Hello
if you are using Windows machine , it will use icmp with TTL=1 to trace the first hope , and increase TTL for every next hop (see below diagram) , so if you disable the ping under the zone host-inboud-traffc system-services , this will block both traceroute and ping on your SRX .
SENDER=====Router=====Router=====Router=====TARGET
TTL=1 TTL=2 TTL=3 TTL=4
if you'd like to keep ping enabled and block traceroute only , you need to define a firewall filter , to block "ICMP-TIME-EXCEEDED" reply from your SRX to the client , so in this case , you filter will be applied as "output" on the local interface , please find below a config template , I user 192.168.1.1 as your SRX local address facing the clients.
set firewall family inet filter block-traceroute term t1 from source-address 192.168.1.1/32
set firewall family inet filter block-traceroute term t1 from protocol icmp
set firewall family inet filter block-traceroute term t1 from icmp-type time-exceeded
set firewall family inet filter block-traceroute term t1 then discard
set firewall family inet filter block-traceroute term accept-else then accept
set interfaces ge-0/0/1.0 family inet filter output block-traceroute
Regards