Hello,
There are only the pre-configured firewall rules from Symantec for medium security in SEP SBE 12.1
- block Ipv6 over Ipv4 (Teredo)
- block Ipv6 over Ipv4 (ISATAP)
- allow fragmented packets
- allow wireless EAPOL
- allow local file sharing on local computers
- block local file sharing on external computers
- allow Bootp
- allow UPnP discovery from local computers
- block UpnP discovery from external computers
- allow web service-requests from local computers
- block web service-requests from external computers
- allow LLMNR from local Ipv4 traffic
- block LLMNR from external traffic
- allow web services detection from local computers
- block web services detection from external computers
- allow SSDP from local computers
- block SSDP from external computers
- allow ping, pong and tracert
- allow all applications
- allow VPN
- allow Veritas protocol
- medium security 1
- medium security 2
- block broadcast and multicast traffic without logging
- block and log all other IP traffic
- block and don't log all other traffic
So, you can go ahead and edit the Firewall Rules from the SEPM SBE 12.1 to block the " ping, pong and Tracert" or change the policy as per your requirements, check the screenshot of the same -
Hope that helps!!