Steer specific sub-domain but Allow Bypass for the remainder

From what i gather from your question , the objective is to steer and block "x.example.com" and steer bypass "*.example.com".

We can make use of custom categories, URL list exclusion/inclusion to make steering decisions here.

You can follow the steps below:

1) Create a URL list called “Bypass wildcard” for example and add the domain "*.example.com" to that URL list. Save the URL list and Apply changes.

2) Create a URL list called “Steer subdomain” for example and add the domain “x.example.com” to that URL list. Save the URL list and Apply changes. 

3) Create a Custom category called “Subdomain Steering” and include the URL list “Bypass wildcard” and exclude the URL list “Steer subdomain”. 

Save the Custom category and apply changes. Please note that exclusion URL list has a higher priority than inclusion URL list.

4) Create a category exception in the appropriate steering configuration and select the custom category “Subdomain Steering” and click on Add. A category
exception will be created.

5) Create another Custom category called “Block Subdomain” for example and add the URL list “Steer subdomain”. 

(Please do not use the same custom category “Subdomain Steering” for both steering exception and Realtime policy as that  custom category excludes the domain “x.example.com”)

6) Create a category based Realtime policy called “Block  Steered Subdomain” and select the category “Block Subdomain” and set action to block.

7) Now update the Netskope client configuration and try accessing the domain “x.example.com”. You will see that the domain gets blocked by Netskope SWG. If you try accessing any other
subdomains for example.com , that traffic will get bypassed at Netskope client.

Hope it helps!