WARP not respecting split/exclude

So my team are running WARP on client laptops and we have configured the exclude from using the Cloudflare network. We are having an issue when we use our company VPN, who’s endpoint is also excluded, the clients are reporting increased latency at times. This latency goes away once WARP is disabled which seems to suggest an issue with the WARP app/setup.

Despite having in the exclude, we can still see in gateway logs that Zero Trust is blocking requests to a 10.x address. This is expected as we do have a “block all private IP addresses” in the firewall policies but we are not running any private tunnels that include these 10.x ranges. I would also expect this to not even hit Cloudflare as the range is included in the exclusion list. Could it be that a badly configured “no inspect” rule is looking for these 10.x requests?

We’re running WARP v2023.7.159.0 on all major operating sytems.