Remote Settings Overview
The Remote Settings panel at /dashboard/api-integrations/remote-settings is the control center for client-side security policies. Each product gets its own independent configuration, managed through a 6-step wizard. Your C++ client imports these settings at runtime via auth.ImportRemoteSettingsJson().
Step 1: Security Policy
This step defines your core security stance:
Hardware Identification (HWID Method)
Choose how the client fingerprints the user's machine. Options:
| Method | Property | Use Case |
|---|---|---|
| CPU | cpuid serial | Standard protection |
| MAC Address | NIC MAC | Less reliable with VPNs |
| Disk Serial | HDD/SSD serial | High security |
| Windows GUID | MachineGUID registry | Convenience-first |
Detection Response — What happens when a blacklisted process or window is detected:
close_app— Gracefully closes the clientlog_only— Silently logs the detection without disrupting the userbsod— Forces a system crash (aggressive, use with caution)
Integrity Check — When enabled, the client calculates the SHA-256 hash of its own executable on startup and compares it against the hash you uploaded via the dashboard. If the hashes don't match, the binary has been patched or modified. You can update the reference hash by uploading your latest build directly from the wizard.
Ban on Debugger — Automatically bans the license key if a debugger (like x64dbg, OllyDbg, or IDA) is attached to the client process. Marked as "Aggressive" because legitimate developers debugging their own integrations could trigger this.
Version Check — Enforce a minimum client version. If the connecting client reports a version lower than required_version, the server rejects the connection. Keep this in sync with your loader's clientVersion string.
Step 2: Blacklists
Two categories of blacklists:
Blacklisted Windows — Detect by window title. Supports partial matching (is_partial_match) so you don't need the exact title. Each entry has a severity:
suspicious— Logs and potentially triggers risk scoreban— Immediately bans the license key
Blacklisted Processes — Detect by process name (e.g., cheatengine-x86_64.exe). Same severity options. The dashboard supports bulk import: paste one entry per line with an optional |ban suffix to set severity.
Step 3: Risk Engine
The Risk Engine is a sophisticated, point-based scoring system that unifies multiple security signals into a single risk score per session.
Core Parameters:
- Score Cap — Maximum risk score (default: 100)
- Decay / Minute — Points subtracted per minute of clean behavior (default: 5)
- Cooldown — Seconds between score evaluations (default: 15)
Threshold Ladder:
Each threshold triggers a different action when the accumulated score reaches it:
| Threshold | Default | Action |
|---|---|---|
| Warn | 30 | Log only |
| Restrict | 60 | Silent flag |
| Close | 80 | Close application |
| Ban | 95 | Permanent ban |
Point Sources:
Every security signal contributes points to the risk score:
- Debugger detected: +80 points
- VM environment: +25 points
- Integrity check failure: +100 points (instant ban)
- Blacklisted window/process: +50 points
- Proxy detected: +25 points
- Clock skew: +15 points
- Replay attack suspect: +60 points
- Multi-login attempt: +40 points
- Failed login burst: +25 points (configurable window and max attempts)
Restrict Mode — When the score enters the "Restrict" zone, you can configure per-endpoint behavior:
allow— Let the request through normallydelay_fail— Introduce artificial delay then failmask_network_error— Return a fake network errormask_update_required— Pretend an update is neededreturn_empty_ok— Return 200 with empty dataclose_app— Force closebsod— System crash
This per-endpoint configuration applies to: license validation, server string fetching, server file delivery, heartbeat, and file start.
Step 4: Network Guard
Network Guard detects clients connecting through proxies, VPNs, or with manipulated system clocks:
- Allow Proxy / VPN — Toggle whether proxy/VPN connections are permitted
- Clock Skew Threshold — Maximum allowed difference (in seconds) between client and server time (default: 120s)
- Hosts File Check — Detect if the Windows hosts file has been modified (potential DNS hijacking)
- Network Guard Action — What to do when violations are detected (same options as risk actions)
Step 5: VM Detection
A point-based virtual machine detection system with granular scoring:
- CPUID Hypervisor Bit — +25 points
- VMware Vendor String — +60 points
- VirtualBox Vendor — +60 points
- QEMU / Bochs — +60 points each
- Microsoft Hyper-V — +10 points (often legitimate)
- Registry keys (VMware Tools, VBox Additions) — +80 points each
- File signatures — +70 points
- MAC address prefixes — +30 points
When the combined VM score exceeds the vmachine_threshold (default: 80), the configured action triggers. The "Allow Hyper-V" toggle lets you whitelist Microsoft's built-in virtualization since many developers and enterprise users run Hyper-V legitimately.
Step 6: Review & Deploy
The final step shows a summary of your configuration. Click Save & Deploy to push the settings live. Your C++ client fetches the latest config on each session start via the ImportRemoteSettingsJson call.
Export as C++ — The wizard includes an "Export C++" button that copies the entire configuration as a ready-to-paste C++ string literal wrapped in auth.ImportRemoteSettingsJson(R"(...)"); — perfect for hardcoding a fallback configuration in your loader.
Session Tokens
Remote Settings also controls the Session Token system. When enabled (session_token_enabled: true), the server issues a cryptographic session token after license validation. Subsequent API calls (string fetches, file downloads, heartbeats) must include this token.
Configuration options:
- Require for Get Server String — Token required to fetch strings
- Require for Get Server File — Token required to download files
- Require IP Match — Token is bound to the IP address that created it
- TTL (Time-to-Live) — How long the token remains valid (configurable per-product)


