Firstly I would like to thank everyone who has contributed to this forum post. I have always appreciated your valuable inputs.
Now my initial question was to log all the devices which are connected to endpoints i.e to grab the Device or Class IDs so that we can choose what to block and what to not.
The problem at the momment is SEP would only log devices which are explicitly added either into the block devices section or the section which contains devices excluded from blocking . If there is any device that is not part of either 1 of these sections it wont be logged by the device control policy. If you add the Class ID for all USBs in devices excluded from blocking it will exlcude all USBs from being blocked and whitelist every USB hence you cannot selectively Block any USB in the Blocked device section.
Now in Application Control we have a policy that will log read and write attempts to/from USBs if it is enabled in the APP control which is more suitable but the only concern with that is the amount of logging that would be generated.
Thanks