You're close...the thing to remember is that the rules you set up in here are evaluated from left to right. So starting out with:
+,*,*
...means that you are including ALL traffic, so in essence you've invalidated all of your subsequent filters. And, it's:
[+|-],[destination],[source]
What you want is this:
-,*,192.168.20.140/32;+,*,*
That's read as "exclude traffic from that exact IP as the source, then inspect anything else.
If you look in the help, you'll see they provide examples as well, which may be helpful.
Regards,
~Keith