The inherited permissions setting is a little more complicated than it seems, so now is as good a time as any for a public service announcement on this stuff.
Enterprise Vault will always synchronize the permissions that are assigned directly on an Exchange mailbox to the archive that is associated with that mailbox. As far as I know, this cannot be turned off, although we offer several advanced options to tweak the behavior somewhat. These advanced options are Synchronize folder permissions, Include default and anonymous permissions, and Inherited permissions.
Synchronize folder permissions: With this enabled, EV will synchronize folder-level permissions in the mailbox to the corresponding folders in the archive. This is useful when Alice grants Bob access to some folders in her mailbox but not to the entire mailbox. The result is that, just like Exchange, Bob has access to some folders in Alice's archive but not to the entire archive. If you disable this, then EV only synchronizes the permissions between the top-level containers (mailbox and archive), and any granular permissions beneath that are not synchronized.
Include default and anonymous permissions: With this enabled, EV will synchronize permissions assigned to the Default and Anonymous user objects onto the corresponding folders in the archive. The default is to skip permissions assigned to these objects, but if you use these permissions in a meaningful way in your organization, you can turn this on to get them synchronized to the archive.
Inherited permissions: This controls whether the archive will inherit permissions from Active Directory objects higher up than the mailbox. That is, if somebody has assigned specific permissions to the Exchange Mailbox Database, Administrative Group, or Server objects in AD, this setting controls whether these permissions will be assigned to the archive as well. This was more of a going concern for older versions of Exchange, where mailboxes were more closely tied to a single Exchange server. We would find customers who granted, say, the Vault Service Account Full Control permissions on the Servers container (for instance, CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DomainName,DC=com) as a way of giving it access to all mailboxes, and they wanted that access to inherit down to the archives as well. That's the sort of situation in which you'd want to turn on the Inherited permissions setting. Any permission that is assigned at the mailbox level or below is not affected by this setting.
Moving on from the infodump, @Moltron1, for your situation, you'll want to use EVPM to remove those permissions, as described here.
--Chris
