This is an example to creat a policy and apply on a group:
In the Menu> Data Protection> DLP Policy widget, Device rules,
add new removable storage device rule,
call it "monitor all removable storage devices", include all devices, exclude nothing,
click nexxt, select Monitor online/offline , next.
Make sure the rule is Enabled (which ironically you verify by the disable button being available near the top),
and press Apply near the upper left to crap the policy out to the ePO.
Then, in ePO, in your system tree, under the sub group you wanna test this on, go to policies, DLP policies, ... Duplicate the default Data Loss Prevention Computer Assignment group policy to a new DLP policy that adds the name "policies activated" to it (e.g name the copy McAfee Default Computers Assignment Group (policies activated) ) , edit settings on this new policy, checkmark "logged in user" and "local user" for the rule "monitor all removable storage devices." (assuming you took my naming advice in paragraph 2). Click save, do a wake up agents on the hosts that are in the system tree under where you added this policy. Plug in some usb cruft into one of the hosts that's in this test subgroup where you've created this policy. Do another wake up agents on those hosts to compel the epo agent on the clients to push the dlp agent events up to epo, then in ePO Menu> Data Protection> DLP Monitor, wait a few minutes, refresh, and hope to see some "plug" events.
If you access ePO with a web browser on a machine that's not the ePO server, if Menu> Dataprotection> DLP Monitor doesn't come up for you and gives you WCF errors and the like, check the (Menu>data protection> DLP Monitor> Tools> Options> WCF service path) and be sure the URL is pointing to ePO's hostname rather than local host.