From the product guide:
Removable Storage File Access Rule — Used to block executables on plug‑in devices from running
Removable Storage File Access (RSFA) rule does not have an exclude option which is why you cannot use it the way you want to.
Data Loss Prevention is meant to stop restricted data flow from the computer to outside. You will not be able to restrict data flow coming from outside to the computer which is why I said RSFA is meant to be used for a different purpose.
I understand your requirement, but that's not what the RSFA rule was meant to be used for. You may include all the file extensions in the policy and just leave jpg unchecked, but your OP already states that is not an option for you.
I totally see why....DLP is for DLP. Blocking incoming stuff is different. Just wanted to make sure before I present it to a client. In all fairnes it would have been pretty easy to include this option tho IMO...but again - that would be out of scope for what the soft is ment to do.
Thanks again for confirming this.
The exclude option already exists for almost all the Content rules. I agree that it is a good to have option.
If you can, I would suggest you submit a PER: