Hmmmm, does this policy correctly block USBSTOR* devices on any other machine?
If yes, then I'd suggests you start the SEP Client on the PC using the "Run as Admin" option, and make sure "Enable Application and Device Control" is ticked under Change Settings -> Client Management -> Configure Settings. Or perhaps reinstall the client...
If not, then create a new A&DC policy that blocks USBSTOR* only, and test with that.