Thanks for the suggestions,
The only place logging was enabled was in the policy "Enable Logging" next to "Rule Set Name" in the Application Control Rule set, but there are no logs re usb writes in the client that I can see. Is there somewhere else that could disable logging? Is there a way to open the client with no restrictions (tried running as admin) in case some logs are hidden?
Client MGMT:
* Control Log: Empty
* Security Log: Empty
* System Log: A lot of informational logs like "Downloading new content from GUP", "Update for xxxxxx was successfully installed"
There dont seem to be any usb logs. Ive tried to eject/reinsert/re-copy files, but still no logs.