Create two rules as follows: Rule 1: All Devices included and Approved Devices excluded (remember to do this in the same rule). Select block / read only as a reaction.
Rule 2: Include only the approved devices. Select monitor as the reaction
Rule 1 meets your requirement whereas Rule 2 monitors approved device usage.
Is anyone else having trouble getting SanDisk U3 devices to be read only? I created the rules above as described, but I can still write to the SanDisk U3 device. The rules do block other USB devices though. Do I need to block all SanDisk U3 devices?