[Dreamwalker]

The commlink app Nope!  from Hack & Slash (p. 57) searches for signs of hostile Matrix activity against a commlink and its connected devices. The German version specifies this to be a Matrix Perception action (which sounds reasonable). But how is this resolved?

In the 5th edition you could spot marks through Matrix Perception, but that is no longer an option in 6th edition. So, how do you (in general) determine success in detecting the compromise of a PAN? Particularly, through probing/backdooring.

[Hobbes]

Checking to see who has access to the PAN is the easy way.  Checking the Matrix equivalent to activity logs would also work. 

"Someone has requested admin access to your smartgun link?  Accept Y/N?"

[Dreamwalker]

Thanks, relying on system logs is certainly a straightforward option to explain it storytelling-wise.

Yet, some clarification on the rule mechanics would be appreciated. Particularly, regarding the following aspects:

• Do you notice hostile activity by succeeding on a Matrix Perception test (rolling electronics + intuition against the intruding hackers willpower + sleaze)?
• What is revealed when you notice hostile activity in a PAN? The mere fact that it is present or do you spot the intruding icon?
• Can the attempt cause edge gain? Either by AR/DR comparison or through the Data Anomaly quality (p. 80, Hack & Slash).
• Would frequent attempts incur the -2 dice pool penalty from the "trying again" rule (p. 36, CRB)?

What bugs me is the high frequency at which the Nope!  app scrutinizes intruding hackers (every combat round). Since the probability to remain undetected decreases exponentially in the number of spotting attempts, it can cause constant edge drain on a hacker who needs to remain hidden over extended periods. Probably even higher than compared to full-fledged patrol IC, which typically scans with far lower frequency.

I take it other matrix entities have the same option as the Nope!  app to detect hostile matrix activity.

[cuidaBeja]

It may be every round, but you're not running nope! On something stronger than a commlink, so the consequences for them noticing your activity is extremely limited.