The settings on the gateway will take precedence over what you define in the Threat Prevention Policy. This is the point of having this option in the first place. By overriding the gateway object with "Detect only", you are overriding the policy. You are telling this specific gateway that regardless of what is being defined in the Threat Prevention Policy, always run Anti-Bot and Anti-Virus in Detect mode. You can do the same with the IPS blade under IPS settings on the gateway.
You would typically share Threat Prevention Policies across multiple gateways. In case of issues, these options exist on a per gateway level to provide an easy way for you to enforce specific gateways to detect only various blades without having to fiddle with the Threat Prevention Policy that might be in use in multiple places where you don't want to enforce detect only.
Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME