Hello,I have found strange problem in Vista firewall in case outbound traffic is blocked and you want to allow just traffic specified by rules.I allowed several applications like IE8, Live Mail without any problem however I have problems with simple ping.I allowed program %SystemRoot%\System32\PING.EXE but I still can not make ping request. Whenever I want to use ping I get error: General Failure.If I change the outbound rule to allow just outgoing ICMP traffic regardless of application then it works just fine.Do you know where could be problem? BTW I have same problem for tracert as well.

Hi, thanks for the post. Have you tried to boot into Safe Mode with network? Whats the result? Meanwhile, this issue can be related to third party programs, especially with security program. You can check the following article: http://www.chicagotech.net/netforums/viewtopic.php?t=3436 Hope this helps!Sean Zhu - MSFT

Hi, thanks for the post. Have you tried to boot into Safe Mode with network? Whats the result? Meanwhile, this issue can be related to third party programs, especially with security program. You can check the following article: http://www.chicagotech.net/netforums/viewtopic.php?t=3436 Hope this helps! Sean Zhu - MSFT Hello, thank you for your reply.I was trying it from Safe Mode as well however with the same result.To better clarify myself what I'm trying to do.... I'm trying to exploit advanced functions of Vista Windows Firewall to block all traffic by default - including outbound connections initiated by applications running on my laptop.To do this I used Windows Firewall with Advanced Security and setup inbound rules to block all connections and I did the same for outbound connections too.Then as expected I was not able to initiate any network connection at all.So I started creating rules to allow just selected applications like internet browser, mail client etc. I did not have problem to get them working. I setup outbound rules for these applications without any problem.However I would like to use also ping so I supposed it should be enough to create a new outbound rule to allow ping.exe application but this does not work.To be honest I do not see the reason why the rule for ping.exe should be any different from rules I created before for internet browser and other stuff.I've noticed that if I modify outbound rule for ping to not limit it just for ping.exe and I allow outgoing ICMP protocol for all applications then it works just fine .. but this is a possible security breach as any application can communicate via ICMP including malware. To me it seems like some sort of problem in Vista Firewall which is not able to see that traffic is originating from ping.exe. Can someone confirm it?

Hi, thanks for the update. Based on my knowledge, we need to enable ICMP in order to allow ping command. You can also check the following article regarding the issue: Nobody Can Ping My Computer http://technet.microsoft.com/en-us/library/cc749323(WS.10).aspx A common step in troubleshooting connectivity situations is to use the Ping tool to ping the IP address of the computer to which you are trying to connect. When you ping, you send an ICMP Echo message (also known as an ICMP Echo Request message) and get an ICMP Echo Reply message in response. By default, Windows Firewall does not allow incoming ICMP Echo messages, and therefore the computer cannot send an ICMP Echo Reply in response. Enabling incoming ICMP Echo messages will allow others to ping your computer. However, it also leaves your computer vulnerable to the types of attacks that use ICMP Echo messages. Therefore, we recommended that you enable the Allow incoming echo request setting temporarily, and then disable it when it is no longer needed.

Hello,thank you for reply. However I'm convinced that the artice is not correct."A common step in troubleshooting connectivity situations is to use the Ping tool to ping the IP address of the computer to which you are trying to connect. When you ping, you send an ICMP Echo message (also known as an ICMP Echo Request message) and get an ICMP Echo Reply message in response. By default, Windows Firewall does not allow incoming ICMP Echo messages, and therefore the computer cannot send an ICMP Echo Reply in response."As far as I know Windows Firewall is a Stateful Packet Firewall, which means it is able to recognize which traffic coming from outside is related to traffic sent by the requestor in first place. Therefore even though incoming ICMP traffic is blocked in Windows Firewall you can still ping other stations without any problem. Windows Firewall simply knows that ICMP Echo Reply is related to your ICMP Echo Request so packets are allowed.You can try it by blocking all incoming connections in Windows Firewall and pinging some host placed outside. It's going to work.What I'm trying to solve is that from some reason which is not known to me, Windows Vista Firewall denies ping.exe application to send any traffic outside. (even though it is allowed by outbound rule)I have similar rule for iexplore.exe and it works. (of course I also allowed remote connection to port 53/UDP to allow DNS)