With a bit of plagiarism for the enemy
Create a new plug and play definition specifiying vendor id "05ac" (Apples vendor ID) and build your block rule based on that.
No idea if it works as i don't have any Apple devices to test with. Also i was able to create the definition in my DLP 9.2 on ePO 4.6 hopefully it's the same in yours.
I use plug and play definition using the 05AC as the vendor ID for the definition. The iPhones do not register as removable storage, so if you create as that type you will not block them. One note however: The rule blocks everything, so your device will not show up as "Apple iPhone" in the logs as it blocks at the root hub of the device.
Well the PnP device rule just specifying the Vendor ID 05AC did not work. I just plugged my iPhone and it installed without DLP popping up. I'm going to try the Product ID as well, and see if that works. Any help in what else I can do would be awesome. My other concern is also Droid phones and tablets.
The Apple phone products do not show up as removable storage devices, so you will have to create a PnP device definition to block them. They are all USB Vendor ID 05AC as stated before, the product IDs are listed below:
12A0: iPhone 4s
1297: iPhone 4
1290: iPhone Original
1292: iPhone 3G
1294: iPhone 3Gs
129F: iPad 2
HTC Androids (Vendor ID 0BB4):
0FFE, 0FF9, 0FF8, 0FFF, 0CA5, 0CA2, 0C9E, 0C97, 0C99, 0C94, 0C91, 0C8D, 0C87, 0C5F, 0C01
Motorola Androids (Vendor ID 22B8):
41D6, 41D9, 41DB, 41DE, 4285, 42B3, 42B4, 42B5, 42B6, 42B7, 42B8, 42B9, 7087, 4287, 42BA, 42A3, 2D67, 2D66, 4316, 42D6, 42F6, 2D78, 6426, 70C6, 42E0, 2D84, 708D, 708F, 7086
Motorola Androids (Vendor ID 0C44):
Samsung Androids (Vendor ID 04E8):
681D, 685B, 681C, 685E, 6860, 6877, 689E
Samsung Androids (Vendor ID 05C6):
The installation guide of DLP recommends setting rules in monitor only mode in a generic configuration to gather information about your environment. Using the events created by the monitored events, in this case plug and play events for usb devices, the VID/PID can be obtained for the specific devices you are trying to block. You can then create your rule based off that criteria to block.