Policy selection for ADMX packs

Policy overview

Key metadata and intent for this policy.

ClassComputer

CategoryWindows Defender Firewall > Standard Profile

Supported onAt least Windows XP Professional with SP2

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Defender Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the "Allow inbound echo request" message type, Windows Defender Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer. If you enable this policy setting, you must specify which ICMP message types Windows Defender Firewall allows this computer to send or receive. If you disable this policy setting, Windows Defender Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Defender Firewall deletes the list of message types that you had enabled. If you do not configure this policy setting, Windows Defender Firewall behaves as if you had disabled it. Note: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound echo requests, even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow file and printer sharing exception," "Windows Defender Firewall: Allow remote administration exception," and "Windows Defender Firewall: Define inbound port exceptions." Note: Other Windows Defender Firewall policy settings affect only incoming messages, but several of the options of the "Windows Defender Firewall: Allow ICMP exceptions" policy setting affect outgoing communication.

Internal name

WF_IcmpSettings_Name_2

Policy ID

c3d8dd29e47b

Elements

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

Element	Type	Registry mapping	Constraints & behavior
Allow outbound destination unreachable ID WF_IcmpSettings_AllowOutboundDestinationUnreachable	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundDestinationUnreachable Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow outbound source quench ID WF_IcmpSettings_AllowOutboundSourceQuench	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundSourceQuench Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow redirect ID WF_IcmpSettings_AllowRedirect	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowRedirect Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow inbound echo request ID WF_IcmpSettings_AllowInboundEchoRequest	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundEchoRequest Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow inbound router request ID WF_IcmpSettings_AllowInboundRouterRequest	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundRouterRequest Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow outbound time exceeded ID WF_IcmpSettings_AllowOutboundTimeExceeded	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundTimeExceeded Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow outbound parameter problem ID WF_IcmpSettings_AllowOutboundParameterProblem	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundParameterProblem Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow inbound timestamp request ID WF_IcmpSettings_AllowInboundTimestampRequest	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundTimestampRequest Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow inbound mask request ID WF_IcmpSettings_AllowInboundMaskRequest	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowInboundMaskRequest Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0
Allow outbound packet too big ID WF_IcmpSettings_AllowOutboundPacketTooBig	boolean	HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings\AllowOutboundPacketTooBig Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0

Other policies in this category

Explore related policies at the same level.

View all policies in this category