Thank you for posting in Symantec community.
I would be glad to answer your query. No need to call support just to get answer of these two queries.
a) Do I need a separate license to use this feature?
--> Separate License is not required, System lockdown is one of the SEP feature.
#Edit
b) Can I define Updaters with Symantec Lockdown. For example I wany my Windows Update client to update the monthly MS security patches without any intervention with the Symantec Lockdown.
--> SEP system lockdown feature, in whitelist mode (which is the default mode of system lockdown), puts the most strict control on what applications can run on a computer. So usually it is expected that the executable binary files do NOT change much on the computer. These changes include software upgrade, Windows update and SEP definitions update. Due to the strict control, frequent Windows update or SEP definitions update becomes unnecessary. If it does become necessary, then careful planning and administrative overhead is usually unavoidable. Please consider carefully on which computers should have system lockdown enabled.
Typically when using System Lockdown it is best to install new hotfixes in a testing environment first, and create new fingerprint files after installing the updates. Once the new fingerprints have been added to the System Lockdown policy you can allow the hotfix to be installed on the user systems.Failure to add new fingerprints for the system files modified by the hotfix into the System Lockdown policy could cause problems with the Operating System
Refer these articles:
Configuring system lockdown
http://www.symantec.com/docs/HOWTO55130
Enabling automatic updates of whitelists and blacklists for system lockdown
http://www.symantec.com/docs/HOWTO81097