Resist FileMon is an option that you can set in your licenses that specifically causes the ClientProtector, during the scope of many of its function calls, to attempt to detect if the SysInternals® tool "FileMon" that monitors file system activity in real-time is running on the users system. This is a protection mechanism that resists attempts to watch your programs (and the ClientProtector) access to the file system with FileMon. This is often an attack by a cracker.

If detected, the entire process is immediately terminated with a non-orderly shutdown. The function call from your program that indirectly caused a successful detection of FileMon will never return.

Before setting this option, you should consider whether your user will typically be a software developer that has a legitimate need for attempting to monitor the registry in real-time. If you enable detection of FileMon, then your license will prevent your application from running when a FileMon is running.

Generally, most users have no need for using FileMon, so you are fairly safe enabling this option.

However, if you use FileMon yourself, be sure that during development, you keep this flag turned off since you will probably be unable to debug your own software. If it is on, when the ClientProtector detects FileMon as a running process, it will immediately cause the entire process to simply shut-down.

If you choose to use this option, simply make sure that the very last thing you do before distributing the license is to turn it on, re-compile and test.

More Information

For help on how to make your program more secure, see the Non-IronWrapping Anti-Hacker Guide in the Developing Applications Using The SoftwareShield System Reference.

For help on actually setting the Resist FileMon option, see License Behaviour Tab in the SoftwareShield License Manager Reference.