Vic,
You are correct.
If I may further add a few comments which may save you some time/headache down the road. If later on, say six months from now, you want to begin using the firewall or IPS I believe you will need to do a complete re-install of the software on the client. Thats because the firewall and IPS components (or modules if you will) were not installed when you only checked the box for antivirus/antispyware. In addition, after the re-install you are going to need to reboot your clients for the firewall and IPS components to be activated.
I recommend installing all of the components (modules) with the initial rollout, as well as a reboot to active them. This way the components are on the client, ready to go, and you don't have to worry about re-installing if you find an urgent need to say block a website using the firewall.
Remember that even though the components are installed and activated on the client they are not actually in use until you assign a policy to a group.
Hope that helps,
Fred