Hi,
Thank you for posting in Symantec community.
Q.Can I create a policy for each workstation but have them be members of the same group?
--> I believe it's not possible through SEP.cloud portal.
Symantec Small Business Edition .Cloud hosted portal allows the creation of the three types of exclusions. Sub folders are with different names then you will have to exclude parent folder.
Folder Exclusions will make sure everything contained in the folder is not affected by scheduled scans, Sonar and auto-protect. This is especially useful for a database folder that has constant disk I/O.
File Exclusions are useful when legitimate files are being detected as threats, or will need to be excluded from Sonar detection. Unlike folder exclusions which completely disregard the contents of a folder, excluded files are still accessed during scheduled scans for the purpose of determining their identity.
Extension Exclusions are used to help prevent the quarantine of legitimate files and to also increase performance of software that may use proprietary file extensions. These exclusions are especially useful if these file types are sent over a local network.
Reference: SEP SBE .Cloud: Creating Custom Exclusions
http://www.symantec.com/docs/TECH214005
However in this case you can manually create custom exclusions at end user machines.