Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to view mbsa report

1,766 views
Skip to first unread message

Lee Yan[MSFT]

unread,
Sep 30, 2003, 7:29:44 PM9/30/03
to
Both IE and Visual Studio.Net editor can view raw xml files. But only MBSA
displays it in the nice easy to read format. However, using mbsacli.exe
which is installed in the same location as mbsa.exe, you can create a plain
text output which you can read with notepad. To check it out, you can start
a command prompt and navigate to the folder where you've installed
mbsa/mbsacli. Then issue "mbsacli /?" without the quotes to get the
options.

Hope that helps.

Lee Yan [MSFT]
lee...@online.microsoft.com


--------------------
| Content-Class: urn:content-classes:message
| From: "Ken" <k.w...@mail.hongkong.com>
| Sender: "Ken" <k.w...@mail.hongkong.com>
| Subject: How to view mbsa report
| Date: Tue, 8 Apr 2003 02:13:08 -0700
| Lines: 9
| Message-ID: <03d701c2fdaf$11ddae00$a501...@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcL9rxHdHuHituckR22iewEJzuYrwA==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.security.baseline_analyzer
| NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
| Path: cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!cpmsftngxa08.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.security.baseline_analyzer:1805
| X-Tomcat-NG: microsoft.public.security.baseline_analyzer
|
| Hello,
|
| Beside using mbsa, is there any application that can be
| used to open that xml file and show the scanning report?
| TIA
|
| Ken
|
|
|

Doug Neal [MSFT]

unread,
Oct 1, 2003, 11:52:46 AM10/1/03
to
The command-line /hf tool has a limitation of providing only the
HFNetChk-based security patch scanning - not the additional non-patch
vulnerability issues (such as password expiration,
Windows file system, shares, etc.).

HFNetChk functionality (available from the command-line using /hf) provides
patch information only. The MBSA GUI builds on the HFNetChk functionality
and adds additional detection of non-patch items. When you run MBSA, the
results provided in the "Security Update Scan Results" section are provided
by the HFNetChk engine (which is available from the command-line using /hf).
The subsequent sections for Windows Scan Results, Additional System
Information, Desktop Application Scan Results, etc. are additional detection
that's not part of the HFNetChk engine. Unfortunately, these additional
scans are only available from the MBSA GUI interface.

MBSA Output (in non-XML format)

MBSACLI provides the full scan results available from the MBSA (GUI) tool,
but it is sometimes unclear how to export these results in TXT or CSV
format. The steps below detail the command-line parameters necessary to
accomplish this:

Here are a few tips for rendering MBSA reports in other formats.
Unfortunately, the MBSA output - although it is true XML - it has been
formatted specifically for MBSA display...

Detailed and Summarized TXT report

1) Run MBSACLI against a specific machine - note the <ReportName> at
conclusion of scan

2) For a DETAILED report, run "MBSACLI /ld" "<ReportName>" to display
the named report in formatted TXT format

3) For a SUMMARY report, run "MBSACLI /lr" "<ReportName>" to display
the named report in formatted TXT format

Additional options

a.. Use ">" to redirect output to a file
b.. Redirect output to a "<filename>.CSV" file to save the file in CSV
format (readable by MS Excel)
Note that this is separate from "MBSACLI /hf" switch which provides
additional options to display scan results in tab-delimited and word-wrap
formats (using the "/o tab" and "/o wrap" parameters), but provide only
security scan results - not the complete results available through the MBSA
(GUI) interface as MBSACLI does.

Additional post for those who want to render reports and scan in the same
command line (which can't be done).

You may have noticed that I provided the steps in two separate steps. You
will have to use 2 steps to run a security scan then create a text-based
rendering of the report. One way to do this for a single machine would be
to follow the steps below:

Run MBSACLI against a specific machine - note the <ReportName> at conclusion
of scan
*

THEN

*

For a DETAILED report, run "MBSACLI /ld" "<ReportName>" to display the named
report in formatted TXT format

OR
For a SUMMARY report, run "MBSACLI /lr" "<ReportName>" to display the named
report in formatted TXT format

For multiple machines, another method might be:

Run MBSACLI

/r IP-IP (to scan an IP address range)

/d <domain> (to scan a domain)

OR run MBSACLI from a script specifying a unique machine or IP address
for each pass

*

THEN use the same options above (/ld or /lr) to render the reports
specifying the <ReportName> for each report you want in TXT or CSV format.
Multiple report names can be captured at the conclusion of each scan.


--

Doug Neal [MSFT]
du...@online.microsoft.com

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for the Microsoft Baseline
Security Analyzer (MBSA) at the following link:
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.

"Lee Yan[MSFT]" <lee...@microsoft.com> wrote in message
news:FTr5Cr6h...@cpmsftngxa06.phx.gbl...

0 new messages