The article details the process to exclude computers from auto-discovery.
If there are machines on the network which you don’t want to deploy EndPointSecurity agent can be prevented these from being auto discovered every time by adding them in the console in a separate group and with no policy assigned.
This way, the machines will not use up a license and will be skipped when auto discovery runs.
Open the EndPointSecurity console and Navigate to Configuration -> Computers
Right click on the group Not Controlled and select Add computer(s).*
Select the machines which you do not want the agent to be deployed on and click on Finish.
Right click on the machines and select Assign policy.
Select None and click on OK.
*Alternatively you may choose to create a new group by selecting Create new computer group under Common Tasks.