An endpoint policy in Symantec Data Loss Prevention Endpoint Prevent (DLP) is created to detect content being copied to the local hard drive. The policy fires and creates an incident, but the file copy is not blocked.

This is an unexpected behavior; the expectation is for the rule to block the copy of sensitive data.

The Endpoint block response rule is not triggered for the copy of sensitive data to the local drive from either USB or OneDrive.

See "Enable monitoring settings."

This behavior is expected. 

The Copy to Local Drive feature prevents users from moving sensitive data from a network drive to a local drive on a Windows endpoint using Windows Explorer.

Note : enabling "local drive" monitoring will  cause performance issues since DLP will start monitoring every file created on local drive.  If you need to monitor files located on the local drive, Endpoint Discover is recommended.