Especially if a remediation is executed externally, or is found to be a false positive, it may take up to 60 minutes for that vulnerability to move from Scheduled to Closed, pending a data refresh from the endpoint management system (BSA as of 2/2017).
To update this, edit the bmc-config.json, and look for the "delayBetweenRefreshCycles": line under "data.refresh.bsa":. The default is 3600 [seconds] (60 minutes). Given that it might be data intensive, it probably shouldn't be set lower than 5 even in a lab environment (but that may be handy for short demos).
This applies to on-premise Threat Director.