Any scan template will identify which version of .Net Framework is installed. You can run a Machine Inventory report against all you current scans in Tools > Create Report and you will see which versions of .Net are installed.
In case you are thinking about creating a template to scan for specific .NET patches, unless you know the Q\KB numbers, it's going to be difficult to only scan for .NET Framework. The reason for this is .Net Framework patches are associated with .Net Framework and individual OS's in Protect depending what components it affects. You could go to View > Patches and search for .NET (All Patches filter and no Patch Type selected). This 'should' give you a pretty good list of .Net Framework patches for OS and .Net. My suggestion would be to run a WUScan scan against the servers and look for .Net Framework patches to verify your not filtering them out.
What I'm trying to do is scan for any .NET Framework version installed on any computers in a machine group and deploy the latest version of .NET Framework using a custom deployment using Software Distribution.
You should use a Patch Group containing the .NET installers and plug it into this template, you will need the specific Q\KB number for the .Net Framework installers. The Bulletins for the .NET installers would start with MSFT-DN.
Navigate to View > Patches and search for MSFT-DN
Make sure the Smart Filter is set to All Patches and nothing is selected under Patch Type on the left.
Everything should be selected under Vendors and Families on the left.
This will give you a list of the possible .NET installers.
CTRL-A to select them, right-click on the high-lighted patch and choose Add to Patch Group > New Patch Group. Name it something like .Net Installers.
Create a new Patch Scan Template and enable Software Distribution in the Software Distribution tab.
Enable Baseline in the lower right corner of the Filtering tab and choose the Patch Group you created.
Scan and verify the results.
I've already created the custom patch deployment for the .NET 4.6.1 using what you've just described - Thanks.
Question, I believe the answer to this question is yes. But, I thought I'd ask anyway. If I run a security patch scan and see's the older versions of the .NET, instead of using the standard deploying the security patches, can I use the custom .NET patch deployment?
Never mind. I don't think that's going to work.