Your screenshot shows a Removable Storage Device Definition.
You will find the USB Class Code in a Plug and Play Device Definition.
Best practice is to block all USB devices at the PnP level rather than at the Removable Storage Device level.
I would block all unwanted USB devices at the PnP level and control access to authorized USB devices (who has access to what) at the Removable Storage Device level.
Here is an example that you could use:
Create PnP Device Definitions:
1) Name= PnP All Devices
Bus Type= USB
Device Class= select all of them
2) Name= PnP Allowed USB
Filter using PID/VID/Serial number of authorized USB
Create a PnP Device Rule:
Name= Block USB Devices (except Allowed Devices)
Step 1 of 3= include "PnP All Devices", exclude "PnP Allowed USB"
Step 2 of 3= block, monitor (and notify)
Step 3 of 3= apply to all users (User Assignment Group that should contain Domain Users and Local Users if you use Active Directory)