After Deploying McAfee's Host Intrustion Prevention product (v7.0.3) to a desktop with the firewall turned on and the default "allow Ping" rule enabled, I was unable to ping a remote system.

 

The system was managed by ePO and the default rule set actually had two ping Rule Groups in place and enabled. The first "Ping and ICMP" had several rules that caused all manner of traffic between systems to crash and caused intermittent problems on the network, so it was deleted from the Polilcy. This left the "Ping" rule group, which included the rules "Allow ICMP Echo Request Outgoing" and "Allow ICMP Echo Reply Incoming."

 

"Allow ICMP Echo Request Outgoing" allowed ICMP echo requests outgoing to any IP for the PING.EXE application

"Allow ICMP Echo Reply Incoming."    allowed ICMP echo replies incoming outgoing to any IP for the PING.EXE application

 

Looks prettry straight forward for allowing the machine to ping out, but outward pings would not work and there was a log entry stating that the ping request had been blocked??? HIPS is a complicated application and I was afraid that there was some obsure application blocking rule that restricted ping.exe. To test that it was actual a firewall error, I turned off the firewall. Pinging worked.

 

After modifying the rules several times and in various methods, I finally discovered that the fix was to not limit the application to ping.exe. Removing ping.exe from both rules, but otherwise leaving them unchanged allowed the target machine to ping outward.