Are you using Agents with Embedded credentials? You didn't specify, so I am going to assume that you are not.
First, a little backstory.
When deploying an Agent, ePO uses the credential you specify to connect to the Admin$ share on the system. Once authenticated, ePO copies the framepkg.exe file to the target and tries to install it using the Local System account.
If you are not using embedded credentials, the place to look for possible offending operations, is in Server Tasks, Automatic Responses, The deploy McAfee Agent option and Synchronization type on the Group Details tab of any folder that is set up to be an AD sync point.
Also, if you are using Rogue System Detection, you will need to check for RSD-specific Automated Responses where you tell ePO to deploy an Agent to systems it finds and determines are Rogues.
To ensure the proper Agent is being deployed, move the Agent version that you want to deploy to a different repository branch and remove any versions from the Master Repository that you do not want to deploy, this should invalidate any deployment tasks as the Agent version specified is no longer where it thinks it is.
You can then go in and point the intended deployment tasks to the proper repository branch to deploy your intended Agent version. This of this as a way to ensure that only intended deployment tasks will be running.
This should give you a good start.
Hope it helps.