1) When you install an agent, it will only install the components necessary for it to function within that policy. So if you don't have active protection or any AV tasks specified in your policy, it will only install the agent itself. If you have patch tasks specified it will install the patching components as well. If you add these features to the policy later, the agent will download them the next time it checks in.
2) As far as analogues to the features of McAfee, which if I read correctly you are bypassing, we have no such features. Our agent only monitors the client machine itself for viruses, it does not monitor or block network traffic.
3) If you have machines showing up twice in the agent manager, it typically means you have duplicate entries in machine view. If you locate the entries of the machines in machine view which show no agent installed and delete them, they will be removed from the agent manager screen. We are only able to install our agents on windows operating systems, we cannot install them on ESXI hosts, just the guest OS'.