We see this issue too - however, in our environment the clients are firewalled and prevented from contacting external liveupdate servers. I'm sure its a bug, I opened a case for it once, unfortunately it went no-where. The problem has been around for a long time - prior to 4202.75
Randomly clients will choose to ignore the update provider policies and default to the external liveupdate servers. I suspect when they've experienced some issue updating.
I have found a manual way to fix the issue.
This is not sanctioned or approved by Symantec
In this folder C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
1. find SETTINGS.LIVEUPDATE
2. modify its properties to remove read only
3. edit the file and search for the HOSTS entries and compare them with the same entries from a known good host in the same SEPM group, most likely you will find Symantec liveupdate servers configured here and the HOSTS entries different from a working client - i use copy/paste to copy the known good lines and paste them into the bad client.
4. save the changes and modify the properties of the file to ensure read only is set
try running luall
In our case, this "fixes" the client and it behaves again continuing to update normally.
EDIT: We run internal liveupdate servers