That's feasible, yes. Actually the packet capturing code is already located in a separate ithread (due to the script's Windows origins) - with ithread-specific communication via threads::shared etc.

So that solution would require a re-design of the internal "IPC", extra code for managing the elevated process, and, worst of all - the script would no longer be portable...

Any other ideas...?

(I also opened a ticket on PAR::Packer - since a way to pass the standard "-UX" option to the Perl interpreter that's in a pp'ed binary would easily solve the problem... :-/ )