For number 1: I believe this was answered in a case you opened with support back in July. There are known defects with the patch installers for Tomcat and Java where the installer cannot reference alternate install directories on silent installs. This is not an issue with Shavlik Protect, it is an issue with the vendor installers and there is nothing we can do to correct this behavior. My recommendation is manually update Tomcat and Java on clients where the product is not installed in the default install locations.
For number 2 and 3: I recommend that you speak with Microsoft (or patch vendor for 3rd party) if you are having issues after installing or uninstalling Microsoft patches. We can help with detection and installation issues, but we cannot help if the patch causes an issue after it is installed or uninstalled from the client. I would recommend testing patch deployments before installing in production.
For number 4: You are referencing a DCOM issue: How to Configure DCOM Permissions for Configuration Manager Console Connections The APPID B292921D-AF50-400C-9B75-0C57A7F29BA1 is for the Network Access Protection Agent. It looks like there are numerous references to these error when searching on the internet.