Block response rule does not appear every time the policy is violated.
A test can be run by trying to copy confidential data to a USB device every 2-3 seconds. However, an incident gets created for every violation.
It is working by design. It takes the cache from the previous value.
A setting exists under Advanced agent setting of Agent configuration:
Details: Maximum time, in seconds, in between two file operations to be considered as a single transaction. Default value is 10 seconds. Please make it to 1, save and apply changes so that the new configuration takes effect.