1. Depends on the version of Windows. With Windows 7, it will. With Windows 10 see here:
http://www.symantec.com/docs/TECH247503
2. Yes, potentially. Pick one or the other.
3. You can move clients to a custom created group and remove all policies except AV and LiveUpdate. Not sure why this would be needed though.
4. Symantec has detections for ransomware through their various components. See here:
http://www.symantec.com/docs/HOWTO124710