Please see below note from Page 66 of DLP 11.2 Product Guide.
Create a plug-and-play device rule Use plug and play device rules to block or monitor plug and play devices. They are supported on both McAfee DLP Endpoint for Windows and McAfee DLP Endpoint for Mac. On macOS computers, support is for USB devices only. A plug and play device is a device that can be added to the managed computer without any configuration or manual installation of DLLs and drivers. For plug and play device rules to control Microsoft Windows hardware devices, the device classes specified in device templates used by the rule must be set to Managed status.
1 In McAfee ePO, select Menu | Data Protection | DLP Policy Manager | Rule Sets. 2 Select Actions | New Rule Set, or edit an existing rule set. 3 To open the rule set for editing, click the rule set name. Click the Device Control tab. 4 Select Actions | New Rule | Plug and Play Device Rule. 5 Enter a unique rule name. 6 (Optional) Change the status and select a severity. 7 Deselect the McAfee DLP Endpoint for Windows or McAfee DLP Endpoint for Mac OS X checkbox if the rule applies to only one operating system.
8 On the Condition tab, select one or more plug and play items or groups. When saving the rule, the template used to create the items or groups is validated against the operating systems selected in the Enforce on field. If they don't match, an error message displays. You must correct the error by deleting templates or changing the selected Enforce on operating system selected before you can save the rule. 9 (Optional) Assign end-user groups to the rule. 10 (Optional - Windows only) On the Exceptions tab, select a whitelisted device template and fill in the required fields. You can add multiple exceptions by adding more than one whitelisted item or a whitelisted plug and play group. 11 (Optional - Mac only) On the Exceptions tab, select a device template and fill in the required fields. You can add multiple exceptions by adding more than one item or plug and play group. 12 On the Reaction tab, select an Action. Optional: Add a User Notification, and Report Incident. If you don't select Report Incident, there is no record of the incident in the DLP Incident Manager. 13 (Optional) Select a different action when the end user is working outside the corporate network, or is connected by VPN. 14 Click Save.