from what i know PNP is the 1st layer of rule before removeable storage.
Depends how many machines are you monitoring. I do not think it will overload endpoint machines. The events are trigger into the McAfee Agent which will periodically send to server for keep. Database may be overload but from my previous environment i have 3000 endpoints with alot of rules i have not much of an issue with it. You may see the slow down of the epo (my database is on another server).
Default monitor rule are usually for initial phrase for checking and capture items that is not inside the allow rule to trigger for fine tuning of my device control rules. Unless you really need the logs like me. I only monitor those being block and those machine need to monitor everything.
I use pnp rules to block items unable to indentify as removeable storage. Example iPhone. which i just use wildcard apple to block as i am too lazy to do it one by one. so anything call apple will be block. I hoping there is not apple network switch or apple mouse in used. But bear in mind it will effect alot of other applicance too like samsung you use this word it may block harddisk that is reside inside the machine. for me i only block Blackberry n Apple product rest are beign block are my cameras or imaging device.
My work way it to block all and slowly open it back.