“Device exemption” is based on the "Device Instance Path ID" and devices are exempted based on a substring match.
For instance if the "Device Instance Path ID" was identified as USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_G3&REV_1.00\001CC0EC321DFBC0B717268 6&0, then the below strings can be configured to exempt devices,
KINGSTON -> Would exempt all KINGSTON devices including the one above
DATATRAVELER -> Would exclude all DATATRAVELER models including one above. The MAKE may or may not be KINGSTON
G3 -> Any device with G3 would be excluded including the one above
The example outlined above demonstrates the use of a single entry in the exclusion list to indicate string based matching.
Can you also check if the configured policy is enforced on the client via the McAfee Tray Icon ?
For more information, refer to the articles below :
How to exempt devices by Vendor : https://kc.mcafee.com/corporate/index?page=content&id=KB69770
How to exempt by Device IDs : https://kc.mcafee.com/corporate/index?page=content&id=KB75531
Hope this helps..