Windows Firefall Responds to Ping

S

Stuart

Disallow ICMP packets to be accepted.
William Crawford
Thanks. Trouble is even when being logged in as Administrator, it is grayed
out and it won't allow me to remove the check??
Stuart
 
W

WTC

Stuart said:
Thanks. Trouble is even when being logged in as Administrator, it is
grayed out and it won't allow me to remove the check?? Stuart


Open the Group Policy Editor (Start > Run > gpedit.msc) and navigate to:

Computer Configuration > Administration Templates > Network > Network
Connections > Windows Firewall > Standard Profile

Locate Windows Firewall: Allow ICMP exceptions

Set this setting to "Not Configured".

If this setting is set as Not Configured then open the registry and
navigate to:

HKLM\Software\Policies\Microsoft

Delete the "WindowsFirewall" key and reboot.
 
S

Stuart

Disallow ICMP packets to be accepted.
Open the Group Policy Editor (Start > Run > gpedit.msc) and navigate to:

Computer Configuration > Administration Templates > Network > Network
Connections > Windows Firewall > Standard Profile

Locate Windows Firewall: Allow ICMP exceptions

Set this setting to "Not Configured".

If this setting is set as Not Configured then open the registry and
navigate to:

HKLM\Software\Policies\Microsoft

Delete the "WindowsFirewall" key and reboot.
I thought the answer might lie in the Policy Editor.
The GPE ICMP was already set to "Not Configured".
I went to HKLM\Software\Policies\Microsoft and
there was no "WindowsFirewall" key. I did a find
in the registry and there was no "WindowsFirewall" key??

I'm surprised MS makes it so hard. It should be a
normal request and work the way I tried it first when it
was grayed out - yes? Does it matter whether I go in
under "Administrator" or "Stuart" with administrator
privileges? The system is currently configured without
"Administrator" only with "Stuart" with administrator
privileges. It still responds to pings. Regards, Stuart
 
W

WTC

Stuart said:
I thought the answer might lie in the Policy Editor.
The GPE ICMP was already set to "Not Configured".

Enable and apply this setting then set the setting as Not Configured.

I went to HKLM\Software\Policies\Microsoft and
there was no "WindowsFirewall" key. I did a find
in the registry and there was no "WindowsFirewall" key??

Look at this location as well
HKCU\Software\Policies\Microsoft\WindowsFirewall

You could try a search in the Registry for "AllowInboundEchoRequest".

I'm surprised MS makes it so hard. It should be a
normal request and work the way I tried it first when it
was grayed out - yes?

Something must have change this setting. By default, this setting is
not restricted by policy.
Does it matter whether I go in
under "Administrator" or "Stuart" with administrator
privileges?

This should not matter as both users will have Admin rights.


Also check Local Security Policy. Control Panel > Administrative Tools
Local Security Policy > IP Security Policies on Local Computer >
Server (Request Security) and Secure Server (Require Security). Ensure
All ICMP Traffic is checked.
 
S

Stuart

Enable and apply this setting then set the setting as Not Configured.
Done. To be doubly sure I closed the GPE and re-entered once to make sure it
stayed changed. I did not reboot during this because I didn't see how it
would help.
Look at this location as well
HKCU\Software\Policies\Microsoft\WindowsFirewall
The location does not exist.
You could try a search in the Registry for "AllowInboundEchoRequest".
Nothing under that and I manually searched the entire policy area for
firewall policy and nothing exists.
Also check Local Security Policy. Control Panel > Administrative Tools
Local Security Policy > IP Security Policies on Local Computer >
Server (Request Security) and Secure Server (Require Security). Ensure
All ICMP Traffic is checked.
No Local Security Policy exists and there is no server around. I only
connect via Internet and a Network Place local peer-to-peer connection.

This is an interesting problem. I wonder if any spyware could have done
this. I didn't. Microsoft.NET Framework is installed. I use Defender for
real time protection and AVAST-at-bootup (safe mode-once per month).
Unfortunately, I loaded a lot of freeware over the last 3-4 years and 4 to 5
pieces of spyware have gotten by Defender and before with AVAST-real-time
(some maybe never installed) and been deleted through AVAST-at-bootup. One
AVAST-at-bootup deletion I remember very recently about when all this
happened.

I am thinking I better start locating all my software because I now only use
5 or 6 freeware programs that I trust. I cannot right now see any way to get
my control back where I will trust this computer other than F-disk and
reload XP and then everything else. Any other ideas? I don't relish the
reload.

Stuart//
 
W

WTC

Stuart said:
Tools >Local Security Policy > IP Security Policies on Local Computer
No Local Security Policy exists and there is no server around. I only
connect via Internet and a Network Place local peer-to-peer
connection.

Try entering "secpol.msc" in the Run dialog box.

Or try, enter "mmc" in the Run dialog box. When the Management Console
open then go to File > Add/Remove Snapin > click Add > Select IP
Security Policies > Click Add > Select Local Computer > click Finish
then Ok.

Check 'Server (Request Security)' and 'Secure Server (Require
Security)'. Ensure 'All ICMP Traffic' is checked.

If this does not work then I am out of ideas for you. Good Luck.
 
S

Stuart

Try entering "secpol.msc" in the Run dialog box.
Check 'Server (Request Security)' and 'Secure Server (Require
Security)'. Ensure 'All ICMP Traffic' is checked.
The 2 ICMP settings are both checked here, but there is also a Client
(Respond Only) which has <Dynamic> default checked for the IP Filter List.
Does anything need to be added here?
Thanks for trying. Stuart
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top