Yes, your client will reboot outside the schedule if it fails initial install as configured on the Software Update Policy > Package Options, for it will fall back on the Default Software Update Plug-in Policy, run the install then, and the client will reboot when complete.
The concept of this behavior; if the 'one-off' Package Options in the Software Update Policy are being utilized; this update needs to get out ASAP. Otherwise, one would use the Default Policy to manage schedule. Again, these Package Options are intended for single deploy of urgent updates that need to run outside a scheduled update cycle, or for a test run of an update to a test filter.
As for Maintenance Windows; they allow for the Altiris Agent to dominate the Patch Plug-in and runs the Software Update Cycle as soon as the window opens, for the Agent says 'I am in a maintenance window; do what needs to be done now.' This behavior is outlined in KM: TECH127411, and this is why the Update Policies have the 'Override Maintenance Windows' setting.
My advice; disable all Package Options on the Software Update Policy, configure the Software Update Cycle solely on the Default Software Update Plug-in, and configure this policy as needed for each targeted filter via Clone, Windowed Schedule and reboots as needed (detailed on KM: HOWTO56242 - Step 7).
Please note; my purpose is not to overwhelm you with possible issues, but more to advise of 'gotchas' to be aware of. If the environment is well maintained with scheduled reboots, and the clients are in order for installing updates, you may never see any anomalies deploying via Package Options schedules.