• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1566
  • Last Modified:

MBSA Microsoft Baseline Security Analyzer not scanning all pc's

I keep getting the following responses for each pc that MBSA is trying to scan:
Computer not found.
Could not resolve to computer name.

I can ping the computers by name, so DNS is resolving the name.  And I get successful replies from the computers, so IP connectivity is working.

Does anybody know what this could be?   Could it be that the Microsoft Firewall on the target computers is preventing the scan?

3 Solutions
It could be possible that DNS is not resolving to correct IP address.

Sometimes, DNS does not update quick enough and you see incorrect IP and Name pairs.

Have you check if the machine name is resolving to correct IP address or not.

To do this, ping the machine by name.(You will get the IP address).

Now go to that machine and check the IP address by ipconfig.

They should match.
Rich RumbleSecurity SamuraiCommented:
The firewall sounds more likely, especially if you put the IP into the mbsa and use the IP rather than the DNS name. The MBSA also requires admin priv's on the pc it's scanning. The firewall on XP Pro is turned on automatically when SP2 is applied.
cliffordgormleyAuthor Commented:
Prashax.  I stated that DNS works when I ping the target computer by name.  So that is not the problem.

Rich.  You are probably correct.  So does that mean I have to go to each machine and disable the firewall to run MBSA?  Maybe I could use Group Policy to temporarily disable the firewall, run MBSA, then re-enable the Firewall.  MBSA must have come out before the XP firewall for this to happen.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

You can create a GP to disable the firewall.

But, since you are able to ping those machine, see if you can remotly access their c$, and can connect using computer management.

MBSA scans files and registry using admin$ share and remote registry.

This can also happen if do not have admin rights on that machine.

It is also worth ensuring that you have the latest version of MSBA (you have probably already done this, but IT thought it was worth mentioning just in case).

If you are trying to scan a win xp sp2 machine you need this version of MSBA to be compatible -


You can manage the firewall vi GP, or if you have access to the machine you could just manually turn it off to run the scan - which would confirm whether the firewall was the issue or not.


Rich RumbleSecurity SamuraiCommented:
You can use the Group Policies to turn off the firewall, or to make an exception for the pc that your scanning from. Typically on a Lan the firewall isn't necessary unless you have regular Virus outbreaks or users that might be "script-kiddies" and just too curious. We have over 5000 pc's and leave it off. We also follow best practices and don't allow our users to be local admins of their PC's, so they can't install unapproved software and it also mitigates against spyware and viri

The MBSA came out before XP was even released, and win2k and NT don't have firewalls. The only port you need to open is 445 tcp, and or you can open 135-139 tcp or udp.
I would open port 445 from to the "mbsa_pc_name" http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx#ESG
Install NETBIOS on the pc you are using to do the scanning.  This should fix the issue.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now