Hello,
The highlighted client (provided in the Screenshot) is that from XP, Server 2000 or Server 2003?
What about the other unhighlighted clients are those either from XP, Server 2000 or Server 2003 machines as well.???
If it is Windows 8 / 2012, then I believe the Early Launch Anti-Malware Settings were disabled from the client machine and that is why we see as "Disabled"
If you have disabled from SEPM, then try disabling and then locking the policy.
Early Launch Anti-Malware Settings are supported on computers that run Microsoft Windows 8 or Later.
I checked this by Disabling the Policy on the SEPM and that affected the Windows 8 and 2012 and I receive the Status as "Disabled by Policy" on the SEPM.
However, In your case, since all the clients are either XP, Server 2000 or Server 2003, this driver would not get installed at all. So, if you are disabling the Early Launch Anti-Malware Settings, these does not get effect on SEP client as this policy either way.