When users are permitted to configure scan settings locally on the agents, scan settings from the managing policy (including exclusion) do not update on the endpoint. Admins may notice their changes, exclusion additions, and removals do not take effect on the endpoint agents. All other policy settings still update and take effect on the endpoint agents, and patterns continue to update.
Under Privileges and Other Settings > Privileges, there is an option to allow users to configure the Manual/Real-time/Scheduled Scan Settings locally on the agent.
Once this setting is enabled, future updates to the policy under Real-time Scan, Scheduled Scan, or Manual Scan will not affect those endpoints to maintain the configurations locally made on the agent. These include any exclusions added or removed at the policy level.
Other policy settings, as well as pattern and program upgrades, continue as expected. Only the scan settings are affected.