https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/windows-defender-firewall-blocking-applications/m-p/381729#M507 <P>thats interesting. I wish i could see it but we havent engaged it yet unfortunately so i will learn from you. I think SEP like many other vendors actually completely disables the windows firewall? You may have in fact been vulnerable. I think the cortex only engages the rules you choose. Can you put some context on things it might block? This one would seem to explain a little possibly?&nbsp;<SPAN>&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>By default, host firewall profile rules are based on the current location of your device. Configure two sets of rules: a set of&nbsp;<BR />External Rules&nbsp;that apply when the device is located outside the internal organization network, and a set of&nbsp;<BR />Internal Rules&nbsp;that apply when the device is located within the internal organization network. If you disable the&nbsp;<BR />Location Based&nbsp;option, your policy will apply the internal set of rules only, and that will be applied to the device regardless of its location</SPAN></P> Fri, 22 Jan 2021 21:51:55 GMT JohnSmith7732 2021-01-22T21:51:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/windows-defender-firewall-blocking-applications/m-p/381690#M506 <P>Hello all,</P><P>We are moving from Symantec Endpoint Protection (SEP) to Cortex XDR. If you are not familiar with SEP, it has its own firewall built in. When active, Windows Defender only manages a few aspects of the firewall. Since moving to having Cortex manage the firewall, we keep getting pop ups that Windows Defender is blocking some applications. After some discussion with Tech Support, we find out that Cortex XDR uses and API to manage the Windows Firewall.</P><P>I have been looking for some documentation on either what I might be missing or some sort of best practice.</P><P>&nbsp;</P><P>Any insight to what I may be missing or misunderstanding?</P> Fri, 22 Jan 2021 19:32:31 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/windows-defender-firewall-blocking-applications/m-p/381690#M506 AndrewBowden04 2021-01-22T19:32:31Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/windows-defender-firewall-blocking-applications/m-p/381729#M507 <P>thats interesting. I wish i could see it but we havent engaged it yet unfortunately so i will learn from you. I think SEP like many other vendors actually completely disables the windows firewall? You may have in fact been vulnerable. I think the cortex only engages the rules you choose. Can you put some context on things it might block? This one would seem to explain a little possibly?&nbsp;<SPAN>&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>By default, host firewall profile rules are based on the current location of your device. Configure two sets of rules: a set of&nbsp;<BR />External Rules&nbsp;that apply when the device is located outside the internal organization network, and a set of&nbsp;<BR />Internal Rules&nbsp;that apply when the device is located within the internal organization network. If you disable the&nbsp;<BR />Location Based&nbsp;option, your policy will apply the internal set of rules only, and that will be applied to the device regardless of its location</SPAN></P> Fri, 22 Jan 2021 21:51:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/windows-defender-firewall-blocking-applications/m-p/381729#M507 JohnSmith7732 2021-01-22T21:51:55Z