Run Scan from System Center Configuration Manager (SCCM)

The Software Vulnerability Manager Agent does not have to be installed on the local host to do a scan. You can create a traditional package in SCCM and run the scan on a weekly basis. To do this, you first need to be able to connect to

To run the Software Vulnerability Manager Agent inside an SCCM package:

1. Download the latest Software Vulnerability Manager Agent as per Download Local Agent.
2. Launch the ConfigMgr console. Select Software Library > Application Management > Packages.
3. From the ribbon, click Create Package.
4. Complete the package information and click Next.

5. On the Program Type page, ensure Standard Program is selected and click Next.
6. On the Standard Program page, configure the following settings and click Next.
Name: CSI Scan
Command Line: csia.exe -c -si 120 -v -d c:\windows\temp\csiscan.log (creates a scan log file up to 16 MB in size)
Run: Hidden
Program can run: Whether or not a user is logged on

7. On the Requirements page, complete the requirements as shown below and click Next.

8. Finish the wizard.
9. Distribute the package to all Distribution Points or groups using the Distribute Content feature.

To create the initial scan and the weekly reoccurring scan:

1. Select the Package and click Deploy on the ribbon.
2. On the General page, select the target collection and click Next.
3. On the Content page, verify that the content is distributed and click Next.
4. On the Deployment Settings page, ensure the purpose is Required and click Next.
5. On the Scheduling page, in the Assignment schedule click New. Schedule a scan for as soon as possible and create a weekly scanning schedule. Also configure the Rerun behavior deployment to Always rerun program.

Tip:For larger environments, it is recommended to spread out the execution schedule of the scan package to avoid spikes of network traffic.

6. On the user Experience page, click Next.
7. On the user Distribution Points page, select Download content, and click Next.

8. Finish the wizard.

You can now monitor the scanning results from the Software Vulnerability Manager console.