You may test these steps..
Open the SEPM and click in Policies tab.
Click in Application and Device Control under View Policies. On the right pane, edit the Application and Device Control policy and click in Application Control.
Edit the "Make all removable drivers read-only" Rule Set.
Under the Rule frame, click in "Block writing to all files and folders".
Confirm that in the option "Apply to the following files and folders" exists the command line "* (enable drive types)"
If exists, select this line and click in Edit.
The next screen will show some information about file and folder definition. Check the "CD/DVD drive" option and uncheck the "Removable drive" option.
Click in OK to confirm the changes in this rule set.
Check the checkbox about this rule and click in OK to confirm.
PS: Don't forget that for this rule to work we need to create a client package with Network Threat Protection and Application and Device control.
Hope this helps..