Well first you have to set all changes to the policy of a client in the Console, if it's done from the client it will undo any changes made. To make the exclusions, it's best to set them in the File System Shield Exclusions and/or Auto Sandbox and behavior shield, If the application is a windows based application. If the application is Web, then add the exclusions or url to the web shield exclusions.
It's best practice to include the entire folder, not just the .exe in the path.
Remember, all exclusions must be set in the Console, unless the client is using a stand alone version and is not connected to the Console. You can make the changes to each group by right clicking on the group, go to properties, and then add the exclusions of the application in the shields that were mentioned.