Firewall policy has been created with only two rules:

•  the first one which is blocking all traffic from ping.exe
•  the second one below allows all the traffic

Then if "ping -t IPADDRESS" is executed, some pings are passing through the firewall and sending back replies.

List of "General failure.", which is expected behavior, and some unexpected "Reply from ...".

• SEP Firewall logs show that pings passing through are not executed by ping.exe but ntoskrnl.exe.

Change the rule to block ICMP protocol rather than ping application.

Applies To

• Unmanaged SEP 12.1 client with Network Threat Protection installed and rule to block ping.exe added.