Hi,
You should check the device id's.
A Device ID (also known as a Device Instance ID in Windows) is a specific ID that is given to each device. A Device ID can be more effective for blocking or allowing devices because it is made by concatenating a list of data about the particular device. Device IDs are generally in a more readable format.
On the SEP CD or DVD, under the Tools\NoSupport folder look for Device Viewer (DevViewer). The Device Viewer can be used to get either the Class ID or the Device ID of a particular device. It would assist copying the IDs to the clipboard and then paste into the SEPM
Are they same for E-sata and internal SATA disks? Ideally they should not.
If they are not same then add them under block list and check.
I would recommend to test it prior to implement.
Refer this article:
How to Block or Allow Devices in Symantec Endpoint Protection
http://www.symantec.com/docs/TECH175220