It sound's like you are modifying settings on a local VirusScan console while the McAfee Agent enforces the ePO Rules latest on its next asci.
If you want to test you could end the frameworkservice.exe (AP needs to be off normally)
My apologies if you have another isue than above
In ePO, in the McAfee Agent policy, there's a setting for "policy enforcement interval." In the one we work with, it's 5 minutes, which may very well be the default. This setting tells the mcafee framework agent how often to make sure that all the locally isntalled mcafee cruft has the settings that the ePO administrator has deemed it should.
One of the effects of that policy enforcement interval is that when you disable on access protection, the policy enforcement interval will turn that baby back on.
If you have a legit reason to turn off the on access agent, if you want it to stick, you might make a sub-group of that workstations current group where in mcafee agent policy, the enforcement interval is much longer. This can be useful for infected machines you need to work on. Where I fight with it often is when I have to gather a virus sample to submit as a potential false positive. You have to have OAS disabled to restore the file out of quarantine, and you're always fighting the enforcement interval and hoping you get the file restored and zip/encrypted in time before the policy enforcement interval turns oas back on again and redetects the sample you're working with.
In ePO you'lll find this under system tree, assigned policies tab, mcafee agent, click on teh policy and it's in the General tab of Agent policy (General options: Policy enforcement interval (minutes).
Oh, and ePO 4.5 is a happier place to be for whatever it's worth. A lot of the interface irritations of ePO 4.0 are addressed. I'm sure it's on your radar, but it's one of those upgrades that is definitely worth it in terms of creature comforts.