Creating configuration items requires you to know some technical details about what you are trying to determine like registry values, file existence and version info, or WMI data. This info is then queried by your CI. Thus, you choose what is appropriate
for whatever you what to do. Yes, that's a wide-open answer but so is the feature set which depends greatly on what you are doing and often requires research and knowledge.
For Kaspersky and DeviceLock specifically, you'll have to have knowledge what these applications do on a technical level. You could contact the vendor; they may have no specific experience with CIs in ConfigMgr but they should be able to provide specific
technical details that can be queried.
What exactly are you trying to determine with the CI? Once you know the answer to this question, the vendor should be able to provide you info about what to query to determine the answer to this.