Endpoint Protection Policy only applied after system restart. Is this normal?

Hello All, I'm hoping that someone can help me out here. I've looked all over but haven't been able to find a resolution to this problem.

We are having problems applying SCEP policies to client machines. It's not that the policy doesn't get applied, it's that it only gets applied after a restart of the client computer.

Here is a scenario:

In addition to the default antimalware policy, I've created a second policy to exclude some files and process from being scanned. I then deploy that second policy to a container that contains a computer. On the computer, I speed up the process of it getting the policy by running the Machine Policy Retrieval and Evaluation Cycle action in Control Panel > Configuration Manager > Action Tab.

Within a few minutes, I check to see whenthe policy was applied in SCEP by opening it, clicking the small arrow next to the help button, and I see that the Policy Apply date/time has been updated.

I double check the C:\Windows\CCM\EPAMPolicy.xml file and I see that the merged policies are in there.

I double check the registry key HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy and I see the entries for the policies that I configured SCCM.

I check the EndpointProtectionAgent.log file in c:\windows\CCM\Logs and there are no red flags. As a matter of fact, it says that the policy was successfully applied:

Create Process Command line: "C:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe"

"C:\Windows\CCM\EPAMPolicy.xml". Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.

Despite all of this pointing to a successful application of the policies, there are no entries added to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware.

The policy is only applied after the machine is restarted.

You would think that forefront policies would be applied immediately, but no. Is this really how things work with SCCM and SCEP 2012? Do we really have to restart our servers each time we make SCEP changes?

Also, we went from an environment where we used FEP 2010 in the past. Not sure if that has anything to do with all of this.