Attack surface analyzer was made to analyse the changes made to the operating system’s attack surface by software installation. In other words, it will tell you the differences between two states of the same system; before and after a software installation. To do that, the attack surface analyzer has to run two scans. The first scan generates the first snapshot of the system state while the second scan will take the snapshot of the system after the changes are made.
To make the correct use of attack surface analyzer, the process is to first run a scan on a clean system. In this regard, a clean system is a system whose configuration is how you wanted. It may or may not be a completely newly installed operating system. This will save the state of the system in a .CAB file. This file is actually a compressed format of a collection of other files which represent the different aspects of the system configuration or state, such as the file lists, registry keys, devices etc.
Baseline scan is nothing but the first scan that the attack surface analyzer makes. This scan is usually followed by the product scan. Speaking strictly, the data generated by the baseline scan is useless unless you use it for comparison with a product scan.