Riot enables on-demand mode for Vanguard anti-cheat
๐กLearn how Riot and Microsoft are evolving kernel-level security to balance anti-cheat performance with user control.
โก 30-Second TL;DR
What Changed
Vanguard anti-cheat can now be set to on-demand mode
Why It Matters
This update demonstrates how kernel-level security can be balanced with user privacy and system performance through OS-level integration. It sets a precedent for how high-privilege software can interact with Windows security features.
What To Do Next
Review how your high-privilege applications handle kernel-level access and explore Microsoft's latest security APIs for safer, on-demand execution.
๐ง Deep Insight
AI-generated analysis for this event.
๐ Enhanced Key Takeaways
- โขThe on-demand mode leverages Windows Virtualization-Based Security (VBS) and Hypervisor-Enforced Code Integrity (HVCI) to maintain system integrity without requiring a constant kernel-level driver presence.
- โขThis shift addresses long-standing privacy and performance concerns from the player base regarding Vanguard's previous requirement to run at system startup regardless of whether the game was active.
- โขRiot Games implemented this change to align with modern Windows security standards, moving away from the 'always-on' driver model that previously caused compatibility issues with certain third-party software and hardware configurations.
- โขThe collaboration with the Microsoft Xbox OS Security Team signifies a broader industry trend where game developers and OS vendors work together to secure the kernel-user boundary for anti-cheat purposes.
- โขPlayers who do not meet the strict hardware and software requirements for the on-demand mode (such as TPM 2.0 and Secure Boot) must continue to use the traditional always-on Vanguard driver to play Riot titles.
๐ Competitor Analysisโธ Show
| Feature | Riot Vanguard (On-Demand) | Easy Anti-Cheat (EAC) | BattlEye |
|---|---|---|---|
| Kernel Access | Optional (On-Demand) | Mandatory (Always-On) | Mandatory (Always-On) |
| OS Integration | Deep (VBS/HVCI) | Standard Driver | Standard Driver |
| Primary Focus | Riot Ecosystem | Multi-Platform/Third-Party | Multi-Platform/Third-Party |
๐ ๏ธ Technical Deep Dive
- Utilizes Windows Virtualization-Based Security (VBS) to create an isolated memory region for security processes.
- Leverages Hypervisor-Enforced Code Integrity (HVCI) to ensure only signed, verified code can execute in the kernel.
- Requires TPM 2.0 and Secure Boot to be enabled to verify the integrity of the boot chain before the anti-cheat can operate in on-demand mode.
- The driver is dynamically loaded and unloaded by the Windows kernel only when the game executable is launched and verified, reducing the attack surface during non-gaming sessions.
๐ฎ Future ImplicationsAI analysis grounded in cited sources
โณ Timeline
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: The Verge โ