In what way is it messed up? Is it now allowing all, blocking all? What is the messed up behaviour?
It is blocking all USB drives...including the ones for which I had an exception.
Are you using Application Control? If so, what rules and how are they configured?
Yes using App Control...using in this order...
AC3 - applying to * and not applying to Kingston drive (id from devviewer)
AC4 - same
AC2 - same
AC5 - applying to *
AC9 - applying to * and not applying to Kingston drive (id from devviewer)
Are you using Device Control? No
What do the Control Logs say? When I plug in the Kingston drive, it says "block writing to all files and folders has blocked DTVP_Launcher.exe" which is the file that launches the Kingston drive, which is an exception in the block writing to files. I have even tried putting that specific file in to not block. It is like it is not recognizing the fact that the drive is an exception.
This policy is working fine on a group of PCs that still have 12.1 RU1, but when applied to the group of PCs that have 12.1 RU1 MP1 it stops working.
I believe I have answered all of your questions...
Thanks!!!