I did eventually manage to get it deployed... but only after manually transferring the package over to the client.
The firewall was already disabled in my previous tests by the way.
The issue seems to have been with LU as described above.
Unforunately, successfully installing SEP has caused even more problems than deploying it.
On two test systems I installed the client on (one deployed, the other unmanaged), both systems displayed eratic behaviours after the installation of SEP. The primary and most common issue displayed after installing SEP was that there was a chance (roughly 25%?) during login that Windows would not be able to load my user profile, and a default user profile would be loaded instead. This is happening on both my test clients, even after one of them has been reinstalled from scratch. This issue definitely did not occur prior to installing SEP as I had done hundreds of logins prior testing other software.
I haven't bothered look into the issue further as during testing today a decision was made to phase out all products with the "Symantec" brand name in it.
Symantec has already lost us as a Backup Exec customer a few months ago for being incredibly slow (versus competitors) in releasing a version of Backup Exec that would be compatible with Server 2008-R2. Symantec is now losing us as a Entpoint Protection customer for not only being late (versus competitors) in 7/2008-R2 compatibility, but (and more importantly) also for releasing barely operable software despite the sheer amount of time spent in gaining compatibility in 7/2008-R2.