MBSA connects to Microsoft for two items. In neither case is any
information sent to Microsoft.
When MBSA is run, it will ping a location on the Microsoft Download center
to check if there is a new version of MBSA. This cannot be disabled in the
GUI, but from the command-line, you can specify the /nvc (no version check)
parameter to prevent a check for a newer version.
During a scan to a client that has a lower version for the WUA agent than
needed - or if one or more target machines cannot access the Microsoft
Update live site or a WSUS server to make their own assessment, the scanning
machine (the one with MBSA installed) will attempt to connect to
Microsoft.com to download the latest x86/x64 Windows Update Agent (to update
down-level clients), the MUAUTH.CAB file (to authorize MBSA to talk with
WUA) and the offline catalog of updates, WSUSSCN2.CAB. This cannot be
disabled in the GUI, but from the command-line, you can specify the /nd (no
download) parameter to prevent MBSA from attempting to download any of these
In all cases, this connection is the same port 80 used by Internet Explorer.
In fact, you could disable all MBSA connection attempts to the web by
changing the IE connection settings to use Offline Mode or to simply connect
to a proxy server that doesn't exist.
At no time is any information captured or reported to Microsoft.
I hope that helps...
Doug Neal [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
This e-mail address does not receive e-mail, but is used for newsgroup
Post by ksreek
During the process of MSBA analysis it connects to the microsoft server
through a existing local port thats open and used for IIS packet exchange
.Once it gets connected to the server information is exchanged (i.e the LOG
collected on your local computer is compared with the Database stored in the
MS server and a comparitive LOG will help in finding out the missing security
catalogues in the local computer.Based on the report,the location of required
file (.cab file) is fed to MBSA.
The bottom line is MBSA just connects to server for an interactive response
and no information except the missing update LOG is sent to MS.
Microsoft Product support services
Post by GaileForce
I'm pretty sure I know the answer to this but could anyone confirm that the
MBSA 2.1 does not send any information to Microsoft and will only connect to
Microsoft to download the cab file etc. For these connections - Do you know
the port know - I assume it's 80.
If there is any specific document or page on the website that discusses
this, that would also be most useful.