Haroldvm..
EDM/IDM and VML will work perfectly for BOTH detection and blocking when it comes to any other Symantec DLP product except Endpoint. So it will work on the Email Prevent, Web Prevent, Network Discover and the like. It will detect with Network Monitor but NOT prevent anything. (monitor is passive).
When it comes to Endpoint EDM/IDM are considered 2 tier detections. So you would need to have a policy that can ONLY create an incident on the Enforce console, the user will see nothing. If you want to do this, you will need to write the policy with an AND statement. (2 Tier detection)
For example if you had an EDM with SSN's and First and Last Name. You would have the policy look for an SSN pattern AND then have a rule for the EDM. This way the endpoint would first have to find the pattern of the SSN (which the endpont can do) and then send it up to the Endpoint server for further detection. The idea is that the endpoint will have to pass the first rule (SSN) before sending it up the the Endpoint server for a 2nd tier.
If you did not do this the endpoint agent would send EVERY file up to the Endpoint Server. This would tax the laptop and cause an impact to performance.
Hope this makes sense.
If this solves your questions please marked as solved.
Ronak