Ivanti EPM can scan client machines and install missing patches. As a rule patches are dedicated to a subset of operating systems (Affected Platforms) and product versions (Affected Products).
If some machines must be excluded from patching, a Query Filter can help[1]. Some patches are applied based on registry or file condition:
Custom Script is the most flexible solution for complex set of conditions. It is used to detect patch applicability by many vendors. A Visual Basic (VBS) script should return one of predefined values[2] (Detected, Reason, Expected, Found).
Many patching tools hide “detection logic”, make troubleshooting more difficult. EPM Admin can analyse detection script if patch does not work as expected.