@krburkley Thanks for choosing Support Community.
I am afraid to inform you that the file can't be allowed to drag and drop.
Secondly, evidence option is not applicable for device rules hence, file name can't be viewed in incident manager.
Just to give little more information about the functionality of the rule:
Removable Storage File Access Device Rule generates incidents on device plug only considering the plugged device matches device definition in the rule - plug event will be generated.
DLP blocks access to device or make the device read-only without generating any incidents after it. This Behavior is by design. This will mean DLP won't create a false monitor incident - you can see that incident type is device plug incident.(not file access block). The device rule will block access to .exe files (or another type of files which user defined in the rule) but no incident will be sent.
The reason for this behavior is the huge number of file access operations that OS does. Many different running processes (like explorer.exe) will try to access blocked files. If we will send notification for every file access user can see hundreds of notifications in a minute.
Hope, this is helpful and addresses your query.
JaganA
McAfee Employee
Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?