Apologies for the late reply on this.
The Secure Boot DBX update is a very complex thing to detect. The UEFI areas involved are not generally visible in a standard way, and requires running a probe action to detect whether the system is vulnerable / whether the update can be applied.
The Task you are looking at, Task 656, runs an action to check whether the machine is vulnerable.
The output of that task is not something you should need to check yourself - we already have a fixlet checking for that output. There is a related Fixlet
502588501 5025885: Manage of the Windows Boot Manager revocations for Secure Boot changes associated with (CVE-2023-24932) - KB5025885
If your systems are not relevant for Fixlet 502588501 they should not be vulnerable. There is a condition though where the probe result file can be deleted or the UEFI update could be applied outside of BigFix - so the update Fixlet is relevant, a false-positive case. Running the Probe Task 656 will re-evaluate the UEFI configuration and update the probe result file, clearing the false-positive condition and making Fixlet 502588501 non-relevant again.