How do I block inheritance/application of a single GPO?
Solution 1:
Add the specified machines to an Active Directory Security Group and add the Group to the GPO with a "Deny" for "Apply Policy" (Don't fall for doing a full deny as it will stop the GPO name from enumerating, making troubleshooting difficult). Then, add the machines to that Group as required.
Solution 2:
Simply use the "Apply to All users except local administrators" setting in the Software Restriction Policies Enforcement... you don't let all your users run as Administrator... do you???
As an alternative, perhaps you could define the Software Restriction Policies in the User Configuration portion of the GPO, then use Security Filtering to allow that GPO to only apply to a particular security group of users.