I have added the subject keyword in custom filtering as well but doesn't seems to appear like its working :(

Can you attach your custom filtering rules?  Also, do you see any events in the EV App log?

Also, have you seen this?

Message subject filters for custom filtering

This is what i have in my 'Filter Rules.xml' file. Is this file name correct or it should be 'Custom Filter Rules.xml'?

<?xml version="1.0"?>

<RULE_SET xmlns="x-schema:ruleset schema.xdr">
 <!--This rule will hard delete items that match the subject criteria below -->

 <!--
 <RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
  <SUBJECTS INCLUDES="ANY">
   <SUBJ MATCH="CONTAINS">Out of Office Autoreply</SUBJ>
   <SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
  </SUBJECTS>
 </RULE>
 -->

It should be called Default Filter Rules.xml

You can review the relevant TN's

Configuring custom filtering

or check the Configuring filtering  section of the Setting up Exchange Archiving.pdf

I am getting this error when using the default filter rules.xml, i am setting the filter to use just 2 subject keywords to exclude specific email from being journaled.

Event Type: Error
Event Source: Enterprise Vault
Event Category: Journal Task
Event ID: 45315
Description:
An error has occurred when adding a custom rule set.
This error may be caused by incorrect XML syntax.
Error: 0xc00ce011

Internal References:
Element cannot be empty according to the DTD/Schema.
Details:
Source: C:\Program Files\Enterprise Vault\Custom Filter Rules\Default Filter Rules.xml
Line: 15
Position: 3
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">

 
 <!--This rule will hard delete items that match the subject criteria below -->

 <!--
 <RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
  <SUBJECTS INCLUDES="ANY">
   <SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
   <SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
  </SUBJECTS>
 </RULE>
 -->
</RULE_SET>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I don't believe this  --> should be there above </RULE_SET>.

So like this

<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">

 
 <!--This rule will hard delete items that match the subject criteria below -->

 <RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
  <SUBJECTS INCLUDES="ANY">
   <SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
   <SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
  </SUBJECTS>
 </RULE>

</RULE_SET>

Thanks Tony! That was it i had to remove <!-- and --> and restarted JC and didn't get error anymore.

Next thing is to validate if this works and doesn't samples the notification email anymore.

This is after correction!

<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">

<!--This rule will hard delete items that match the subject criteria below -->

<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
<SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
</SUBJECTS>
</RULE>

</RULE_SET>