We do have selected managed interfaces for persistent agent. What software version are you using in screenshots? I do not have option to run agent as a service but agent is already started as a service (Clearpass Agent Controller).
Exact issue is that when pc boots up, network adapter and agent are running before AntiVirus starts Real time protection.
We have number of situations where pc is switched to Quarantine because RTP is OFF and soon after (10s - 150s) it is switched to Healthy because now RTP is ON.
Similar is with some other checks, agent simply makes first Health check before services that are subject to a Health check are running.