Please refer to KB53598 which describes why it can't block cd/dvd writing.
From the KB article at https://kc.mcafee.com/corporate/index?page=content&id=KB53598:
McAfee recommends that you create a device rule and make the CD drives read-only.
It is not possible to block using a reaction rule that is triggered from burning software such as:
- Windows built-in burning functionality.
The reason for this relates to how the CD burning software builds the data to be written and because of the manner in which those applications choose to organize the data before burning, which makes Data Loss Prevention unable to block that data using an Application Reaction rule.
Data Loss Prevention does provide tagging and monitoring via a burner application reaction rule, just not blocking functionality. This feature has limited functionality but does exist in Roxio versions 6-8.
Thanks for your reply. How to create a rule to monitor the tagging file write into CD/DVD via burner application reaction rule. I am using DLP 9.0 and ePO4.5, there is no "burner application reaction rule" BTW, Is there any work around method to block the tagging file?
Under protection rules there is an option under application definitions for media burner applications but as the KB stated, this will only have limited functionality unless using Roxio v6-8.
If you want to block the file from being written and aren't concerned with the limit of not being able to read from cd/dvd media, create a plug and play device rule to block cd/dvd drives. The drive won't be seen in Windows and can't be read from or written to.