I'm having issues with writing "Advanced Custom Criteria" that works to run compliance checks on each port of a Cisco switch.

Basically, I would like to write the criteria to check if an interface has all the correct ISE configuration on each port unless an exception for that port is met.

I feel a screenshot of my current compliance rule would explain this the best. I want it to check every config block that starts with "interface GigabitEthernet" and ends with a ! 

Unless the description in that config block has the words "*NO ISE*" within it, then compliance check should skip this config block.

 I'm just describing my method I'm attempting but I'm open to any other ideas or methods the community has.

-Has anyone else done this before? if so, how?

-Is there anything wrong with my method that's causing it not to work? 

      -The config block part works if the port has ISE configured but I cannot get the exception to work.

      -I may need to use regular expressions in my criteria to create wildcards to make it match correctly?

thanks in advance!