If I understand your question correctly, you are asking how to allow a single IP address to be allowed to connect via RDP to Port 3389 on systems which have the assigned Firewall policy. To do this, you would need to create an "Allow" firewall rule just ahead or above the explicit block rule. Within this allow rule, you would add the single IP address as the Remote Network for RDP on Port 3389. Below is a sample screenshot of how I did this to lock down Remote McAfee Agent Log viewing to a specific subnet.
Hope this helps. :-)
I did it. But still there blocking the RDP for the exclusion. I create a call McAfee for this case and neither they even managed to make it work.
Thank you for your help.