ok...just checking...>GRIN<!
I truly believe one of the components isn't configured properly. Either from the server perspective or the workstation perspective.
What we do is leave all the default policies: Antivirus and Antispyware, Live Update, Intrusion Prevention, Application and Device, & Firewall. Then we leave enabled and configure the original default policies found in SAV: Antivirus/Antispyware and Live Update. The other policies we completely disable. We then setup the installation client to install all the components and the policies disable or enable per our configurations. If we need these other components later, then we just merely enable them.
The level of complexity that SEP has added is so great. We just want to protect our clients against malicious software. Once we understand better the other components, then I'm sure we'll employ those at a later time.