/

None Action

Action Type: None

Detects threats but takes no action. Useful for testing, analytics, and development.

Available for: All platforms (Desktop, Mobile, Web)

How It Works

The None action allows detection to run normally without any user-facing response.

Behavior:

  • Detection runs as configured
  • No user disruption
  • No application termination
  • No request blocking
  • Still logs to backend (if configured)
  • Still logs to local files (if configured)

When to Use

Recommended for:

  • Development Environments - Test without disruption
  • Testing Configurations - Validate protection settings
  • Analytics Collection - Gather threat statistics
  • False Positive Evaluation - Assess detection accuracy
  • Gradual Rollout - Monitor before enforcing
  • Debugging - Understand detection triggers

Not recommended for:

  • Production environments with critical threats
  • Applications requiring active protection

Configuration

JSON Configuration

JSON
{
  "protections": {
    "DebuggerDetection": {
      "enabled": true,
      "action": "none"
    },
    "VirtualMachineDetection": {
      "enabled": true,
      "action": "none"
    }
  }
}

Code-Based Configuration

C#
await Payload.ConfigureAsync(config =>
{
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.None);
    config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.None);
});

Use Cases

Development Mode

C#
await Payload.ConfigureAsync(config =>
{
    #if DEBUG
        // Development: detect but don't disrupt
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.None);
        config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.None);
    #else
        // Production: enforce security
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
        config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Log);
    #endif
});

Testing Configuration

C#
// Test all protections without disruption
await Payload.ConfigureAsync(config =>
{
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.None);
    config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.None);
    config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.None);
    config.AddProtection(ProtectionModuleType.MemoryDumpDetection, ActionType.None);
});

// Check logs to see what would be detected
// Then change to appropriate actions (Close, Log, etc.)

Analytics Collection

JSON
{
  "logging": {
    "backend": {
      "enabled": true,
      "endpoint": "https://api.bytehide.com/v1/monitor"
    },
    "file": {
      "enabled": true,
      "path": "logs/analytics.log"
    }
  },
  "protections": {
    "VirtualMachineDetection": { "enabled": true, "action": "none" },
    "ContainerDetection": { "enabled": true, "action": "none" },
    "CloudMetadata": { "enabled": true, "action": "none" },
    "RemoteDesktop": { "enabled": true, "action": "none" }
  }
}

Gradual Rollout

C#
// Week 1: Monitor only (none action)
// Week 2: Log only (log action)
// Week 3: Enforce (close/block action)

var rolloutPhase = await GetRolloutPhaseAsync();

var action = rolloutPhase switch
{
    "monitor" => ActionType.None,
    "log" => ActionType.Log,
    "enforce" => ActionType.Close,
    _ => ActionType.None
};

config.AddProtection(ProtectionModuleType.DebuggerDetection, action);

False Positive Evaluation

C#
// Collect data to analyze false positive rate
await Payload.ConfigureAsync(config =>
{
    config.AddProtection(ProtectionModuleType.SqlInjection, ActionType.None);

    config.RegisterCustomAction("analytics", async (threat) =>
    {
        // Log all SQL injection detections
        await analyticsDb.LogDetectionAsync(new
        {
            ThreatId = threat.ThreatId,
            Query = threat.Metadata["query"],
            Confidence = threat.Confidence,
            Timestamp = DateTime.UtcNow
        });
    });
});

// After analysis, switch to Block action

Platform-Specific Examples

Desktop Application Testing

C#
await Payload.ConfigureAsync(config =>
{
    // Test all desktop protections
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.None);
    config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.None);
    config.AddProtection(ProtectionModuleType.MemoryDumpDetection, ActionType.None);
    config.AddProtection(ProtectionModuleType.ProcessInjection, ActionType.None);
    config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.None);
});

// Run application and check logs
// Verify detections are accurate
// Then switch to Close action for critical threats

Mobile Development

C#
await Payload.ConfigureAsync(config =>
{
    // Allow debugging on development devices
    #if DEBUG
        config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.None);
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.None);
    #else
        config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
    #endif
});

Web Application Testing

C#
builder.Services.AddByteHideMonitor(monitor =>
{
    var environment = builder.Environment;

    if (environment.IsDevelopment())
    {
        // Development: detect but don't block
        monitor.WithProtection(ProtectionModuleType.SqlInjection, ActionType.None);
        monitor.WithProtection(ProtectionModuleType.CrossSiteScripting, ActionType.None);
    }
    else
    {
        // Production: block attacks
        monitor.WithProtection(ProtectionModuleType.SqlInjection, ActionType.Block);
        monitor.WithProtection(ProtectionModuleType.CrossSiteScripting, ActionType.Block);
    }
});

Combining with Logging

Backend Analytics

JSON
{
  "apiKey": "your-api-key",
  "logging": {
    "backend": {
      "enabled": true
    }
  },
  "protections": {
    "DebuggerDetection": { "enabled": true, "action": "none" },
    "VirtualMachineDetection": { "enabled": true, "action": "none" }
  }
}

All detections will be sent to ByteHide backend for analytics, even with action: "none".

Local File Logging

JSON
{
  "logging": {
    "file": {
      "enabled": true,
      "path": "logs/detections.log",
      "format": "json"
    }
  },
  "protections": {
    "SqlInjection": { "enabled": true, "action": "none" }
  }
}

Custom Analytics

C#
config.RegisterCustomAction("custom-analytics", async (threat) =>
{
    // Send to your analytics platform
    await analyticsClient.TrackEventAsync("ThreatDetected", new
    {
        Type = threat.ModuleType.ToString(),
        Description = threat.Description,
        Confidence = threat.Confidence,
        Environment = "Production",
        Action = "None"
    });

    // Don't take any action - just track
});

config.AddProtection(ProtectionModuleType.VirtualMachineDetection, "custom-analytics");

Environment-Based Configuration

JSON
{
  "environments": {
    "development": {
      "protections": {
        "DebuggerDetection": { "enabled": true, "action": "none" },
        "SqlInjection": { "enabled": true, "action": "none" }
      }
    },
    "staging": {
      "protections": {
        "DebuggerDetection": { "enabled": true, "action": "log" },
        "SqlInjection": { "enabled": true, "action": "log" }
      }
    },
    "production": {
      "protections": {
        "DebuggerDetection": { "enabled": true, "action": "close" },
        "SqlInjection": { "enabled": true, "action": "block" }
      }
    }
  }
}

Best Practices

1. Use for Development Only

C#
// Good: Environment-specific
#if DEBUG
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.None);
#else
    config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
#endif

2. Always Enable Logging

JSON
{
  "logging": {
    "file": { "enabled": true, "path": "logs/monitor.log" }
  },
  "protections": {
    "DebuggerDetection": { "enabled": true, "action": "none" }
  }
}

Without logging, action: "none" provides no value.

3. Transition to Active Actions

C#
// Phase 1 (Week 1): Monitor
config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.None);

// Phase 2 (Week 2): Log
config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Log);

// Phase 3 (Week 3): Enforce
config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close);

4. Document Why None is Used

C#
// Using None action for initial analytics gathering
// Will switch to Close after 2 weeks of data collection
config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.None);

Comparison with Other Actions

ScenarioNoneLogClose
Development✔ Best✔ Good❌ Disruptive
Testing✔ Best✔ Good❌ Disruptive
Analytics✔ Best✔ Good❌ Loses data
Production (critical)❌ No protection⚠️ Weak✔ Best
Production (non-critical)❌ No protection✔ Best⚠️ Too strict
  • Log - Next step after None
  • Close - Production enforcement
  • Custom - Custom analytics logic

All Actions

View all action types

Custom Actions

Advanced handlers

Previous
Custom
Next
Overview