You could try a root bucket policy that blocks /FileStore/* prefix. But this could affect some functionality. Please get in touch with the accounts team
Unfortunately this is not possible from the platform.
You can however use an external Web Application Firewall (e.g. Akmai) to filter all web traffic to your workspaces. This can block both Web access to download root bucket data.