You can add the device to Exception list. This is one of the valid actions in the Automatic Response rule configuration.
So for example, say im based in one country and I see a device come online in another country where no one will be on site for several hours.
Its not an exception as I dont want it on the network, but cant do anything until someone gets in to remediate the issue.
Can ePO do anything to reduce my exposure to this device? say block all end points from seeing it via some HIPS policy?
Or is rogue sensors only options to install agent, add to exception or information only.
Looks like what you are asking is more of NAC (Network Access Control) - please check on McAfee NAC - it might be a more appropriate solution for your needs.