DLP Policy to Allow & Block?

Question

I'm hoping someone else has ran into a similar situation and can provide an easy answer. 
 In short, if we have a Rule in our base DLP policy which blocks USB transfers based on sensitive info (PII, etc.), but another Rule in the same policy with monitors and allows transfers, does the 'block USB transfer' rule still activate if it sees sensitive info, even though the 'monitor' rule conflicts with it. Basically, if the two Rules conflict, will the more restrictive one take precedence? 
 Some context, because I know this seems bizarre. But due to the problems with SecureBoot and Sophos Central, we can't just push out a rule that asks users to confirm potential sensitive info transfers, so I'm trying to find a way around it that will let users transfer normal files as they've always done but now give IT visibility of those transfers via Sophos Central, but still block transfers of sensitive info. 
 By all means, please ask me to clarify anything here; I realise it's a strange situation.

QC · Accepted Answer

Hello Craig Withers , 
 IMO the Central Admin Help is quite clear: 
 
 If a file matches rules that specify different actions, the rule that specifies the most restrictive action is applied. For example: 
 
 Rules that block file transfer take priority over the rules that allow file transfer on user acceptance. 
 Rules that allow file transfer on user acceptance take priority over the rules that allow file transfer.

I'm not sure what prevents from working in the UEFI vs. DLP article means. Whether it's just that just an Allow on acceptance rule unconditionally blocks or that Any action that triggers a Data Control rule also refers to Allow and log . 
 Christian

DLP Policy to Allow & Block?

Submitted a Tech Support Case lately from the Support Portal?