.NET Default Protection Settings Screen
Protection settings for .NET assemblies are displayed when you select the .NET icon in the Project pane. The settings defined in the .NET protection settings screen apply to all .NET assemblies in the current project. All the settings can be modified.
The .NET – Default Protection Settings screen contains the following settings:
|
String encryption |
Enables string encryption for your .NET assembly |
|
Set a time interval (in seconds) for periodic background checks for a Sentinel protection key with the required licenses. Regardless of the setting for this field, the License Manager checks for the required license when the application is started. Use the parameter Allow grace periods after failed license check to determine the behavior of the application if the required protection key is not found. For more information, see Periodic Background Check Behavior. IMPORTANT For applications that may use the Execution Count license type and the Admin License Manager: End users can configure the Admin License Manager session to time out after as little as 10 minutes of inactivity. If the background check interval is greater than the idle time-out interval and a time-out occurs, the background thread will re-login to the protection key. This could result in additional consumption of licenses for applications licensed with the Execution Count license type. Therefore, Thales recommends that you do one of the following: >Set a time interval of less than 10 minutes for Periodic background checks in order to prevent the session from timing out. >Take other precautions to ensure that the end user does not set the idle time-out interval to a value lower than or equal to the Periodic background checks interval. |
|
| Allow grace periods after failed license check |
Number of grace periods to grant the user if a background check determines that the required protection key is not connected. This parameter is only applicable if Periodic background checks is selected. For more information, see Periodic Background Check Behavior. NOTE For .NET, the user of grace periods is not currently supported. The protected application will always retry to find a protection key. |
| Run-time wait |
If selected, specifies that the protected .NET assembly should wait for the specified number of seconds for the Sentinel Run-time Environment to load. You can specify from 1 to 600 seconds. NOTE Supported for .NET assemblies that are being protected. This parameter is disabled when the entry point is not selected for protection. |
| Run-time wait message |
(Only applicable when Run-time wait is selected.) Whether a run-time wait progress message is displayed in the .NET user interface. The message box also enables the user to abort the assembly launch. NOTE For .NET, this function only works as console output. The application waits an unlimited amount of time for a protection key, with output to the console. |
|
Apply compression |
Enables you to designate the compression level of protected classes. Protected classes can be stored in the output file with the following compression levels: |
|
|
>Low - Fast compression process |
|
>High - Slow compression process |
|
|
|
NOTE Selection of a compression level does not affect the speed of the decompression level. |
|
Obfuscate Symbols |
An anti-reverse engineering security measure that enables obfuscation of the .NET assembly’s symbol names. Names become arbitrary strings containing random letters or numbers. There are two levels of symbol obfuscation: |
|
|
>All symbols - Full obfuscation. This is the default protection level. |
|
|
>Exclude resources - Does not change the names of resources. Use this option in the case in which you are unable to protect .NET assemblies with theAll symbolsoption. |
|
|
Note that symbol obfuscation can cause issues when class names or method names are used externally as references but cannot be found because they might be obfuscated. This happens, for example, if your project uses external configuration files with class names as references. In these instances, you must identify such dependencies themselves and either select the Exclude resources option for the Obfuscate Symbols setting or completely disable symbol obfuscation for these classes and methods. Envelope attempts to detect external references where obfuscated names could cause problems. In these instances, Envelope automatically disables the obfuscation of the specific symbols. NOTE >You can obfuscate the entire code of selected Methods in an assembly via the Protection Details pane. >Because the real names of methods, objects, and so on are obfuscated, in the event of an application failure, an exception report will also display encrypted information. The Sentinel Exception Report Translator utility enables you to convert an obfuscated exception report into a readable format. |
| Do not protect new methods | When you load a changed binary to an existing Envelope project, Envelope uses default settings to select which of the methods that were added to protect. If you select this check box, Envelope does not select any of the added methods for protection. |
| Program Integrity Protection |
If selected, the protected application is signed with a digital signature. At run-time, the signature is checked to ensure that the code was not modified. Program integrity protection is compatible with Microsoft Authenticode signatures. It is possible to apply a Microsoft Authenticode signature to the protected application when the Program Integrity Protection option is selected. NOTE For .NET, the Program Integrity Protection option is not currently supported. |
| Disable key for attempted tampering |
If selected, the Envelope run-time module in the application disables the key if the module determines that the user has attempted to tamper with the key or with the protected application. Once the key is disabled, the protected application will fail or will display an error message and stop executing, depending on the type of tampering detected. Only relevant when the application is licensed with one of the following: > A Sentinel HL (Driverless configuration) key NOTE If the customer's HL key has a Firmware version earlier than 4.54, key disabling is not supported. If tampering is detected, the protected application will fail or will continue to operate, depending on the type of tampering detected. In either case, the customer can continue to use the application afterward. >A Sentinel CL key (an SL key that is enabled for cloud licensing) NOTE You must connect a Sentinel Developer key or Master key at the time that you protect the application. Tamper detection functionality is not supported for the DEMOMA Batch Code. For details, see Enhanced Protection Against Tampering for Sentinel Keys |