As far as I know, DLP does not record what files are moved to USB device.
It only records the violation logs, but it does not specify whether they are in USB or not. Can you tell me which analyses you referred to for the “records the history of connected USB device”?
Even there is “path” information in the violation log (when files violating policy are moved to a USB device), it does not indicate the drive is USB.
I found that the Analyses you referred to is called:
Removable Media: History of Connected USB Drives
This Analyses is provided by Client Manager for Endpoint Protection site instead of DLP component. But anyway, there is no analyses that records the files moved to USB devices.
Data Protection - Detected Data Loss Prevention Violation Information:
This analysis contains information about violations of data loss prevention detected by Core Protection Module endpoints in your deployment.
After activating this analysis, you will see the following property:
Detected Data Loss Prevention Violations
Maximum Data Loss Prevention Violation Report Count
Basically, it displays the information of “DLP_CLC_CPM.log”. You can find the path to the log
go the the folder of the “Application Path” value of the registry key: “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion”
the log is under Misc folder
Data Protection - Detected Device Control Violation Information Trend Micro Data Protection
This analysis contains information about Device Control violations detected by Core Protection Module endpoints in your deployment.
After activating this analysis, you will see the following properties:
Detected Device Control Violation
Maximum Device Control Violation Report Count
Basically, it displays the information of “AEGIS_CPM.log”. You can find the path to the log through checking the “Application Path” value of the registry key: “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion”