain logic are no longer needed because of the advanced technology being used. Details of these command line changes are provided in the release notes and MBSA Help.

    Q. Does MBSA support 64-bit versions of Windows?

    Yes. MBSA 2.0 can scan computers running 64-bit versions of Windows (x64 processor) locally and remotely for security updates. Scanning for common security misconfigurations is not supported when scanning computers running 64-bit versions of Windows. Refer to MBSA Help for a detailed description of the security update scanning and administrative vulnerability checking features, and limitations for these platforms. For IA64 processors, MBSA can remotely scan such computers provided they are already configured with the necessary version of Windows Update Agent and the associated configuration settings for Microsoft Update (recommended) and firewall settings.

    Q. Does MBSA support Windows XP Embedded versions?

    Yes. MBSA 2.0 can scan Windows XP Embedded remotely for security updates. Scanning for common security misconfigurations is not supported when scanning Windows XP Embedded. Refer to MBSA Help for a detailed description of the security update scanning and administrative vulnerability checking features, and limitations for these platforms.

    Note: All other MBSA 2.0 system requirements must be met, so check with the computer's manufacturer or the system administrator of the computer. These requirements include the Remote registry service, Server service, and so on, and are listed in MBSA Help.

    Q. What auditing messages can I expect from an MBSA 2.0 scan?

    In addition to the current audit message written to the event log, additional events may be written based on the new remote installer used by MBSA to configure the target computer to use Windows Update Agent or Microsoft Update for scanning. An example of an event:

    Event Type:	Information
    Event Source:	MBSA
    Event Category:	None
    Event ID:	1
    Date:		3/12/2005
    Time:		1:33:44 PM
    User:		domain\username
    Computer:	computer
    Security analysis complete.
    Scanned from nnn.nnn.n.n.
    Microsoft Baseline Security Analyzer version 2.0.nnnn.0.
    For more information, see Help and Support Center at
    Q. What kind of paths can I use with the /catalog (offline catalog file) command-line parameter for a local scan?

    You must copy the catalog file to the local computer before attempting the scan and supply a local path to the file.

    When using the MBSA command-line tool (Mbsacli.exe) to scan the local computer, you cannot use a Universal Naming Convention (UNC) path or a mapped network drive as the argument to the /catalog (offline catalog file) parameter.

    Valid example command lines include:

    Mbsacli.exe /catalog (current directory)
    Mbsacli.exe /catalog c:\catalogs\ (fully qualified path)
    Mbsacli.exe /catalog \folder\ (relative path)

    2006년 9월 30일 토요일 오전 4:48