Customers reading their Compliance reports for Patch Management will see that the columns are Installed and Not Installed.  This makes Admins believe that there are Executions that occur when a Bulletin shows as "Installed". 

Altiris Patch Management software will determine if each managed system is Applicable or not to every Bulletin.  After determining Applicability, on occasion we will also mark the Bulletin as “Not Vulnerable” which is the same as “Installed” in the Report.

As an Example here are some known cases where we've seen "Installed" show for specific systems when no Execution occurred:

KB4471331
Applicability: Depends on the Operating System. (most are applicable)
Vulnerability: Depends on the files in C:\Windows\SysWOW64\Macromed\flash or C:\Windows\System32\Macromed\flash

If files are not installed, as the system is Applicable, the result of the Assessment Scan would be "Effectively Installed" and show as "Installed" on the Compliance Report.

NOTE:  As seen in the example, the term "Installed" does not mean that an Execution took place.