Endpoint can block EDM provided they are connected to detection server/enforce server.
If the endpoint is not connected in network then it will not check with server for signature.
There is limitation create a IDM policy, and, the end user copy a IDM violated doc to the USB disk, the DLP agent cannot block such action. But, there will be an incident generated on DLP enforce. The admin can audit this kind of incident.
Symantec DLP would not block IDM or EDM policies assigned to an endpoint computer, because the fact is that if an endpoint would need to store IDM/EDM profiles than the client would consume a lot of memory.
https://www-secure.symantec.com/connect/forums/can-we-monitor-dlp-idm-and-edm-dlp-endpoint