01-22-2021 11:32 AM
We are moving from Symantec Endpoint Protection (SEP) to Cortex XDR. If you are not familiar with SEP, it has its own firewall built in. When active, Windows Defender only manages a few aspects of the firewall. Since moving to having Cortex manage the firewall, we keep getting pop ups that Windows Defender is blocking some applications. After some discussion with Tech Support, we find out that Cortex XDR uses and API to manage the Windows Firewall.
I have been looking for some documentation on either what I might be missing or some sort of best practice.
Any insight to what I may be missing or misunderstanding?
01-22-2021 01:51 PM
thats interesting. I wish i could see it but we havent engaged it yet unfortunately so i will learn from you. I think SEP like many other vendors actually completely disables the windows firewall? You may have in fact been vulnerable. I think the cortex only engages the rules you choose. Can you put some context on things it might block? This one would seem to explain a little possibly?
By default, host firewall profile rules are based on the current location of your device. Configure two sets of rules: a set of
External Rules that apply when the device is located outside the internal organization network, and a set of
Internal Rules that apply when the device is located within the internal organization network. If you disable the
Location Based option, your policy will apply the internal set of rules only, and that will be applied to the device regardless of its location
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!