The routing that Edge Client (EC) sets is derived from the current routing and whatever the settings are on the client. Windows does have some DNS and proxy idiosyncrasies that necessitate the client to push a "route all traffic over the tunnel" route as 0.0.0.0/1 & 128.0.0.1/1 in some cases, because Windows treats devices with a 0.0.0.0/0 route differently than devices with both 0.0.0.0/1 and 128.0.0.1/1 routes, even though at L3 they're effectively equivalent. You might try to adjust your client PC to a more common "192.168" subnet to see how the behavior changes.
You can find in the Edge Client log files very detailed logging about what is the current (before EC does anything) and what is the result (after EC adjusts the routes) that are set.
Examine these EC logs closely to see how this compares to your Network Access List settings.