don't assign this patch to thousands of machines. P5 has quite some changes within core drivers and needs be extensive tested (see Patching VSE - risk level and Patching VSE - testing, testing, is this thing on?).
You can install the P5 update just like SCCM or any other distribution software via Client Task. There you could specify a exact time (once or recurring) for installation/update. But keep in mind, that the agent needs an ASCI first to recognize the new update task. So depending on your ASCI interval, you have to create the task quite some time before deployment.
Each deployment or Update script will only 'install' if the product or update is not already installed, although if it is a Product Deployment (ie you are deploying the Repost rather than the patch) the task will run each time.
During the update process the McAfee Agent will determine if the product or patch is already installed using a detection script. You should see this in the Agent Log and you should see something like:
Each product has one of these Detection Scripts and normally they have the following naming convention <PRODUCTCODE>det.mcs
In reference to your question, the the client task identifies the product is already installed to the versions you are trying to deploy it will not 'install' the product each time it runs, it will skip over to the next part of its update run.
McAfee Volunteer Moderator
Certified McAfee Product Specialist - ePO
Thanks guys, this is exactly what I was looking for. I'm so used to being concerned with too many distribution policies doing to many things, I didn't want the same to happen to ePO. I will open a new thread but I also need to upgrade from HIPS 7 to HIPS 8 in order to update ePO itself.