Additional Information

Previous page
Table of content
Next page

The following information will help you troubleshoot scanning errors or explain inconsistencies between scans .

False Positives From Security Update Checks

There may be cases where MBSA reports that an update is not installed, even after you complete an update or take the steps documented in a security bulletin. There are two reasons for these false reports :

  1. Files scanned were updated by an installation that is unrelated to a security bulletin. For example, a file shared by different versions of the same program may be updated by the newer version. MBSA is unaware of the new versions and, because it is not what is expected, it reports the update is missing.

  2. Some security bulletins are not addressed by a file update but a configuration change that cannot be verified . These types of flags will appear as Note or Warning messages, marked with yellow Xs.

Both must be noted and ignored for future scans.

Requirements for Performing Remote Scans

MBSA makes use of the following network services to scan a computer:

  • Windows NT 4.0 SP4 and above, Windows 2000, or Windows XP (local scans only on Windows XP computers that use simple file sharing)

  • IIS 4.0, 5.0 (required for IIS vulnerability checks)

  • SQL 7.0, 2000 (required for SQL vulnerability checks)

  • Services must be installed or enabled: Server service, Remote Registry service, File & Print Sharing

f any of the services are unavailable or administrative shares (C$) are not accessible, errors will result during the scan.

Password Scans

Password check performed by MBSA can take a long time, depending on the number of user accounts on the machine. The password check enumerates all user accounts and performs several password change attempts using common password pitfalls such as a password that is the same as the username. Users may want to disable this check before scanning Domain Controllers on their network. For details on the MBSA password check, see the topic "Local Accounts Passwords" in the MBSA whitepaper on TechNet http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/mbsawp.asp .

Differences Between Mbsa.exe and Mbsacli.exe

It is important to know the differences between the default options of the two MBSA clients : the GUI tool, Mbsa.exe, and the command-line tool, Mbsacli.exe. The examples shown previously in this How To take these defaults into account.

The MBSA GUI calls /nosum , /v , and /baseline by default. The details for those options are:

/nosum

Security update checks will not test file checksums.

/v

Displays security update reason codes.

/baseline

Checks only for baseline security updates.

The MBSA command line calls no options and runs a default scan.



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
Qshell for iSeries
Mapping Hacks: Tips & Tools for Electronic Cartography
Special Edition Using Crystal Reports 10
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy