There is no option to run a scan within Antivirus / Spywares policy, as you can review from the article bellow.

Auto-Protect scan would only run when a file is accessed or modified (scans the files when they are written, opened, moved, copied, or run).

This means that if any threats present on the USB drive which attempts to access or modify any of the content on the system, it would be detected and blocked. The detection mechanism within file system Auto-Protect ensures safety from threats present on USB drives.

Endpoint Protection does not currently run an automatic scan on the contents of external drives when they are plugged in. A manual scan on the contents of a flash drive can be initiated by right-clicking on the drive in "My Computer" and choosing "Scan for viruses".

The following steps will guide you to proceed with policy import into SEP Manager.

First, open Host Integrity policy and import the attached ".dat" file into it.

then you can rename the policy to "Scan USB" and review it to better suit your needs.

The scan will run while there is an external drive connected to USB and once every Host Integrity check time.