This is the reason.
Clients run actions autonomously. Actions get started and stopped by the server, but once a client knows about an action, it will run it even if it is not connected to any network at all… especially if the downloads are already cached. This is how bigfix can enforce security policy through existing policy actions no matter what.
If you create an action, clients won’t know about it right away. There will be a delay of seconds to minutes for UDP notifications, or an hour or so for command polling, or many hours for gathering. Once the action is stopped, the clients have a similar delay to be notified of that being the case as they did when it was started.
Generally I recommend all clients have command polling enabled for something like once every 3 hours, and for devices that do not get UDP notifications, something like once every hour, which helps with this delay.