You have hybrid management where the On-Prem SEPM bridged with the Cloud. The On-Prem SEPM Folder Exception only show Application Control for Specify the type of scan that excludes this folder.
When you bridged the On-Prem SEPM to the Cloud, the process will allow you to define where you can manage the policies. The Option Manage Policies from the Cloud indicates which console (On-Prem or Cloud) manages your policies. If the option Manage Policies from the Cloud is enabled, the Cloud console will manage all the Exception Policy which restrict you from creating Folder Exception with different type of scan.
If you would like to revert the policy control back to the On-Prem SEPM, you will have to Unenrolled and Reenrolled with the Manage Policies from the Cloud disabled.
1. Unenroll the On-Prem SEPM from the Cloud.
Note: Wait approximately half an hour before Reenroll.
2. Obtain Enrollment Token
3. Enroll On-Prem SEPM to the Cloud
4. After you enrolled with the Integrated Cyber Defense Manager console, you enabled/disabled the Manage Devices from the Cloud and/or Manage Policies from the Cloud under Enrollment.
5. After the Manage Policies from the Cloud has been disabled, you will have control back to the Folder Exception Policy
Review document below for detail on the Symantec Endpoint Protection Manager enrollment settings