The purpose of endpoint detection is to allow us to control access, and ultimately deny computers that don't meet our security policy criteria. If the requirements are simply to check for the existence of antivirus software, or a specific version of Windows, then there's really no need for customization. A custom detection script comes in handy when we want to validate something beyond that. The requirement that comes up most often is the need to verify that the computer is a corporate asset, as opposed to some random computer the user happens to be using.
The default endpoint detection allows us to check the computer's domain, and match it against the one we specify. However, this is clearly not very secure, as the comparison is textual and anyone can spoof this rather easily.
With a custom detection, you could implement other ways. For example, you could plant a specific file somewhere on the hard drive of every corporate computer, and then use the custom...