It sounds like you are on the right track.
Try using a removable storage device definition to define your device with the device instance ID. Use that with your device rule to block everything and set it to exclude your whitelisted group.
If you didn't change the Agent policy in EPO, policy enforcement is every 5 minutes, agent to server communication is every hour.
After enforcing the policy, sometimes the client machine might need a reboot if you are certain that everything looks ok.
If all else fails, try using the option for "allow partial match" under the device instance setting.
Hope that helps!
thanks for your reply.
It did work indeed. The only way to find out the correct USB Device ID was to go to DLP Monitor and check the devices which have been blocked. Then copy the info to notepad and feed the whitelist group.
Getting the Device ID from Device Manager/Properties was not matching.
Many thanks for taking your time to reply to my Q.
A bit of a late reply...
Each USB device has a unique number, create a rule to allow devices by this number.
If you block executables on removable devices, you will also need to whitelist the application that "decrypts" the USB device.
In DLP 9.3 you will need to define a new Plug and Play Device Definition and select Bus Type (e.g. USB, PCI...) and USB Class Code of 08h - Mass Stroage.
Add a rule to block this definition
Now you will then be able to use the Whitelist Plug and Play Device Definition to exclude any devices by serial number or device ID etc.