No information about that process that performs the I/O makes it across the network. The process that performs the action on the client system is the operating system itself (specified as System:Remote). Because the only process included in the rule is System:Remote, the only process that can be excluded would also be System:Remote, effectively disabling the rule.