Riot Games announced last night that a new update to the Vanguard anti-cheat system used in Valorant will let users disable and/or easily uninstall the kernel-level security driver via a system tray icon.
That doesn’t mean cheaters can just turn off the anti-cheat tool and do whatever they want, though—Vanguard still needs to be installed and running to actually play Valorant. If you shut off the service from the system tray, you’ll have to restart your entire system before loading up Valorant. And if you uninstall Vanguard altogether, it will automatically be re-installed when you launch the game, requiring another restart.
The system tray tool will also notify users when Vanguard blocks certain third-party apps from running on your system. Users can disable Vanguard at that point and run the suspect app normally.
While Riot says “most players will never run into such a scenario,” the vast majority of such app-blocking behaviors deal with “software [that] has a known vulnerability or is being exploited in the wild.” That includes apps found in CVE databases that could let a cheater load unsigned code into the system kernel.
“Ultimately, you get to choose what software you run on your computer,” Riot writes. “You can uninstall or stop Vanguard to allow your software to work, but that will have the side effect of not allowing Valorant to work until you reboot.”
While Riot acknowledges that there are already working cheats out in the wild for Valorant, the company maintains that Vanguard “make[s] it difficult for all but the most determined to cheat, while also giving us the best chance to detect the cheats that do work.” Cheaters that do get through the Vanguard system can still be “remove[d]… from our ecosystem by leveraging other game systems,” Riot writes.
The changes come as Riot continues to try to quell concerns about Vanguard’s use of a startup-loaded kernel-level driver, which it says is necessary to monitor system integrity and user-level hacks from outside of Valorant. The company says the driver “isn’t giving us any surveillance capability we didn’t already have,” and that Vanguard “does not collect or send any information about your computer,” in any case.
But the driver itself could potentially be exploited for serious kernel-level attacks on Windows systems, a setup independent security researcher Saleem Rashid told Ars “introduces a large attack surface for little benefit.” Riot has expanded its bug bounty program to encourage hackers to report any unknown driver exploits, and Riot anti-cheat lead Paul Chamberlain tells Ars the company would “likely be able to respond within hours” to disable the driver if such a vulnerability were found.
Listing image by Riot Games