Depends on several parameters. Are you synchronizing via LDAP? Is sorting enabled/disabled? Any competing sorts/tags?
Yes, you are right. When ever the McAfee agent communicate to the ePO server- It will check for the criteria of Tag - If it is matched - Tag will be applied to the machines - and Machines will be moved to the specified group. But, Make sure below points are
* Make sure the tag is selected with "Run on each agent server communication"
* Make sure the tag is grouped to a root\sub root in the system tree
* Also the main thing to be checked will be SORTING to the enabled on all the machines
In your case, Just check whether the remaining machines is assigned with the tag that you have created.