Excluding Certain Machines
You can define a number of machines you want to exclude. This is especially useful for defining a machine group that consists of all but a few machines from a large group of machines. For example, if you want to create a machine group that consists of all but two machines in a domain, you simply add the domain and then specify the two machines you want to exclude.
Machines can be added to the "exclude list" by machine name, by domain name, or by IP address. When specifying the name or IP address, simply enable the Exclude check box before you click Add. Excluded machines are identified in the machine group list by an Exclude icon.
If you create a group of excluded machines and then add that group to a nested group, the exclusions will be honored.
To specify how Security Controls will react if two machine groups with opposing include/exclude definitions are used in the same scan operation, see the Always enforce machine group exclusions check box.