We are moving from Symantec Endpoint Protection (SEP) to Cortex XDR. If you are not familiar with SEP, it has its own firewall built in. When active, Windows Defender only manages a few aspects of the firewall. Since moving to having Cortex manage the firewall, we keep getting pop ups that Windows Defender is blocking some applications. After some discussion with Tech Support, we find out that Cortex XDR uses and API to manage the Windows Firewall.
I have been looking for some documentation on either what I might be missing or some sort of best practice.
Any insight to what I may be missing or misunderstanding?