From the TechNet article references below:
The required services are listed in the MBSA Help file (linked to in the left-hand pane of MBSA user interface). These requirements include Remote Registry service, Server service, Workstation service, File and Printer Sharing service, and Automatic Updates service. The wsusscn2.cab file is downloaded from the Microsoft Web site over HTTP based on your Internet Explorer settings. Remote computer scans are performed by using TCP ports 135, 139, and 445. Where a firewall or filtering router separates two networks, TCP ports 135, 139, and 445, and UDP ports 137 and 138 must be open in order for MBSA to connect and authenticate to the remote computer being scanned.
The link below also contains useful guidance and information in general about the Microsoft Baseline Security Analyzer (MBSA).
http://technet.microsoft.com/en-us/security/cc184922.aspx
What ports to open for MBSA?
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- Microsoft Cloud Assessment - Activity Reports generated with usernames encrypted
- Microsoft Cloud Assessment User Guides
- Network Detective Application User Guide
- How to use the Push Deploy
- Configuring GPO to set Remote Registry Service to Automatic
- Restore administrative shares - Admin$ - if missing from Windows Computer Management
- Network Detective Data Collector Command Line options
- Do I need a Network Scan even if I'm only doing workstations?
- How Push Deploy Works
- What ports to open for MBSA?
- See more