Windows Defender Firewall blocking applications

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Defender Firewall blocking applications

L0 Member

Hello all,

We are moving from Symantec Endpoint Protection (SEP) to Cortex XDR. If you are not familiar with SEP, it has its own firewall built in. When active, Windows Defender only manages a few aspects of the firewall. Since moving to having Cortex manage the firewall, we keep getting pop ups that Windows Defender is blocking some applications. After some discussion with Tech Support, we find out that Cortex XDR uses and API to manage the Windows Firewall.

I have been looking for some documentation on either what I might be missing or some sort of best practice.

 

Any insight to what I may be missing or misunderstanding?

1 REPLY 1

L1 Bithead

thats interesting. I wish i could see it but we havent engaged it yet unfortunately so i will learn from you. I think SEP like many other vendors actually completely disables the windows firewall? You may have in fact been vulnerable. I think the cortex only engages the rules you choose. Can you put some context on things it might block? This one would seem to explain a little possibly?  

 

By default, host firewall profile rules are based on the current location of your device. Configure two sets of rules: a set of 
External Rules that apply when the device is located outside the internal organization network, and a set of 
Internal Rules that apply when the device is located within the internal organization network. If you disable the 
Location Based option, your policy will apply the internal set of rules only, and that will be applied to the device regardless of its location

  • 3698 Views
  • 1 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!