All windows Agents will alway be listed as prevention enabled even if you select disable IPS at the time you ran the install.
The prevention disable state only stops the driver from loading at system boot up does not change the feature state listed in the IPS side Agent.ini.
Because of this you can have an agent with out the driver loaded in a policy pending state as seen in the console if it has had a policy assigned to in in the console, If the agent has never been in a group with an IPS policy applied to it or had an IPS policy directly applied to it then it would not reach this state and you would not expect to see the policy pending flag.
To help sort this out we have provided two queries below that show more detail then the console so you can sort out system that you need to track down that are in a policy pending state and those that are in a fase state of policy pending as you have diable prevention on these systems by preventing the driver to load at boot time.
Below query returns ALL non-affected Agents (i.e. IPS NOT supported or IPS feature Disabled and Prevention policy flag pending, This is by design)
SELECT Hostname,CaptionName,IPAddress, * FROM ASSET WHERE AgentState LIKE '%e%' AND PolicyStatus LIKE '%P%';
Below query return ALL affected Agents (i.e. IPS supported and IPS feature is enabled but prevention policy flag is pending)
SELECT Hostname,CaptionName,IPAddress, * FROM ASSET WHERE AgentState LIKE '%E%' AND (PolicyStatus LIKE '%P%';
Here are some additionnal information related to the Asset table fields:
AgentState field in Asset table:
PolicyState field in Asset table: