One other thing to note is that if your organization requires packaging the SEP client in a 3rd party tool, such as ConfigMgr, and you don't handle the Return Code of "1" (success) properly, a system will reboot when using the default ConfigMgr settings for a new Application. For some very silly reason Symantec uses 1 as a code to indicate success. (See screenshot)
Why do we deploy with anything other than just the SEPM console? Well I work in a complex, somewhat large environment. I bet others here (or reading in the future) may find themselves in the same predicament. Either to support a desktop/server imaging process or to satisfy complex software deployment requirements that fall outside of what SEPM can do, a 3rd party tool is sometimes needed.
I learned this the hard way and maybe someone else can avoid the nightmare that I created once upon a time - I wasn't trying to hijack the thread. :)