Hello,
You're best bet is to enter the full path with no prefix.
There were few idea's as below provided -
https://www.symantec.com/connect/idea/sepm-more-variables-avas-exclusions
https://www.symantec.com/connect/idea/add-userprofile-variable-equivalent-centralized-exceptions-prefixes
As Paul Murgatroyd, highlighted - "%USERPROFILE% is actually harder to implement than you would think, as it means every time the user logs on we would have to dynamically enumerate the user and create the exception. Then, what happens when there is no user logged on, but scans and AV are still running? This gets even more interesting when you understand that our drivers are kernel based, so we need user mode code to help us determine what %USERPROFILE% is.
We believe the better route forward here is to use wildcards in pathnames. So, for example, C:\Users\*\Temp would match any user profile on the server or client, whether they are logged in our out. "
Regards,