I do have the same issue with SP2. I did install the agent with End-Security enabled which without carrying restrict policy. I hope someone from LANDesk can tell how this happen and how to resolve.
It's not just you...we reported troubling behavior with EPS (Endpoint Security) after SP3 and a new agent rollout to LANDesk Support, and it is something they are now aware of and actively trying to resolve.
Our new SP3 agent (deployed to a small group - 250 clients) had the Firewall "learning mode" turned on, but the other EPS settings - HIPS and Device Control - disabled. Some clients had HIPS turned on anyway (with pop-ups and blocks), and others registered blocked CD's. Very disturbing to see this when the agent config settings (and default HIPS and DC settings) call for neither to be turned on.
While we wait for the fix, I had no choice but to create a new agent, disabling all EPS settings. I'm hoping this works as a temporary band-aid. I'll update next week to let you know if it worked.