I apologise for maybe not understanding the question, but here's some things I do for USB;
I use application and device control, DEVICE control, to block all via a device definition:
*USBSTOR\Disk*
And add that under blocked devices. I then create exceptions if needed, for devices we wish to allow.
Symantec has already defined things like HID - Human Interface Devices, but my definition above is only for STORAGE devices, like "thumbdrives" or USB sticks, or storage in phones, etc. This way no one can plug a USB stick into their computer and copy files to or from it.
You could use registry control in the APPLICATION control part of SEP's Application and Device control for similar, like they did in a rule set for blocking new Browser Helper Objects:
Create a ruleset and add registry access attempts. You can block or allow reads, block or allow writes, and so on. Here is what they used - they blocked writes to this key ->
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\*\*
You can also use SNAC if you are so licensed.........
OR, you can manually, in regedit, or in a GPO, make a key or area read-only. Group Policies are a good way to manage the registry, and you can create custom policies and let your domain manage it for you.