Open the client on the local machine, click change settings, then click configure settings next to client management. Then you will see the tamper protection tab to verify if it is truely disabled or not.
Another think you could do to test would be to move a test client that states its disabled to a new group and see if it then states its now enabled. Its possible the group has become corrupt.