As far as I know, the modules DLP Endpoint or Network DLP Discover do not allow for shared folders read-only access. Such access rights are configured in group policy.
I understand Your problem. He did not once faced with high expectations management software product. It seems to me that this problem you can try to solve complex approach. What I mean, talking about a comprehensive approach? As with any system, DLP has some limitations. You can do your own testing, how to bypass this system. It turns out that any DLP is a sieve that allows more than prohibit. Based on Your research that cannot DLP, try to offer compensation (additional) protection measures. I think that the comparison with anti-virus (IT certainly boss knows about the anti-virus software) that can't catch no known viruses that will help you understand that one DLP without the help of other remedies will not cope. Then have to find other means of protection or to refuse to use Chrome browser, which does not track this DLP (as an example).
VSE has a Virus Outbreak control that will lock shares down to read-only.....but a new policy would have to be created to be applied to this server.
But GPO/File Permissions are the way to go....VSE is more hatchet than scalpel.