The Software Vulnerability Manager can scan the SQL database of active SCCM servers and acquire nicely the collected by the Software Inventory capability of CCM program data from each system. This program metadata is then being analyzed by SVM against the Secunia Research Vulnerability Tracking database and the security states of all programs for each system across the network is determined.
The Software Vulnerability Manager can be configured to use Software Inventory data from SCCM as scan information. To be maximum efficient and produce optimal vulnerability intelligence insights, SVM needs the maximum amount of data of application metadata that can be collected from each system. But as this can often be a problem as it impacts the SCCM database, some customers prefer to adjust the amount of information to be analyzed to specific executable file types, for example only EXE and DLL.
Flexera recommends all file types, however, as this is in the interest of your own security oversight.
The following file types should be inventoried by SCCM exactly as they are being written next:
1. In SCCM/Administration/Client Settings, open the properties of the client settings that contains the Software Inventory configuration.
2. Under Software Inventory, click Set Types...
3. Add *.exe, *.dll and *.ocx and remember to include the Windows folder which is disabled by default. (As shown in the screenshot below)