pc guard: security settings

Self checking against modifications option

If selected, protected application will check encrypted sections against modifications. (Default status: ON)

If modifications are detected, there are few possible causes:

1) someone tried to patch (modify) protected application.

2) some applications can not be fully encrypted as they are modified during loading by operating system. Please turn off data or/and code section encryption for such applications.

3) application is not decrypted correctly because wrong decryption keys are used for decryption. This is possible in case two applications protected with same application signature and different Program ID's are run on same computer. See application signature notes for more information about this.

Check API hooking option

If set, protected application will check for API's hooked by another application. If any hooked function is located, application will quit. (Default value: ON)

Enable anti-dumping protection

Protected application will include protection against memory dumpers if this option is enabled. (Default value: OFF)

Rename sections

Select to rename executable file sections to random names with variable length. (Default value: ON)

Erase import directory data

If selected, import directory data will be erased from memory after startup. (Default status: ON)

NOTE: This option will be automatically disable if previously protected application is detected (in case more then one protection layer is applied to application).

Reset license if CRC errors are detected

This option is valid only if "Self checking against modifications" option is also enabled. Protection code is performing additional (crc) checks during decryption process (in memory) of protected application in order to detect changes in decrypted parts of application or errors in decryption process. If such error is detected "File damaged!" error message will be displayed.

- If enabled, protected application will also reset license status if crc errors are detected during decryption process.

- New activation code will be required afterwards.

- This option is valid for remote protection method only.

- Demo limitations are not restored.

(Default status: OFF)

Automatically delete damaged license file

If set, protected application will automatically delete damaged license file on target computer. Damaged license file means that license information is invalid or there is discrepancy in license data which should not happen unless license data was damaged or tampered with. Some external software or user restrictions may also affect ability of protected application to store and manage license data.

"License information is invalid!" (License_Error) message will be displayed in the case license file is damaged. New activation code will be required and demo limitations are not restored after license is reset.

License file is required for REMOTE, NETWORK protection methods, DEMO mode, Serial number feature and in case protection interface is enabled.

(Default status: ON)

Prevent file modifications

If selected, protected application will check for modifications and refuse to work if modified. "File damaged!" error message is displayed in case modifications are detected. Option is valid for .EXE files only. (Default value: OFF)

NOTE: Application protected with this option can not be re-protected or digitally signed!

Extra system time validation checks

If enabled, protected application will make extra system clock (date/time) validation checks. Option is valid for applications protected with demo mode or with limited license feature enabled.

If invalid system time is detected protected application will reset demo mode or limited license (in case 'Reset license in case of invalid system time' option is enabled). Allow system time adjustments option will also be ignored in this case.

(Default value: OFF)

Virtual machine detection

If enabled, protected application will refuse to work on virtual machines and display "This program can not be run under virtual machine." (Virtual_Machine_Error) error message on startup.

(Default status: OFF)

NOTE: Protection code will use different techniques in order to detect if application is running under virtual machine. Although we've made a number of tests on different systems, since most of these techniques are heuristic false positive VM detection may be possible in some cases.

Check program filename

If selected, protected program will refuse to work in case program filename is changed. (Default status: OFF)

NOTE: this feature is useful for .EXE files only.

RTE enabled

PC Guard offers unique support for runtime encryption/decryption (RTE) of protected application.

Fragments of code are marked in source code by using special start and end labels. These fragments of code in compiled application are recognized and additionally encrypted during protection process. Runtime encrypted code always stays encrypted in memory. It is not decrypted during application startup. It's managed by special code each time it should be executed. Once it is executed code is encrypted again.

- RTE is not available for .NET applications due to nature of .NET framework.

- RTE requires additional programming on your side and is provided for advanced users only.

- RTE documentation is kept in separate help file and can be accessed from main Help menu (full featured version only).

- Visual C++ and Delphi source code examples are included in this documentation.

REMOTE protection note:

If multiple applications are sharing license information (for example, single .exe and few .dll files) and some applications from this group are using RTE (run time encryption) this option should be enabled for all applications from this group. If option is not enabled for all applications, applications not using RTE will generate decryption errors.

(Default status: OFF)

Detect Deep Freeze

If selected, protected application will refuse to run on system with Deep Freeze (by Faronics) installed. (Default status: OFF)

Detect ProcMon

If enabled, protected application will not run if Process Monitor (ProcMon) software is detected. (Default status: OFF)

Disable remote sessions

If enabled, application will refuse to run in terminal services client session. (Default status: OFF)

"This application can not be run in remote session" (Remote_Session_error) message is displayed in case remote session is detected. This message can be changed in language editor. Option is valid for Windows 2000 and later operating systems.