Setting up a new Peripheral control policy

Question

I have been tasked with setting up a new peripheral control policy to restrict access to removable storage devices. The access has been set to "control access by peripheral type and add exemptions". Our secure removable devices has been setup to "allow" and we are able to copy to and from and write to files stored on encrypted USB keys. 
 The issue we have run into relates to removable storage devices. The policy is set to "Read only" and we are not able to edit a file on the the removable storage. But we are able to copy to and out from the removable storage. I need to be able to prevent the movement of files on and off of unencrypted storage. 
 My hunch is that this could be controlled with the use of an additional data leak protection policy. We are currently using UEFI secure boot across all machines and found we were getting similar issues covered in the follow link. As a work around we disabled our "default" data control policy which resolved this issue. 
 community.sophos.com/.../120861 
 Has anyone had to configure a similar scenario? 
 Thanks 
 Kevin

Gowtham Mani · Accepted Answer

Hi Everyone, 
 The issue reported in this thread is resolved once the other peripheral exception policies were removed and a single policy with a read-only rule is set to the client.