Windows (NG Engine) Default Protection Settings Screen
Protection settings for Windows programs are displayed when you select Windows NG under Default Protection Settings in the Project pane. All the settings can be modified.
The Windows (NG Engine) Default Protection Settings screen contains the following settings:
|
User debugger detection |
Enables/disables debugger detection. NOTE If certain applications are running (typically, developer tools), they will be detected as a debugger when this setting is enabled. This means that the protected program will not launch. |
|
Set a time interval (in seconds) for periodic background checks for a Sentinel protection key with the required licenses. Regardless of the setting for this field, the License Manager checks for the required license when the application is started. Use the parameter Allow grace periods after failed license check to determine the behavior of the application if the required protection key is not found. For more information, see Periodic Background Check Behavior. Periodic background checks does not work if you use Envelope to protect a DLL for a Windows console application, because console applications do not have a windows timer. IMPORTANT For applications that may use the Execution Count license type and the Admin License Manager: End users can configure the Admin License Manager session to time out after as little as 10 minutes of inactivity. If the background check interval is greater than the idle time-out interval and a time-out occurs, the background thread will re-login to the protection key. This could result in additional consumption of licenses for applications licensed with the Execution Count license type. Therefore, Thales recommends that you do one of the following: >Set a time interval of less than 10 minutes for Periodic background checks in order to prevent the session from timing out. >Take other precautions to ensure that the end user does not set the idle time-out interval to a value lower than or equal to the Periodic background checks interval. |
|
| Allow grace periods after failed license check |
Number of grace periods to grant the user if a background check determines that the required protection key is not connected. This parameter is only applicable if Periodic background checks is selected. For more information, see Periodic Background Check Behavior. |
|
Random queries |
(Only relevant for Win32 legacy projects) Enables you to specify how often random data is encrypted and decrypted using the Sentinel key. Possible values range from 1– 50. |
|
Run-time wait |
Enables you to specify the maximum time allowed for searching for the Sentinel Run-time Environment to load. Value range is from 1– 600 seconds. NOTE Supported for executables that are being protected. |
|
Run-time wait message |
(Only relevant when the Run-time wait check box is selected) Enables you to specify whether a run-time wait progress message is displayed in the GUI. The message box also enables you to abort the launch of the protected application. |
|
Protection Layers |
(Only relevant for Win32 legacy projects) Enables you to specify the number of protective module layers wrapped around the protected application. Possible values range from 1– 50. The default setting is 12. NOTE Increasing the number in this field may impact the startup time and file size of a protected application. |
|
Encryption key for Version 1 data files |
Specify eight alphanumeric characters to create the key that will be used to encrypt data files when using the Version 1 data protection mode. Use the same key when multiple applications are required to access the same set of data files. To create random encryption keys each time a new project is initiated, enter eight consecutive hyphens in the field. |
|
Encryption level |
(Only relevant for Win32 legacy projects) Enables you to control the frequency of the calls made to a Sentinel key by the protected application. Move the Encryption Level slider to the right to increase the frequency. NOTE There is a trade-off between encryption level and protected file size and startup speed. A higher encryption level entails a slower runtime startup. |
| Disable key for attempted tampering |
If selected, the Envelope run-time module in the application disables the key if the module determines that the user has attempted to tamper with the key or with the protected application. Once the key is disabled, the protected application will fail or will display an error message and stop executing, depending on the type of tampering detected. Only relevant when the application is licensed with one of the following: > A Sentinel HL (Driverless configuration) key NOTE If the customer's HL key has a Firmware version earlier than 4.54, key disabling is not supported. If tampering is detected, the protected application will fail or will continue to operate, depending on the type of tampering detected. In either case, the customer can continue to use the application afterward. >A Sentinel CL key (an SL key that is enabled for cloud licensing) NOTE You must connect a Sentinel Developer key or Master key at the time that you protect the application. Tamper detection functionality is not supported for the DEMOMA Batch Code. For details, see Enhanced Protection Against Tampering for Sentinel Keys |
| Program Integrity Protection |
If selected, the protected application is signed with a digital signature. At run-time, the signature is checked to ensure that the code was not modified. Program integrity protection is compatible with Microsoft Authenticode signatures. It is possible to apply a Microsoft Authenticode signature to the protected application when the Program Integrity Protection option is selected. |