Vanguard Anti-Cheat (Valorant) — What It Blocks & How It Works
Deep dive into Riot Vanguard: kernel-level anti-cheat, always-on monitoring, what it detects, hardware bans and why it's the most aggressive anti-cheat.
Riot Vanguard is the anti-cheat system behind Valorant. It is widely regarded as one of the most aggressive client protections in mainstream PC gaming because of how early it loads, how long it stays resident, and how strictly it polices kernel drivers.
What is Vanguard?
Vanguard combines a kernel-mode driver with continuous validation of the Windows boot chain and driver stack. Unlike lighter clients that only attach when a match starts, Vanguard’s design emphasizes persistent integrity around Riot’s titles.
Why Vanguard feels different
- Boot-time footprint — the driver can initialize early enough to observe the system before many user programs start
- Kernel-level scope — it can block or refuse to run alongside drivers Riot considers exploitable or untrusted
- Always-on policy — even when you are not in a match, the service may remain active to prevent pre-load cheat staging (exact behavior follows Riot’s current client settings)
What Vanguard blocks
- Unsigned or untrusted kernel drivers — common with research tools and some cheat frameworks
- Vulnerable drivers (BYOVD-style abuse) — known-bad driver hashes are rejected to close privilege-escalation paths
- Debug and inspection tooling — many debuggers and kernel debug scenarios conflict with Vanguard’s policy
- Virtual machines — Valorant typically refuses to run inside unsupported VM configurations
Hardware bans
Riot can apply strong hardware associations to bans. That makes repeat offenses on the same PC costly: simply making a new account may not help until hardware identifiers change through legitimate means or supported recovery.
Privacy concerns
Players often ask what Vanguard “sees.” In practice it asserts broad kernel visibility to enforce driver policy—similar in class to other kernel anti-cheats but with stricter defaults. Read Riot’s official privacy and security pages for the latest disclosures; this article is a technical overview, not legal advice.
How cheats “work around” Vanguard
Compared with EAC-only or BE-only ecosystems, software-only bypasses are scarce and fragile. Discussion in the security community focuses on:
- DMA-based setups — read paths that do not execute cheat code on the game PC (still subject to statistical review)
- Advanced external designs — minimal on-box footprint, extremely high development cost, frequent breakage
Assume any advertised “undetected” Valorant tool is high risk until independently verified.
Banned on Riot hardware? Review HWID spoofers compatible with your scenario—always confirm support with the vendor before purchase.