I thought the designed behavior was when a re-lease occurs and the XML updates, all agent policies of the patch are deselected. MS11-043 re-lease auto deployed to our agents based on the previous approval of version 1. The patch was intentionally downloaded and deployed to our test group but we weren't ready to deploy it to production. The unexpected reboot from the patch install caused issues in production.
The Patch tasks within the agent policy determine the agents' scan and deployment behavior. If you have selected to automatically deploy patches, and the patch is detected as missing within the scan, the agent will attempt to deploy the patch. You can review these settings from the 'Patch' tab within the agent policy.