Try this
refer the below doc
Block copy and execution of specific files from an USB.
Do the following modifications in this doc
instead of first step do as follows
First add USB drives to the Hardware Devices list
1. Open the Symantec Endpoint Protection Manager
2. Click on Policies
3. Expand Policy Components
4. Click on Hardware Devices
5. Click Add a Hardware Device...
6. In the field Device Name: usbstorage Note: This can be anything
7. Choose Device ID: USBSTOR\* (Note: This must be all capital letters and must be spelled correctly)
8. Click OK
Avoid step 7
In step 8 select the action as continue processing other rules in both ( read attempt and create ,delete or write attempt ) Also enable logging for both ...
Note:In the doc device name specified as kigston.While creating the policy you have to select the device name which you created in first step instead of kigston..