The SEP client (and SEPM) does not log the "source filename" as part of the USB file transfer policy, it logs the process executing transfer, and the new filename (destination) on the USB drive, but not where abouts the file originated from.
For security investigations this is extremely important in a legal / court case to be able to completely prove where and how data loss occurred, this requirement is not being meet by SEP14 client.
For example..... if a user copies files to (or from) a USB drive, and we investigate, we need to know where abouts the files originate, particularly if this is for pirate content, adult pornography, or child exploitation material. Additionally, if it remains on the enterprise servers, it needs to be located and thoroughly contained.
Obviously there isn't always a source / originating filename event if a new document is create directly onto USB (and some other scenarios), but where there is, it should be accurately captured for legal follow up.
Users will sometimes plead ingorance and claim they didn't do the activity, and then security has to spent hours hunting the material down.