How to configure Microsoft Endpoint Configuration Manager (SCCM) Software Inventory used by SVM server
This document describes settings required to achieve the best possible scan results in Software Vulnerability Manager provided by Microsoft Endpoint Configuration Manager.
Microsoft Endpoint Configuration Manager Software Inventory
The inventory agent is configured by a set of simple rules that govern which files are queried. To produce the best possible scan result using SCCM, the Software Vulnerability Manager uses a relatively broad pattern, which could lead to large amounts of data being collected. If all file data is collected, a file size of between 5 and 10 MB for a single host is not uncommon, and the SQL server must be dimensioned to handle this.
Microsoft Endpoint Configuration Manager integration requires the following prerequisites:
- Setup Authentication
The user running the SVM console must have Connect and Select rights over the SQL database of the SCCM.
By default the database is named CM_<site_code>. To add permissions, open SQL Server Management Studio, right-click the appropriate database, navigate to permissions and add Connect and Select rights.
- Setup the Software Inventory Agent
Assuming that the SCCM site has been set up, open the SCCM console and ensure that the SCCM client (agent) is installed on the hosts to be scanned.
In Microsoft Endpoint Configuration Manager, go to Devices and right-click Install client. Then go to Administration > Client Settings > Properties > Software Inventory. To configure the broadest possible pattern, select File Detail: full and add the patterns *.dll, *.exe, *.ocx.
Please note that on a standard machine there are up to 10 times more .dll files than .exe so when expanding the scope of the SCCM agent you should expect a similar increase of the SQL database. By excluding the .dll files from Windows folder the expected database increase is 3-4 times.
Large Inventory Files
Since you are changing the SCCM software inventory to gather more metadata from your SCCM agent, you could run into an issue that the inventory files will become too big.
All the large inventory files are from SCCM secondary servers because of the software inventory task ran against packages in DP folders. SCCM is collecting all the data, such as .exe and .dll files, in each application package.
If the full software inventory report from the client is larger than the configured maximum size (5 MB by default) then those files will be moved to the BadSINV folder.
Solution: Increase the maximum allowable size, which is defined in the registry key below:
HKLM\Software\Microsoft\SMS\Components\SMS_SOFTWARE_INVENTORY_PROCESSOR\Max File Size (the default is 5 MB), and wait for SMS Software Inventory Processor to retry the operation.
Configure System Center Inventory Import in Software Vulnerability Manager
To configure inventory import navigate to Scanning - Remote Scanning Via Software Vulnerability Manager - System Center Inventory Import. Click on Configure System Center
There are two options of configuring connection between SVM and Microsoft Endpoint Configuration Manager database
1. Enter FQDN or IP address of your Microsoft Endpoint Configuration Manager server to automatically detect SQL settings
2. Enter your database details manually