a couple questions and comments. First, I dont know about GFILanguard, so I cannot speak to the discrepency there. As for MBSA, depending on what version you are using, you could see different results. If you are using the newer MBSA, it is based on the Windows Update Agent scan engine. So, assuming that the target was scanned using a WSUS server as its update source AND the EminentWare scan is from that same Update Server, the results should be the same. If the MBSA is using the MU catalog as its source of update meta information, then it is entirely possible that you would show additional missing updates if the WSUS server that was used for the EW scan doesnt have all products enabled. IOW, it may be that the WSUS server is configured to only have a subset of the product updates that are on the MU catalog. If the MBSA scan was done using the MU catalog, this could be causing the discrepency.
If this is not the case, I would need more information about the specific security updates that are showing and the view or report that you are using in EW to get this information. Is this scan information coming from the EW real-time view on the Update Server? Is the information coming from a real time scan using the computer explorer? Is this information coming from the WSUS inventory report? We will contact you directly to investigate this discrepency.