Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to download the cabinate file for scanning the missing security patches on the server?

Posted on 2016-08-24
4
Medium Priority
?
558 Views
Last Modified: 2016-09-13
My Server is not updating from the wsus server, so I need to run the scanning
on the server for missing security patches, for that, I need to download the latest wsus cabinate file, please help.
0
Comment
Question by:satheesh kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 65

Assisted Solution

by:btan
btan earned 1200 total points (awarded by participants)
ID: 41769577
May consider use of MBSA

Using MBSA without Internet access

In order to get the most accurate scan results, MBSA needs to download the latest updates from Microsoft.com. If you need to scan computers from a network that has no Internet access, you need to take extra steps to update MBSA since it won’t be able to reach Microsoft.com. To complete this step you need to update the Wsusscn2.cab file located in %SystemDrive%\Users\UserName\AppData\Local\Microsoft\MBSA\Cache. The Wsusscn2.cab file (signed by Microsoft) contains the security updates, update rollups, and service packs that are available from Microsoft Update. Wsusscn2.cab is automatically updated when a security update, update rollup, or service pack is added, removed, or revised on the Microsoft Updates site. Computers that are not connected to the Internet can be scanned and then updated for the updates in the WsusScn2.cab file.
https://dougvitale.wordpress.com/2011/11/18/microsoft-baseline-security-analyzer/#nointaccess
0
 
LVL 8

Accepted Solution

by:
Hector2016 earned 800 total points (awarded by participants)
ID: 41770145
Please use the WSUSOffline tool for all computers without direct access to the internet or to WSUS.

http://download.wsusoffline.net/

You need to run this tool on a computer with internet access and then share the Client folder to every offline computer, then run the Installer application inside that folder from each computer and it will update the computer. You can also create ISO files with collections of updates for each windows or office versions and languages.

You dont need to worry about the location of the WSUS cabinet file, because the tool will download and use it transparently.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1200 total points (awarded by participants)
ID: 41770256
Can check out MBSA for offline as shared earlier too
MBSA uses files that it downloads from the Internet, but the computer I want to use to scan my network doesn't have Internet access. How can I use MBSA in an offline and secure environment?

You can either perform the scan using the mbsacli command-line utility with the /nd (do not download) parameter, or you can perform the scan using the GUI. Before scanning you must copy the necessary files to the computer performing the scan.

Four types of files are required:
Security update catalog (wsusscn2.cab), available from the  Microsoft Web site
Windows Update Redistribution Catalog (wuredist.cab) located at  

http://update.microsoft.com/redist/wuredist.cab
Authorization catalog (muauth.cab) for Windows Update site access, available from the  Microsoft Web site or by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

Windows Update Agent standalone installers (if not already installed): For x86-based computers (WindowsUpdateAgent30-x86.exe) or
For x64-based computers (WindowsUpdateAgent30-x64.exe) or
For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan:
C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache

Important: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after any release of security bulletins from Microsoft. This is especially important in the case of the security update catalog (Wsusscn2.cab) because Microsoft releases an updated version of this file whenever new security bulletins are released or updated.

When you run MBSA to perform security update checks on remote computers, MBSA deploys the Windows Update Agent to the remote computer. Although an ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is available for Itanium-based computers, MBSA does not automatically deploy this version. It must be installed and configured on Itanium-based computers before performing a security scan on those computers.
0
 
LVL 65

Expert Comment

by:btan
ID: 41795679
As explained for offline downloads and provided guidance on approaches.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question