An endpoint policy in Symantec Data Loss Prevention Endpoint Prevent (DLP) is created to detect content being copied to the local hard drive. The policy fires and creates an incident, but the file copy is not blocked.
This is an unexpected behavior; the expectation is for the rule to block the copy of sensitive data.
The Endpoint block response rule is not triggered for the copy of sensitive data to the local drive from either USB or OneDrive.
See "Configuring the Endpoint Prevent: Block action" in the DLP Administration Guide, which is located at https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/information-security/data-loss-prevention/generated-pdfs/Symantec_DLP_15.7_Admin_Guide.pdf
This behavior is expected.
The block action is not triggered for a copy of sensitive data to a local drive.
Note : enabling "local drive" monitoring will cause performance issues since DLP will start monitoring every file that gets created on local drive.