I can't explain how the events got sent to ePO, I'm afraid. I've got a couple of theories but they're only really guesses To check, on the affected machines, open evtfiltr.ini and check to see that 1051 is listed there. If not, check that the machine can communicate correctly - it may not be able to pick up the new event filter.
With regard to removing the events - you can do this with a server task. Create a table query for threat events to return events with ID 1051, and then create a server task to purge the threat event log based on the query you just created - that should do it.
Turned out the events were generated in 2008...
Anyway, thanks for the help. The query based server task worked perfectly.