Thank you to everyone that responded, I appreciate all you've done to try and help, but I think I've been communicating what my problem is incorrectly. I have it semi-resolved, but I'll explain again to try and clear things up.
My organization would like to block all USB thumb drives except for a specific type. I began this process by creating a test group and a new policy. The policy blocked all Device ID "USBSTOR&DISK*" type devices. This worked fine, as none of the USB drives I inserted into the computer in the test group would enable.
Next I went back into the policy to allow the specific type of drive, in this case an encrypted USB drive. I put the exception into the policy as "USBSTOR&DISK&VEN_SDG&PROD_005M&REV_1.00&12345678900000001890&0". I did not initially realize that the last part (12345678900000001890&0) was in fact a serial number. Even though I specifically told the system to allow that single USB drive to work, I could not get it to enable in the systems in the test group.
I then went back and altered what I was excluding from the block down to "USBSTOR&DISK&VEN_SDG&PROD_005M&REV_1.00*" hoping that would allow the thumb drives from Vendor SDG with a product ID of 005M and Revision 1.00 to be excluded from the block policy. It did not work. All the drives of that type were still blocked.
Lastly I took the exclude drive all the way down to "USBSTOR&DISK&VEN_SDG*" and that has allowed the drives to show up. My concern now is that any drive from the Vendor SDG will work in these systems, and not just the specific Product 005M.
Has anyone else run in to a similar issue where the exclude list will not work until you drop the excluded from policy item all the way down to the manufacturer?