Hi,
I try to take this command
get-wmiobject -class win32_quickfixengineering -filter "HotfixID = ‘KB979683’"
I try to change the command so it will fit but all the changes were wrong because I don’t know how to write relevance command
Maybe someone can assist me 
A really good reference for writing relevance is to look at the content provided by IBM.
Find a Fixlet that installs a similar piece of content, and modify it to fit your desired KB article patch.
…and try to avoid using WMI in relevance, where possible. WMI can spawn other pricess that consume system resources and are not bound by the Bigfix client’s CPU throttling.
In another recent thread in this forum, someone found queries to win32_quickfixengineering in particular caused high resource usage from the TrustedInstaller service.
Hi everyone,
I found something form the past.
not exists (string values of properties “HotFixID” of it) whose(it starts with “KB2863058”) of select objects “HotFixID from Win32_QuickFixEngineering” of wmis
If you are specifically looking for KB979683, along the lines that @TimRice suggested, you could look at fixlets 10021120 or 1002113 that are the fixlet for the Vista version of KB979683 (MS10-021) and make a custom copy of them then update the detection for the platform specific to your requirements (the Microsoft article https://support.microsoft.com/en-us/help/979683/ms10-021-vulnerabilities-in-windows-kernel-could-allow-elevation-of-pr gives the file versions for other platforms). I have to echo the advice already given by @JasonWalker about using WMI. File or registry checks are much more efficient once you can figure out where patch related data might be, such as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex