Hi Anderson,
First, do you have any Custom Application and Device Control applied to blocked certain devices? By default, Device control policy doesn't enabled device blocking yet. All devices are allowed.
2nd, If you have Custom ADC applied, you should add it under "Devices excluded from Blocking" you may follow the link below.https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/about-application-control-system-lockdown-and-devi-v36534292-d45e176/managing-device-control-v36640615-d45e108/allowing-or-blocking-devices-on-client-computers-v36652454-d45e1287.html