Lastly, you are correct in that there is no GUI for the patch file install, even though the Symantec article(s) for each version of the client-only patches mentions to "follow the instructions that appear on the screen.". Once you execute the MSI file it's installing right then with no prompting. Likewise, there is no indication when the install finishes. For us it was a quick process, less than a minute for the install to complete. The install results are in SEP_INST_PATCH.txt. At the bottom of SEP_INST_PATCH.txt are the results of the installation - in our case "Installation operation completed successfully" along with product version and some other helpful information.
A reboot is required after installing the patch file. No notification is given, unless you open the client's GUI and see on the Status page that a reboot is required.
This is a simple and quick way to upgrade a client with the noted caveats.