The app level serverclass setting "excludeFromUpdate" does not override high-level settings. Splunk serverclass.conf documentation indicate it should override higher-level settings.
Below is an example of a serverclass called myServerClass. I do not want to exclude anything from the app level, especially for myApp, thus, having an empty value.
The excludeFromUpdate for "yourApp" works fine, overrides the class level configuration.
[serverClass:myServerClass]
excludeFromUpdate = $app_root$/local,$app_root$/default,$app_root$/lookups
[serverClass:myServerClass:app:yourApp]
excludeFromUpdate = $app_root$/lookups
[serverClass:myServerClass:app:myApp]
excludeFromUpdate =
