Yes it should be possible.
Open your DLP Policy console, add a new Removable Media Storage Device rule. Configure that rule to include any USB device (device definition) and set the action to block (don't assign it to any group for now).
Create a new automatic response for threat events. In the filter, you can specify the following:
Detecting product name: VirusScan
Threat Category: Malware
Threat Handled equals False (optional).
This will force automatic responses to trigger when a malware event isn't handled (when not removed by the antivirus).
In the actions, select Run System Command and assign the newly created policy to that host.
Add another action, select Run System Command again and select Wake Up (to force the policy update on the client).
Add another action, select Send Email and configure the email to be sent (make sure that you have an email server configured under your Server Settings).
VirusScan should alert the user automatically upon detecting a malware (if configured in the alert policy).
On top of these actions, you can create new "Access Protection" Virus Scan policies and prevent the machine from communicating via HTTP/FTP and also lock shares. Then assign this policy using the automatic response tool. I would also recommend adding an on demand scan task to your list of actions.
Hope this helps
I do have already an automatic response for the malware event that isn't handled. I will use that to trigger the policy enforcement
At this time I don't want to go any further in restricting the access, but keeping it in mind.