Riot Games announced last night that a new update to the Vanguard anti-cheat system has been used in Valorant allows users to disable and/or easily remove the kernel-level security driver via a system tray icon.
That doesn’t mean cheaters can just disable the anti-cheat tool and do whatever they want, though, but Vanguard still needs to be installed and running to actually play. Valorant† Disabling the service from the system tray will require you to reboot your entire system before loading Valorant† And if you uninstall Vanguard altogether, it will automatically reinstall when you start the game, forcing you to reboot.
The system tray tool also notifies users when Vanguard blocks certain third-party apps from running on your system. Users can disable Vanguard at this point and run the suspicious app normally.
While Riot says “most players will never get into such a scenario,” the vast majority of such app-blocking behaviors have to do with “software [that] has a known vulnerability or is being exploited in the wild.” This includes apps in CVE databases that allow a cheater to load unsigned code into the system kernel.
“Ultimately, you can choose what software you run on your computer,” Riot writes. “You can uninstall or stop Vanguard to make your software work, but the side effect is that you don’t allow it Valorant work until you reboot.”
While Riot acknowledges that there are already working cheats in the wild for Valorantclaims the company that makes Vanguard “[s] it’s hard for all but the most determined to cheat, while also giving us the best chance of detecting the cheats that do work.” Cheaters that do get through the Vanguard system can still be “removed”[d]…of our ecosystem by leveraging other gaming systems,” Riot writes.
The changes come as Riot continues to try to allay concerns about Vanguard’s use of a kernel-level boot-loaded driver, which it says is necessary to monitor system integrity and user-level hacks from outside. Valorant† The company says the driver “isn’t giving us surveillance capabilities that we didn’t already have” and that, in any case, Vanguard “doesn’t collect or transmit any information about your computer.” But the driver itself could potentially be exploited for serious kernel-level attacks on Windows systems, a scheme independent security researcher Saleem Rashid told Ars “introduces a large attack surface with little benefit.” Riot has expanded its bug bounty program to encourage hackers to report unknown driver exploits, and Riot anti-cheat leader Paul Chamberlain tells Ars the company can “probably respond within hours” to disable the driver. if such a vulnerability is found.
List image by Riot Games