Close Action

Action Type: Close

Immediately terminates the application when a threat is detected.

Available for: All platforms (Desktop, Mobile, Web)

How It Works

The Close action calls Environment.Exit(-1) immediately upon threat detection.

Behavior:

Immediate termination (no graceful shutdown)
Fastest response time
No cleanup operations
Exit code: -1

When to Use

Recommended for:

Debugger Detection - Prevent reverse engineering
Tampering Detection - Stop modified/cracked applications
Jailbreak Detection - Block compromised mobile devices
Process Injection - Prevent code injection attacks
Critical security violations - Any threat requiring immediate shutdown

Not recommended for:

Web applications (use block instead)
Non-critical threats (use log instead)
Development environments (use none instead)

Configuration

JSON Configuration

JSON

{
  "protections": {
    "DebuggerDetection": {
      "enabled": true,
      "action": "close"
    },
    "TamperingDetection": {
      "enabled": true,
      "action": "close"
    }
  }
}

{
  "protections": {
    "DebuggerDetection": {
      "enabled": true,
      "action": "close"
    },
    "TamperingDetection": {
      "enabled": true,
      "action": "close"
    }
  }
}

Code-Based Configuration

await Payload.ConfigureAsync(config =>
{
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
    config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close);
});

await Payload.ConfigureAsync(config =>
{
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
    config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close);
});

Platform-Specific Examples

Desktop Application

await Payload.ConfigureAsync(config =>
{
    // Close on debugger detection
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);

    // Close on tampering
    config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close);

    // Close on memory dump attempts
    config.AddProtection(ProtectionModuleType.MemoryDumpDetection, ActionType.Close);
});

await Payload.ConfigureAsync(config =>
{
    // Close on debugger detection
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);

    // Close on tampering
    config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close);

    // Close on memory dump attempts
    config.AddProtection(ProtectionModuleType.MemoryDumpDetection, ActionType.Close);
});

Mobile Application (MAUI)

await Payload.ConfigureAsync(config =>
{
    // Close on jailbreak/root
    config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);

    // Close on debugger
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
});

await Payload.ConfigureAsync(config =>
{
    // Close on jailbreak/root
    config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);

    // Close on debugger
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
});

Conditional Close (Development vs Production)

await Payload.ConfigureAsync(config =>
{
    #if DEBUG
        // Development: just log
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Log);
    #else
        // Production: close immediately
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
    #endif
});

await Payload.ConfigureAsync(config =>
{
    #if DEBUG
        // Development: just log
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Log);
    #else
        // Production: close immediately
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
    #endif
});

Environment-Specific Configuration

JSON

{
  "environments": {
    "development": {
      "protections": {
        "DebuggerDetection": { "enabled": true, "action": "log" }
      }
    },
    "production": {
      "protections": {
        "DebuggerDetection": { "enabled": true, "action": "close" }
      }
    }
  }
}

{
  "environments": {
    "development": {
      "protections": {
        "DebuggerDetection": { "enabled": true, "action": "log" }
      }
    },
    "production": {
      "protections": {
        "DebuggerDetection": { "enabled": true, "action": "close" }
      }
    }
  }
}

Best Practices

Use for Critical Threats Only

// Close action is appropriate here
config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close);

// Log action is better for these
config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Log);
config.AddProtection(ProtectionModuleType.ClockTampering, ActionType.Log);

// Close action is appropriate here
config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close);

// Log action is better for these
config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Log);
config.AddProtection(ProtectionModuleType.ClockTampering, ActionType.Log);

Different Actions for Different Environments

var action = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") == "Production"
    ? ActionType.Close
    : ActionType.Log;

config.AddProtection(ProtectionModuleType.DebuggerDetection, action);

var action = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") == "Production"
    ? ActionType.Close
    : ActionType.Log;

config.AddProtection(ProtectionModuleType.DebuggerDetection, action);

Combine with Logging for Forensics

JSON

{
  "logging": {
    "level": "warning",
    "file": { "enabled": true, "path": "logs/security.log" }
  },
  "protections": {
    "DebuggerDetection": { "enabled": true, "action": "close" }
  }
}

{
  "logging": {
    "level": "warning",
    "file": { "enabled": true, "path": "logs/security.log" }
  },
  "protections": {
    "DebuggerDetection": { "enabled": true, "action": "close" }
  }
}

Execution Flow

CODE

1. Threat Detected (e.g., Debugger attached)
   ↓
2. Monitor triggers Close action
   ↓
3. Log threat to backend (if configured)
   ↓
4. Log threat to local file (if configured)
   ↓
5. Environment.Exit(-1) called
   ↓
6. Application terminates immediately

1. Threat Detected (e.g., Debugger attached)
   ↓
2. Monitor triggers Close action
   ↓
3. Log threat to backend (if configured)
   ↓
4. Log threat to local file (if configured)
   ↓
5. Environment.Exit(-1) called
   ↓
6. Application terminates immediately

Custom - Execute custom logic before closing
Erase - Delete sensitive data before closing
Log - Record threat without closing

All Actions

View all action types

Custom Actions

Create custom handlers

How It Works

When to Use

Configuration

JSON Configuration

Code-Based Configuration

Platform-Specific Examples

Desktop Application

Mobile Application (MAUI)

Conditional Close (Development vs Production)

Environment-Specific Configuration

Best Practices

Execution Flow

Related Actions