Microsoft Baseline Security Analyzer (MBSA) offline bulk scan process

The MBSA tool can be downloaded from the website. The current address for version 2.1 is

MBSA can be run offline (if the machine being used to scan is not connected to the Internet). If using it in this configuration, it is necessary to ensure the latest updates are used.

Once you have installed the latest updates, follow the steps below to run the scans.

Create a new text file called ‘computers.txt’ and list the names of the servers to be scanned – as shown in Figure 1 below. This should be saved on the computer being used to run the scan.


Figure 1: Computers.txt file contents

Open a command prompt and navigate to ‘C:\Program Files\Microsoft Baseline Security Analyzer 2’

Run the following command (This assumes that the and the text file ‘computers.txt’ have been saved into the root of the C: drive.:

Mbsacli /catalog c:\ /listfile c:\computers.txt /wi /nvc /nd

/wi = show all updates even if not approved on the WSUS server.

/nvc = Do not check for a new version of MBSA.

/nd = Do not download any files from the web site when scanning.

Wait for the scan to complete.

Open the MBSA console from the Start Menu.

Click ‘View existing security scan report’.