Hi Brian,
based on your tips I´ve build a solution thats working pretty well, at least on an couple of test clients. So this is it:
We have 4 different deployment types within SCCM. In SCCM a deployment type is the content and a install command (script, exe, etc.),for a short explanation.
2 of them are are for SEP 11.x clients, with defs, the other ones are with basic content for 12.x clients. So they have to download less content.
In addition to that, each of these packages are using a small batch to copy down a setAid.ini with and without firewall component.
The decisions are made by SCCMs requirement rules (SEP 11 or 12, with or without firewall).
Thanks a lot!