Action center (Security center) in Windows pushes notifications about health status (good, poor, not monitored, snooze) for specific security providers (antivirus + anti-spyware, firewall, updates) to ERA Agent by defined API. This information is usually pushed immediately and Agent will produce logs. If some of the logs are with high severity (e.g.: poor health status for firewall), then out of band replication will as soon as possible deliver them to Server.
Unfortunately Action center does not exactly map states that are shown in dialog itself to health statuses that are pushed to agent. For example intentionally disabled firewall with Action center set to not monitored, will still push poor health state to Agent. Or completely disabled Action center will push poor states for all security providers. In this cases only possible solution would be to create policy as rcraig said earlier. To force recheck, Agent service restart needs to performed.
In case of jimwillsher, that error notification was not cleared is either caused by Action center still pushing this to Agent or there is possibility of not correctly replicated information. We will try to look at it.