Xlloyd is correct...you will be unable to invoke a block response on the Endpoint with an IDM or EDM rule. The reason behind this is that all index-based detection happens back on the Endpoint Server, not at the Endpoint itself. So since that's an asynchronous transaction, there's no support for being able to block.
However, with a properly configured policy, you can DETECT against an EDM/IDM on the Endpoint. What you need to do is set up a compound rule. For instance, if your EDM is looking for customer SSN and last name, you can set up a policy that goes to the Endpoint where you have the compound rules like this:
(1) pattern matches SSN (using the data identifier) - AND
(2) match Last Name and SSN from your EDM profile.
What happens in this case is that the first rule triggers an SSN match, and the Endpoint will ship the message content back to the Endpoint server for further inspection.
Note of caution...you could end up shipping a lot of data across your network from Endpoints to Endpoint servers doing this, so you need to first understand what the impact is going to be. You'd start to do this by deploying just the DI rule and getting a guage on how many incidents would trigger the deeper inspection. However, even doing this, you still can't block at the endpoint against the indexed based rule.
~Keith