mbsa, fichier mssecure

"Fabrice" <emouchet@spam-infonie.fr> a écrit dans le message de news:
uIJOiJi4FHA.1140@tk2msftngp13.phx.gbl...

bonjour à tous,

j'ai un serveur et (plusieurs machines) qui n'est pas connecté à Internet.
Je voudrais réaliser un scan local avec MBSA 2.0 de la machine.
J'ai donc téléchargé le fichier mssecure.cab et je l'ai copié dans le
répertoire de MBSA.

Je lance l'interface graphique de MBSA et lance une vérification de la
machine. Mais il s'obstine à vouloir faire le téléchargement sur Internet
et comme je ne suis pas connecté il plante lamentablement !

Comment forcer MBSA à utiliser le fichier msecure.cab local.sans
connection internet ?

Je vous conseille d'utiliser la version 2.0 de MBSA si vous utilisez
actuellement la version 1.2.1 (et dans ce cas votre manipulation est
correcte). Concernant MBSA 2.0, reportez vous à la FAQ à cette adresse :
http://www.microsoft.com/technet/security/tools/mbsa2/qa.mspx

Extrait en anglais :
Q. MBSA uses files that it downloads from the Internet, but the
computer I want to use to scan my network doesn't have Internet access. How
can I use MBSA in this case?
A. Perform the scan using the mbsacli command-line utility with the
/nd (do not download) parameter after copying the necessary files to the
computer performing the scan. There are three types of files that are
required:

. Security update catalog (Wsusscan.cab), available from the
Microsoft Web site

. Authorization catalog for Windows Update site access
(Muauth.cab), available from the Microsoft Web site

. Windows Update Agent (if not already installed):

. For x86-based computers (WindowsUpdateAgent20-x86.exe),
available from the Microsoft Web site

. For x64-based computers (WindowsUpdateAgent20-x64.exe),
available from the Microsoft Web site



After downloading the files from the Microsoft Web site, copy them to
the following folder on the computer performing the security update scan:
C:Documents and SettingsusernameLocal SettingsApplication
DataMicrosoftMBSA2.0Cache

Important: To ensure that MBSA has access to the most current versions
of these files, you should download them on a weekly basis or after any
release of security bulletins from Microsoft. This is especially important
in the case of the security update catalog (wsusscan.cab) because Microsoft
releases an updated version of this file whenever new security bulletins are
released or updated.

When you run MBSA to perform security update checks on remote
computers, MBSA deploys the Windows Update Agent to the remote computer. A
version of Windows Update Agent (WindowsUpdateAgent20-ia64.exe) is also
available from the Microsoft Web site for Itanium-based computers. MBSA does
not deploy this version, and so you must install and configure Windows
Update Agent on Itanium-based computers before performing a security update
check on those computers.



A titre d'information pour la version 1.2.1 :
http://www.microsoft.com/technet/security/tools/mbsa1/qa.mspx

How can I use MBSA in an offline or secure environment that may require
proxy authentication?
A. You can manually download the signed English mssecure.cab file used
for the security updates check in MBSA V1.2.1 from the following Microsoft
Web site: http://go.microsoft.com/fwlink/?LinkId922. Place the downloaded
CAB file in the MBSA installation folder.

The localized mssecure.cab files can be manually downloaded from the
following locations:

. German mssecure.cab file:
http://go.microsoft.com/fwlink/?LinkId121.

. Japanese mssecure.cab file:
http://go.microsoft.com/fwlink/?LinkId120.

. French mssecure.cab file:
http://go.microsoft.com/fwlink/?LinkId122.


These are the only supported locations where the signed mssecure.cab
files can be downloaded for offline use.

Scanning for Microsoft Office product updates (local computer scans
only) uses a somewhat different procedure in order to download the needed
files:

. Download INVCIF.EXE from
http://go.microsoft.com/fwlink/?linkid842 and

Download INVCM.EXE from
http://go.microsoft.com/fwlink/?linkid452

. Run INVCIF.EXE, and answer Yes to install the Office Update
Inventory Tool, read the EULA and agree to its terms, and specify a local
directory to expand the contents into, for example C:TEMPOfficeUpd). This
will create multiple files including PatchData.XML and
InventoryCatalog.HTML, as well as a directory named CIFS. A file called
PUIDS.CIF will be extracted into the CIFS directory.

. Run INVCM.EXE, and answer Yes to install the Office Update
Inventory Tool, read the EULA and agree to its terms, and specify a local
directory to expand the contents into, for example C:TEMPOfficeUpd). This
will create multiple files including inventory.exe, convert.exe,
OUDetect.dll required for scanning.

. Copy all the files and directories in C:TEMPOfficeUpd into
the C:Microsoft Baseline Security AnalyzerOfficeUpd directory on the
scanning machine. If you are prompted to overwrite existing files click
"Yes".


At this point run MBSA from the desktop icon or Start menu, or open a
command prompt in the C:Microsoft Baseline Security Analyzer folder and use
mbsacli.exe. The files you just obtained will be used, although the tool
will attempt to obtain them from the Internet and may lead to a timeout
before the scan takes place using the local files.

Note: When manually downloading the files, users should
re-download on a regular basis, to ensure the most recent releases by
Microsoft are used in their computer scans. Microsoft releases updated
versions of the files when new security bulletins are issued or updated.



Cordialement

--
Thierry MILLE
FAQ Windows Vista
www.my-vista.com

merci beaucoup

"Thierry MILLE [MVP]" <msnews@lab-os.com> a écrit dans le message de news:
%23bTKOzt4FHA.3592@TK2MSFTNGP12.phx.gbl...

"Fabrice" <emouchet@spam-infonie.fr> a écrit dans le message de news:
uIJOiJi4FHA.1140@tk2msftngp13.phx.gbl...

bonjour à tous,

j'ai un serveur et (plusieurs machines) qui n'est pas connecté à
Internet. Je voudrais réaliser un scan local avec MBSA 2.0 de la machine.
J'ai donc téléchargé le fichier mssecure.cab et je l'ai copié dans le
répertoire de MBSA.

Je lance l'interface graphique de MBSA et lance une vérification de la
machine. Mais il s'obstine à vouloir faire le téléchargement sur Internet
et comme je ne suis pas connecté il plante lamentablement !

Comment forcer MBSA à utiliser le fichier msecure.cab local.sans
connection internet ?

Je vous conseille d'utiliser la version 2.0 de MBSA si vous utilisez
actuellement la version 1.2.1 (et dans ce cas votre manipulation est
correcte). Concernant MBSA 2.0, reportez vous à la FAQ à cette adresse :
http://www.microsoft.com/technet/security/tools/mbsa2/qa.mspx

Extrait en anglais :
Q. MBSA uses files that it downloads from the Internet, but the
computer I want to use to scan my network doesn't have Internet access.
How can I use MBSA in this case?
A. Perform the scan using the mbsacli command-line utility with the
/nd (do not download) parameter after copying the necessary files to the
computer performing the scan. There are three types of files that are
required:

. Security update catalog (Wsusscan.cab), available from the
Microsoft Web site

. Authorization catalog for Windows Update site access
(Muauth.cab), available from the Microsoft Web site

. Windows Update Agent (if not already installed):

. For x86-based computers (WindowsUpdateAgent20-x86.exe),
available from the Microsoft Web site

. For x64-based computers (WindowsUpdateAgent20-x64.exe),
available from the Microsoft Web site



After downloading the files from the Microsoft Web site, copy them to
the following folder on the computer performing the security update scan:
C:Documents and SettingsusernameLocal SettingsApplication
DataMicrosoftMBSA2.0Cache

Important: To ensure that MBSA has access to the most current
versions of these files, you should download them on a weekly basis or
after any release of security bulletins from Microsoft. This is especially
important in the case of the security update catalog (wsusscan.cab)
because Microsoft releases an updated version of this file whenever new
security bulletins are released or updated.

When you run MBSA to perform security update checks on remote
computers, MBSA deploys the Windows Update Agent to the remote computer. A
version of Windows Update Agent (WindowsUpdateAgent20-ia64.exe) is also
available from the Microsoft Web site for Itanium-based computers. MBSA
does not deploy this version, and so you must install and configure
Windows Update Agent on Itanium-based computers before performing a
security update check on those computers.



A titre d'information pour la version 1.2.1 :
http://www.microsoft.com/technet/security/tools/mbsa1/qa.mspx

How can I use MBSA in an offline or secure environment that may
require proxy authentication?
A. You can manually download the signed English mssecure.cab file
used for the security updates check in MBSA V1.2.1 from the following
Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId922. Place
the downloaded CAB file in the MBSA installation folder.

The localized mssecure.cab files can be manually downloaded from the
following locations:

. German mssecure.cab file:
http://go.microsoft.com/fwlink/?LinkId121.

. Japanese mssecure.cab file:
http://go.microsoft.com/fwlink/?LinkId120.

. French mssecure.cab file:
http://go.microsoft.com/fwlink/?LinkId122.


These are the only supported locations where the signed mssecure.cab
files can be downloaded for offline use.

Scanning for Microsoft Office product updates (local computer scans
only) uses a somewhat different procedure in order to download the needed
files:

. Download INVCIF.EXE from
http://go.microsoft.com/fwlink/?linkid842 and

Download INVCM.EXE from
http://go.microsoft.com/fwlink/?linkid452

. Run INVCIF.EXE, and answer Yes to install the Office Update
Inventory Tool, read the EULA and agree to its terms, and specify a local
directory to expand the contents into, for example C:TEMPOfficeUpd).
This will create multiple files including PatchData.XML and
InventoryCatalog.HTML, as well as a directory named CIFS. A file called
PUIDS.CIF will be extracted into the CIFS directory.

. Run INVCM.EXE, and answer Yes to install the Office Update
Inventory Tool, read the EULA and agree to its terms, and specify a local
directory to expand the contents into, for example C:TEMPOfficeUpd).
This will create multiple files including inventory.exe, convert.exe,
OUDetect.dll required for scanning.

. Copy all the files and directories in C:TEMPOfficeUpd into
the C:Microsoft Baseline Security AnalyzerOfficeUpd directory on the
scanning machine. If you are prompted to overwrite existing files click
"Yes".


At this point run MBSA from the desktop icon or Start menu, or open a
command prompt in the C:Microsoft Baseline Security Analyzer folder and
use mbsacli.exe. The files you just obtained will be used, although the
tool will attempt to obtain them from the Internet and may lead to a
timeout before the scan takes place using the local files.

Note: When manually downloading the files, users should
re-download on a regular basis, to ensure the most recent releases by
Microsoft are used in their computer scans. Microsoft releases updated
versions of the files when new security bulletins are issued or updated.



Cordialement

--
Thierry MILLE
FAQ Windows Vista
www.my-vista.com