Your explanation of this is a little unclear and makes this more of an educated guess based on how I think you might have this set up. It sounds like you're saying you have a block response set up on your policy for what you're defining as "high" severity incidents. Then you're saying you have a group rule for users in the E1 group that you're expecting will set the severity of the incident to "medium".
But here's what you're missing...the way detection works, it will set the severity of the incident to the HIGHEST severity of all the detection and group rules. So that group rule says this should be medium severity, but the detection rule then overrides this and bumps the severity up to HIGH, hence the action is blocked.
What you probably need to do here is set up separate policies.
Policy 1 - Has block response rule on it for high severity incidents, and has a group exception for users in the E1 AD group. Therefore an incident will never be detected by this policy for users in E1.
Policy 2 - Does not have a block response, has same detection rule as Policy 1, and has a group rule for users in the E1 group. Hence it's not detecting any incidents for any users outside of group E1, and only really monitoring (and not blocking) that action for users in E1.
Or, in a single policy you could do it this way, but it's a little counter intuitive and makes the "severity" set on the incidents a little confusing:
Policy A
Rule 1: detection rule -AND- user belongs to group E1. Default severity = high.
Rule 2: detection rule only. Default severity = medium.
Response Rule: Block when severity = medium.
In this manner, when a non-E1 user performs whatever action that triggers the incident, it the severity can only go up to medium, and the response rule will block it. When a user in the E1 group performs the same action, the severity will get set to high, and the response rule will not get invoked (because you've told it only to do this on medium severity incidents).
There's pros and cons to both methods, and you'd have to determine for yourself what you're comfortable with.
~Keith