There are 2 things to look at...
The Windows Update Policy on the targets needs to 'Allow non-Microsoft signed content' to be enabled.
You can view this in realtime for a computer by using the Computer Explorer and selecting the Windows Update Settings tab. This can be found under the Local Policy category.
Also, this setting can be enabled using EminentWare's Windows Update Policy Task or using GP if applicable.
Also, check to see that the WSUS signing certificate has been distributed to the client in questions.
If not, distribute the WSUS signing certificate using the client provisioning wizard or Client Certificate Management task to the computers you want to enable for 3rd party updates.
Once enabled, you should be able to download and install.