Discussion:
Reporting Problems with SBA
(too old to reply)
andersonneil
2010-03-04 22:05:01 UTC
Permalink
Good Morning,



I am running Windows 7 Home Premium on my Dell Inspiron 530S.



I have downloaded and installed Microsoft Baseline Security Analyser 2.1



I believe it is good to know that all is OK from a security point of view,
and tools such as this are always of great assistance.



When I run this tool, I have found a couple of reported "errors" which I do
not think are correct. I have attached a copy of the Assessment Report to the
foot of this email so you can see my references.



•In the "Windows Scan Results" section, the report shows that the Guest
account is not disabled on this computer. Using Control Panel, User Accounts,
it is shown that the Guest Account is OFF. What else can I do to remove this
error from the report???


• In the same section, the report shows there is incomplete updates. This is
not correct - I have done multiple restarts and run the Security Analyser
again, and it still shows this error. What can I do to correct this???


•In the same section, the report shows that Windows Firewall is disabled and
has exceptions configured. It is true that windows Firewall is off, as I have
the McAfee Security Centre running and fully configured for all protection.
Couldn't the report show that another Firewall is enabled??? Also, what do
the "exceptions configured" exactly mean???


•In the same section, the report shows that Autologon is not configured on
this computer. Whenever I start Windows, automatically my local account
(Anderson) is logged on without any intervention on my part. I have this
purposely set like this, as I am the only one who really uses this PC for any
major processing. Shouldn't this Autologon check report this??


If some answers could be given to the above, I would be most appreciative.



Regards,



Neil Anderson.








Security assessment:

Severe Risk (One or more critical checks failed.)




Computer name:
@HOME\ANDERSON-PC

IP address:
122.106.187.52

Security report name:
@HOME - ANDERSON-PC (12-01-2010 11-08 AM)

Scan date:
12/01/2010 11:08 AM

Catalog synchronization date:

Security update catalog:
Microsoft Update




Security Updates



Score
Issue
Result


Developer Tools, Runtimes, and Redistributables Security Updates
No security updates are missing.

Current Update Compliance

Score
ID
Description
Maximum Severity


Installed
MS09-035
Security Update for Microsoft Visual C++ 2005 Service Pack 1
Redistributable Package (KB973923)
Moderate




Office Security Updates
No security updates are missing.

Current Update Compliance

Score
ID
Description
Maximum Severity


Installed
949426
Microsoft Office Accounting 2008 UK Service Pack 1 (KB949426)


Installed
MS09-060
Security Update for the 2007 Microsoft Office System (KB974234)
Important

Installed
949426
Microsoft Office Accounting 2008 US Service Pack 1 (KB949426)


Installed
MS09-024
Security Update for the 2007 Microsoft Office System (KB969559)
Important

Installed
MS09-067
Security Update for Microsoft Office Excel 2007 (KB973593)
Important

Installed
953195
The 2007 Microsoft Office Suite Service Pack 2 (SP2)


Installed
MS09-062
Security Update for the 2007 Microsoft Office System (KB972581)
Important

Installed
MS09-017
Security Update for Microsoft PowerPoint 2007 (KB957789)
Important

Installed
MS09-060
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Critical

Installed
MS09-027
Security Update for the 2007 Microsoft Office System (KB969613)
Important

Installed
MS09-067
Security Update for the 2007 Microsoft Office System (KB973704)
Important




SDK Components Security Updates
No security updates are missing.

Current Update Compliance

Score
ID
Description
Maximum Severity


Installed
MS07-028
Security Update for CAPICOM (KB931906)
Critical




SQL Server Security Updates
No security updates are missing.

Current Update Compliance

Score
ID
Description
Maximum Severity


Installed
MS06-061
MSXML 6.0 RTM Security Update (925673)
Critical




Silverlight Security Updates
No security updates are missing.

Current Update Compliance

Score
ID
Description
Maximum Severity


Installed
974331
Update for Microsoft Silverlight (KB974331)


Installed
974331
Update for Microsoft Silverlight (KB974331)





Windows Security Updates
No security updates are missing.

Current Update Compliance

Score
ID
Description
Maximum Severity


Installed
MS08-069
Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
Important

Installed
890830
Windows Malicious Software Removal Tool - December 2009 (KB890830)


Installed
MS09-061
Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows
2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2 (KB953297)
Critical

Installed
976098
Update for Windows 7 (KB976098)


Installed
MS09-055
Security Update for ActiveX Killbits for Windows 7 (KB973525)
Important

Installed
974431
Update for Windows 7 (KB974431)


Installed
MS09-072
Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB976325)
Critical

Installed
MS09-056
Security Update for Windows 7 (KB974571)
Important

Installed
MS09-059
Security Update for Windows 7 (KB975467)
Important






Windows Scan Results



Administrative Vulnerabilities



Score
Issue
Result


Local Account Password Test
Some user accounts (3 of 4) have blank or simple passwords, or could not be
analyzed.

User
Weak Password
Locked Out
Disabled

Administrator
Weak
-
Disabled

Anderson
Weak
-
-

Guest
Weak
-
-

ASPNET
-
-
-




Guest Account
The Guest account is not disabled on this computer.



Password Expiration
Some user accounts (3 of 4) have non-expiring passwords.

User

Administrator

Anderson

Guest

ASPNET




Incomplete Updates
A previous software update installation was not completed. You must restart
your computer to finish the installation. If the incomplete installation was
a security update, then the computer may be at risk until the computer is
restarted.



Windows Firewall
Windows Firewall is disabled and has exceptions configured.

Connection Name
Firewall
Exceptions

All Connections
Off
Programs, Services

Local Area Connection
Off*
Programs*, Services*




File System
All hard drives (2) are using the NTFS file system.

Drive Letter
File System

C:
NTFS

D:
NTFS




Autologon
Autologon is not configured on this computer.



Restrict Anonymous
Computer is properly restricting anonymous access.



Administrators
No more than 2 Administrators were found on this computer.

User

Administrator

Anderson




Automatic Updates
Updates are automatically downloaded and installed on this computer.






--------------------------------------------------------------------------------
--
Regards,

Neil
Bill Sanderson
2010-03-24 03:13:18 UTC
Permalink
I've just run a report on my Windows 7 Professional machine, which is
somewhat different from your since it is joined to a domain--although I use
it at home, I also use it in the office.

If I right-click the local guest account and choose properties, there are a
series of checkboxes. One of them is "account is disabled."

With this setting, MBSA reports the guest account on my machine as disabled.

Have you read the explanations led to by the blue links by each finding?
These can help a lot in digging into these issues.

Firewall Exceptions are ports permitted to accept unsolicited inbound
traffic--I.e. that you, or programs (with your permission) have opened in
the firewall. It is normal to have some of these--you should have different
ones depending on your circumstances--if the machine travels, for example,
you might want no exceptions when connected to a public Internet connection
in a hotel or coffee shop. Windows 7 will ask you about new connections and
make good choices based on your response--public vs home vs work.

I am a bit surprised by the autologon finding, but I wonder whether there's
a conscious choice not to flag this on "home" versions of the OS. I don't
see this mentioned in the explanatory text, however.

More information is available in the FAQ, found here:

http://technet.microsoft.com/en-us/security/cc184922.aspx

In a quick glance through, though, I don't see your specific questions
addressed there.

I think the "missing updates" issue should be able to be pinned down by
looking at the information about what is checked, and comparing that to the
registry on your system. It is quite possible for there to be inconsistent
information in the registry which isn't cleared by an update completing.
Post by andersonneil
Good Morning,
I am running Windows 7 Home Premium on my Dell Inspiron 530S.
I have downloaded and installed Microsoft Baseline Security Analyser 2.1
I believe it is good to know that all is OK from a security point of view,
and tools such as this are always of great assistance.
When I run this tool, I have found a couple of reported "errors" which I do
not think are correct. I have attached a copy of the Assessment Report to the
foot of this email so you can see my references.
•In the "Windows Scan Results" section, the report shows that the Guest
account is not disabled on this computer. Using Control Panel, User Accounts,
it is shown that the Guest Account is OFF. What else can I do to remove this
error from the report???
• In the same section, the report shows there is incomplete updates. This is
not correct - I have done multiple restarts and run the Security Analyser
again, and it still shows this error. What can I do to correct this???
•In the same section, the report shows that Windows Firewall is disabled and
has exceptions configured. It is true that windows Firewall is off, as I have
the McAfee Security Centre running and fully configured for all protection.
Couldn't the report show that another Firewall is enabled??? Also, what do
the "exceptions configured" exactly mean???
•In the same section, the report shows that Autologon is not configured on
this computer. Whenever I start Windows, automatically my local account
(Anderson) is logged on without any intervention on my part. I have this
purposely set like this, as I am the only one who really uses this PC for any
major processing. Shouldn't this Autologon check report this??
If some answers could be given to the above, I would be most appreciative.
Regards,
Neil Anderson.
Severe Risk (One or more critical checks failed.)
@HOME\ANDERSON-PC
122.106.187.52
@HOME - ANDERSON-PC (12-01-2010 11-08 AM)
12/01/2010 11:08 AM
Microsoft Update
Security Updates
Score
Issue
Result
Developer Tools, Runtimes, and Redistributables Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS09-035
Security Update for Microsoft Visual C++ 2005 Service Pack 1
Redistributable Package (KB973923)
Moderate
Office Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
949426
Microsoft Office Accounting 2008 UK Service Pack 1 (KB949426)
Installed
MS09-060
Security Update for the 2007 Microsoft Office System (KB974234)
Important
Installed
949426
Microsoft Office Accounting 2008 US Service Pack 1 (KB949426)
Installed
MS09-024
Security Update for the 2007 Microsoft Office System (KB969559)
Important
Installed
MS09-067
Security Update for Microsoft Office Excel 2007 (KB973593)
Important
Installed
953195
The 2007 Microsoft Office Suite Service Pack 2 (SP2)
Installed
MS09-062
Security Update for the 2007 Microsoft Office System (KB972581)
Important
Installed
MS09-017
Security Update for Microsoft PowerPoint 2007 (KB957789)
Important
Installed
MS09-060
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Critical
Installed
MS09-027
Security Update for the 2007 Microsoft Office System (KB969613)
Important
Installed
MS09-067
Security Update for the 2007 Microsoft Office System (KB973704)
Important
SDK Components Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS07-028
Security Update for CAPICOM (KB931906)
Critical
SQL Server Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS06-061
MSXML 6.0 RTM Security Update (925673)
Critical
Silverlight Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
974331
Update for Microsoft Silverlight (KB974331)
Installed
974331
Update for Microsoft Silverlight (KB974331)
Windows Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS08-069
Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
Important
Installed
890830
Windows Malicious Software Removal Tool - December 2009 (KB890830)
Installed
MS09-061
Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows
2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2 (KB953297)
Critical
Installed
976098
Update for Windows 7 (KB976098)
Installed
MS09-055
Security Update for ActiveX Killbits for Windows 7 (KB973525)
Important
Installed
974431
Update for Windows 7 (KB974431)
Installed
MS09-072
Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB976325)
Critical
Installed
MS09-056
Security Update for Windows 7 (KB974571)
Important
Installed
MS09-059
Security Update for Windows 7 (KB975467)
Important
Windows Scan Results
Administrative Vulnerabilities
Score
Issue
Result
Local Account Password Test
Some user accounts (3 of 4) have blank or simple passwords, or could not be
analyzed.
User
Weak Password
Locked Out
Disabled
Administrator
Weak
-
Disabled
Anderson
Weak
-
-
Guest
Weak
-
-
ASPNET
-
-
-
Guest Account
The Guest account is not disabled on this computer.
Password Expiration
Some user accounts (3 of 4) have non-expiring passwords.
User
Administrator
Anderson
Guest
ASPNET
Incomplete Updates
A previous software update installation was not completed. You must restart
your computer to finish the installation. If the incomplete installation was
a security update, then the computer may be at risk until the computer is
restarted.
Windows Firewall
Windows Firewall is disabled and has exceptions configured.
Connection Name
Firewall
Exceptions
All Connections
Off
Programs, Services
Local Area Connection
Off*
Programs*, Services*
File System
All hard drives (2) are using the NTFS file system.
Drive Letter
File System
NTFS
NTFS
Autologon
Autologon is not configured on this computer.
Restrict Anonymous
Computer is properly restricting anonymous access.
Administrators
No more than 2 Administrators were found on this computer.
User
Administrator
Anderson
Automatic Updates
Updates are automatically downloaded and installed on this computer.
--------------------------------------------------------------------------------
--
Regards,
Neil
Doug Neal [MSFT]
2010-03-25 00:36:52 UTC
Permalink
Bill is correct on all counts.

The Guest Account needs to be Disabled, not just turned off.

The incomplete updates is a bug that we've never been able to track down on
customer machines. We know that some customers are seeing this, but we
can't figure out what's causing this - and haven't been able to reproduce
this in our test labs. Could you take a moment and let me know if there are
any values in these two registry locations?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile
HKLM\System\CurrentControlSet\Control\Session
Manager\PendingFileRenameOperations.

MBSA only checks for the Windows Firewall. So if it's disabled in favor of
a 3rd party firewall, MBSA doesn't detect that. We hope to have better
integration with Security Center (which knows that at least some firewall is
protecting the machine). But that's been delayed to a future version.

As for Autologon, if you're using a Windows Home SKU or any version of
Windows for which you don't have an admin password assigned, the autologin
report as technically accurate: you're not having Windows automatically log
you in using a saved password. But rather, you're allowing a default login
ID - without a password - to log in. This seems like it probably the case
as MBSA is reporting that a number (3 of 4) accounts have no password. I'll
bet one of these is what Windows is automatically using at startup.

I hope that helps...
--
--
Doug Neal [MSFT]
***@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.

If newsgroup discussion with experts and MVPs is unable to solve a problem
to your satisfaction, feel free to contact PSS for support on the Microsoft
Baseline Security Analyzer (MBSA). Information is available at the following
link:
http://support.microsoft.com/default.aspx

This e-mail address does not receive e-mail, but is used for newsgroup
postings only.
Post by Bill Sanderson
I've just run a report on my Windows 7 Professional machine, which is
somewhat different from your since it is joined to a domain--although I
use it at home, I also use it in the office.
If I right-click the local guest account and choose properties, there are
a series of checkboxes. One of them is "account is disabled."
With this setting, MBSA reports the guest account on my machine as disabled.
Have you read the explanations led to by the blue links by each finding?
These can help a lot in digging into these issues.
Firewall Exceptions are ports permitted to accept unsolicited inbound
traffic--I.e. that you, or programs (with your permission) have opened in
the firewall. It is normal to have some of these--you should have
different ones depending on your circumstances--if the machine travels,
for example, you might want no exceptions when connected to a public
Internet connection in a hotel or coffee shop. Windows 7 will ask you
about new connections and make good choices based on your response--public
vs home vs work.
I am a bit surprised by the autologon finding, but I wonder whether
there's a conscious choice not to flag this on "home" versions of the OS.
I don't see this mentioned in the explanatory text, however.
http://technet.microsoft.com/en-us/security/cc184922.aspx
In a quick glance through, though, I don't see your specific questions
addressed there.
I think the "missing updates" issue should be able to be pinned down by
looking at the information about what is checked, and comparing that to
the registry on your system. It is quite possible for there to be
inconsistent information in the registry which isn't cleared by an update
completing.
Post by andersonneil
Good Morning,
I am running Windows 7 Home Premium on my Dell Inspiron 530S.
I have downloaded and installed Microsoft Baseline Security Analyser 2.1
I believe it is good to know that all is OK from a security point of view,
and tools such as this are always of great assistance.
When I run this tool, I have found a couple of reported "errors" which I do
not think are correct. I have attached a copy of the Assessment Report to the
foot of this email so you can see my references.
•In the "Windows Scan Results" section, the report shows that the Guest
account is not disabled on this computer. Using Control Panel, User Accounts,
it is shown that the Guest Account is OFF. What else can I do to remove this
error from the report???
• In the same section, the report shows there is incomplete updates. This is
not correct - I have done multiple restarts and run the Security Analyser
again, and it still shows this error. What can I do to correct this???
•In the same section, the report shows that Windows Firewall is disabled and
has exceptions configured. It is true that windows Firewall is off, as I have
the McAfee Security Centre running and fully configured for all protection.
Couldn't the report show that another Firewall is enabled??? Also, what do
the "exceptions configured" exactly mean???
•In the same section, the report shows that Autologon is not configured on
this computer. Whenever I start Windows, automatically my local account
(Anderson) is logged on without any intervention on my part. I have this
purposely set like this, as I am the only one who really uses this PC for any
major processing. Shouldn't this Autologon check report this??
If some answers could be given to the above, I would be most
appreciative.
Regards,
Neil Anderson.
Severe Risk (One or more critical checks failed.)
@HOME\ANDERSON-PC
122.106.187.52
@HOME - ANDERSON-PC (12-01-2010 11-08 AM)
12/01/2010 11:08 AM
Microsoft Update
Security Updates
Score
Issue
Result
Developer Tools, Runtimes, and Redistributables Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS09-035
Security Update for Microsoft Visual C++ 2005 Service Pack 1
Redistributable Package (KB973923)
Moderate
Office Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
949426
Microsoft Office Accounting 2008 UK Service Pack 1 (KB949426)
Installed
MS09-060
Security Update for the 2007 Microsoft Office System (KB974234)
Important
Installed
949426
Microsoft Office Accounting 2008 US Service Pack 1 (KB949426)
Installed
MS09-024
Security Update for the 2007 Microsoft Office System (KB969559)
Important
Installed
MS09-067
Security Update for Microsoft Office Excel 2007 (KB973593)
Important
Installed
953195
The 2007 Microsoft Office Suite Service Pack 2 (SP2)
Installed
MS09-062
Security Update for the 2007 Microsoft Office System (KB972581)
Important
Installed
MS09-017
Security Update for Microsoft PowerPoint 2007 (KB957789)
Important
Installed
MS09-060
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Critical
Installed
MS09-027
Security Update for the 2007 Microsoft Office System (KB969613)
Important
Installed
MS09-067
Security Update for the 2007 Microsoft Office System (KB973704)
Important
SDK Components Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS07-028
Security Update for CAPICOM (KB931906)
Critical
SQL Server Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS06-061
MSXML 6.0 RTM Security Update (925673)
Critical
Silverlight Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
974331
Update for Microsoft Silverlight (KB974331)
Installed
974331
Update for Microsoft Silverlight (KB974331)
Windows Security Updates
No security updates are missing.
Current Update Compliance
Score
ID
Description
Maximum Severity
Installed
MS08-069
Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
Important
Installed
890830
Windows Malicious Software Removal Tool - December 2009 (KB890830)
Installed
MS09-061
Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows
2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2 (KB953297)
Critical
Installed
976098
Update for Windows 7 (KB976098)
Installed
MS09-055
Security Update for ActiveX Killbits for Windows 7 (KB973525)
Important
Installed
974431
Update for Windows 7 (KB974431)
Installed
MS09-072
Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB976325)
Critical
Installed
MS09-056
Security Update for Windows 7 (KB974571)
Important
Installed
MS09-059
Security Update for Windows 7 (KB975467)
Important
Windows Scan Results
Administrative Vulnerabilities
Score
Issue
Result
Local Account Password Test
Some user accounts (3 of 4) have blank or simple passwords, or could not be
analyzed.
User
Weak Password
Locked Out
Disabled
Administrator
Weak
-
Disabled
Anderson
Weak
-
-
Guest
Weak
-
-
ASPNET
-
-
-
Guest Account
The Guest account is not disabled on this computer.
Password Expiration
Some user accounts (3 of 4) have non-expiring passwords.
User
Administrator
Anderson
Guest
ASPNET
Incomplete Updates
A previous software update installation was not completed. You must restart
your computer to finish the installation. If the incomplete installation was
a security update, then the computer may be at risk until the computer is
restarted.
Windows Firewall
Windows Firewall is disabled and has exceptions configured.
Connection Name
Firewall
Exceptions
All Connections
Off
Programs, Services
Local Area Connection
Off*
Programs*, Services*
File System
All hard drives (2) are using the NTFS file system.
Drive Letter
File System
NTFS
NTFS
Autologon
Autologon is not configured on this computer.
Restrict Anonymous
Computer is properly restricting anonymous access.
Administrators
No more than 2 Administrators were found on this computer.
User
Administrator
Anderson
Automatic Updates
Updates are automatically downloaded and installed on this computer.
--------------------------------------------------------------------------------
--
Regards,
Neil
MaxLV
2010-06-04 05:56:23 UTC
Permalink
Post by Doug Neal [MSFT]
Bill is correct on all counts.
The Guest Account needs to be Disabled, not just turned off.
In Windows 7 Home Premium, under control panel/ manage another account the
Guest Account is only reported as being on or off, and right clicking on it's
icon only gives the Turn on or Turn off the guest account option. There is no
disable option at all.

When running MBSA 2.1.1 it reports that the Guest Account in Windws 7 Home
Premium is not disabled (when it's turned off) and poses a severe risk.

MBSA also reports 2 of 3 user accounts have blank or simple passwords, or
could not be analyzed.

One is the Guest account, the other is the default administrator account
that MBSA says has a weak password, but is also *disabled* according t MBSA.

So basicaly on the computer MBSA appears to be misreporting two accounts as
being a severe risk when they aren't.

The computer MBSA has generated this report for has a Windows 7 Home Premium
32bit installed, from a family 3 pack.
The two other computers I have Windows 7 installed on, from this Family 3
pack, are fine, MBSA is not reporting the guest account or administrator
account are severe risks because of their passwords. It says both accounts
are fine and are NOT a risk at all.

Following the 'How to correct this' option in MBSA is no help as it
*assumes* that the OS is NOT WIndows 7 and that I have access to the Local
Security Policy that Microsoft, in it's infinite wisdom and knowledge of home
users, decided to disable, remove, or hide from WIndws 7 Home Premium
users...

Can anyone tell me how t fix this MBSA reported 'severe risk' or tell me how
I can fix the Guest account password and disabled administrator weak password
on?

Loading...