An App that has been classified as Banned and it's authorization revoked, may still be visible in the the UI as "Installed" for several reasons.
Once an app is classified as Banned and Revoked accordingly, the authorization for that app is severed by Cisco Cloudlock. However, the user may delete and reinstall the app which provides them with access and use of the app until the next AFW scan detects the Banned app and revokes it once more.
A banned app that includes an Access Scope for Basic Access will not be fully revoked, per Google. Any other scopes will revoke successfully, but the user may still be able to simply login under Basic Access Scope. The Basic Access Scope as defined by Google is "read access" to the authenticated user's basic profile information: name, photo, cover photo, profile URL, and locale.
Apps downloaded on a different operating system, or an updated version of an existing app, may have a different ID and need to be Banned for each ID instance.
If the same app appears in your Apps table more than once, it simply means there are different versions of the app that have been installed by your users. This may mean that one user installed the app, and then there was an app update released, which generated a new app ID that was installed by another user.