This article describes the scenario of restricting access to memory cards while keeping other USB removable devices allowed.
Access check to internal card readers/memory cards is performed on Removable level only as they do not have supported interface to control with DeviceLock.
To restrict access to memory cards while keeping other USB removable devices allowed:
1. Configure "Removable" permissions of "System: Full Control" only, or if needed for other User/Group accounts as well
2. Set the same access permissions for "USB Port"
3. Allow specific USB drives via USB Devices White List for a User/Group. Keep the "Control as Type" flag disabled*.
*Disabling the "Control as Type" flag for a white-listed device disables shadowing and content-aware rules for the device.