Device classes are used for plug and play device rules which sounds like you are using a removable storage device rule and why it is not available for criteria.
As far as your new device definition for the exclusion goes it sounds like you already have an incident for the device you want to exclude - if that is the case the easiest way is:
1) Open incident manager
2) Select the incident that blocked the device you want to exclude (i.e. put a check mark in the box next to it)
3) Select Actions
4) Create device template
5) Removable storage device
It will auto populate a device definition for you. You can remove some of the criteria to make it more generic but hard to say what you should do without seeing your existing configuration and the device information being reported.
Note: The above steps were part of a feature enhancement added in DLPe 10.x but I don't recall specifically which version.
Hi Hhoang, many thanks for your response.
Good to know that I am able to create the exclusion based off of an existing incident - this is very handy to know.
Whilst looking at this a little further last night I noticed that I can specify a vendor ID and Product ID which will provide a relatively generic exclusion and I feel this would be considered suitable.
I am however hoping that we can begin pairing a device with a particular user (a decision for the business to make). This would be ideal as it enforces the device -> owner relationship that is recorded in our CMDB.