USB is usually pretty straightforward. You need at least two device definitions. One device definition to cover all the unapproved USB drives you need to block and another device definition to cover the approved usb drives you want to allow.
- I defined my "USB storage devices" defintion by bus type "USB" and file-system type with all file sytem types checked off.
- I defined my "Approved USB storage devices" defintion by checking bus type "usb" and entering in the VID/PID values of the drives I need to allow.
- Then create a rule that includes the non-approved USB drives and excludes the device definition for the approved usb drives.
If this is exactly what you've already configured, I would call in to McAfee support and ask the DLP support rep to remotely connect and review your rule configuration.
I hope any of this helps you.