I'm having the exact same issue. 

In ePO for affected systems, it looks like Threat Prevention is not even installed!  And this is happening  on systems that I know had it installed at one time.  Every day I see different ones with the issue, some even after fixing them one or more times.

Unfortunately though, I'm seeing the same issue with other modules - ATP, Platform and DXL Client.  I currently have about 175 systems that are not reporting different modules.  I noticed on one device that TP was not enabled/running from the local console.  A reboot did not fix it - I had to run an uninstall task, push a new agent and then reinstall TP.  But with 175 affected devices, I'm not sure how to proceed, especially when I know it won't be a permanent solution.

I'm at a loss and extremely dissatisfied with this product.

The cause of our issue was traced to corruption in the master respository in ePO. Endpoints that did have TP enabled were having it broken by the an ePO install task attempting to reinstall the ENS platform thereby breaking the software. What was done was to remove all ENS software from the master respository then check it in again. Software only no pathces or hotfixes. If you are going to check in patches check them in to the Evaluation branch not into the Current branch. Yes it flies in the face of establised practice of ePO but this is what causes the problem, checking all software into the same branch. With regard to the affected endpoints you need to run the mferemoval tool from ePO on them, restart and reinstall the software. This is far from an ideal solution but that s what we were left with. 

Thanks for your reply midolan.  Unfortunately, I have almost 200 systems that would need the removal tool run.  I can't believe it's not an easier process to resolve issues like these.  It definitely puts a bad taste in my mouth about the product.  Just too many issues....

If you package up the ripper with EEDK it should be smooth.   It doesn't sound like a product issue,  but a deployment one.   The alternative is to use a third party tool to deploy.   

Thanks for the reply.

The issue here is that these systems had no issues until one day the AMCore Compliance query started showing incorrect results.  This happened about the same time that many systems, that once had all products installed, began showing that some or all of those products were not installed in ePO console.

The initial deployment looked really good and we didn't see any of these issues for a few months, so I don't know if it's really a deployment problem.  

It appears to be 3rd party dlls are injecting into the software and altering the behavior of ENS much like malware would, only that it is a legitimate file/process. Running the mfesysprep tool from ePO on the endpoint in most cases immediately resolves the issue and Threat Prevention is re-enabled. Thrid party software such as Bluetooth & Apple Bonjour service can cases this. Running suysprep tool marks the software as trusted thereby resolving the issue which is not related to ePO deployment at all.