On first glance, this does not appear to be related to SDC directly. SDC has absolutely no communication path whereby it would share any information outside of the network. In fact, we go to great lengths to ensure that all communication can’t go that way, including ensuring our server and clients can run fully isolated. The only time any component of SDC talks to the internet is when you choose to import an update site from the public internet — but in that case, it is fully related to downloading software from the update site — no sharing of information.
To me, it looks like this software is something one of your users chose to install on their system. The software is designed (it appears) to scan the system and upload information about what is installed. Given we don’t have control over other software on the system choosing to scan the HD, I’m not quite sure what we could do to protect against it. Do you have any thoughts on your side?