Is Valorant Spyware?
HTML-код
- Опубликовано: 3 апр 2024
- Is Valorant Spyware or safe? Is Vanguard a malware rootkit, or just a reliable anticheat from Riot and Tencent? Does it connect to China? and how does it compare against counter strike anticheat software? Try the new Malwarebytes for free: mwb.link/4ay7nag (sponsor)
Do PC games spy on you? This video tries to answer these questions with cybersecurity tools, sysinternals, wireshark and EULA observations.
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact 
Наука
if anti cheat runs while the game is not even running that's a huge red flag and i will never touch it
Yes although that could be true, cheats can be ran at any time. There is a popular way for cheat devs to inject their cheats and that is before you even boot into windows. Valorant has the best anti-cheat hands down, but for it to be as good as it is they need it to be running 24/7. Face it is also good but not as good as vanguard
@@antivaxxtoaster8919Best anti cheat? I’ve played Valorant for a couple of months after release on my old machine and it was the game where I encountered the most cheaters ever in my life in any game lol, I even added a guy and he didn’t get banned for a shit ton of time, all of this while that garbage is perma on
Edit: forgot to add, the anti-cheat is so shit most of people had to do some weird shit to just have Valorant work in the first place, changing settings, booting a certain way and whatnot. What a great piece of software Vanguard has always been. Oh yeah let’s also add how shit it has been on League of Legends too (they are forcing it there too, weirdly) where they wanted to add it months ago yet it’s only active in the Philippine servers currently cause of the insanely high amount of bugs and issues it had on the PBE. For MONTHS now.
Best anti cheat tho💀
@@skiry_7207 nah i'd win
@@skiry_7207 Maybe you had a bad experience with vanguard, I'm not sure. Me personally I've been playing on and off for over 3 years and only ran into one rage cheater that got banned within 7 rounds, but thats besides the point.
I know first hand that vanguard has one of the hardest anti-cheats to reverse engineer, I haven't tried it myself but I know people who have so I can't really tell you if their spying on us or not. Vanguard were one of the first anti-cheats to really crack down on DMA devices, they are really the only companies that give a shit about cheaters, they are the only anti-cheat to my knowledge that has bug bounty program and will pay out if you find a bypass.
Riot games is owned by a Chinese company as he pointed out which does seem very bad, so take that as you will but they have the best anti-cheat hands down and they are the only anti-cheat who actually cares about getting rid of cheaters
also as a side note when you're reversing the anti-cheat they have a photo of their team and a invite to apply for a job to work for them if you're talented enough.
@@skiry_7207 stop with the Hollywood motherfuker , i have been playing the game since its 1month and i can confirm playing agianst 3 cheaters and i aint even lost no rr , game cancels 3/3..
Short answer, yes. Long answer, yes, it is.
I need a medium answer.
@@techaddictdudeis yes
@@CrushedCoaching71011it’s*
@@techaddictdudemhm
@@techaddictdude yh
I am from India and our government banned the pubg mobile game, tencent released another "Indian" version of the game and claimed the game will not communicate with Chinese servers again. But with a small network lookup i find out that the game is still sending data back n forth to Chinese servers.
Hey bro! You know what, you should publish your investigations and make people aware of this fact!
@@gigaheheboilol the thing already shared in most of telegram PUBG cheat channel
Let me know if you have published any articles on this.
Bring it to your authorities.
Yo man can we do a collab on this situation..we can both post it to our channel..
Funny thing, some cheats on other games doesn't work if vanguard is active
yeah, because vanguard is an anticheat.
For Riot their Games, not for Tarkov as example
So… you are trying to say that vanguard is affecting the binary code of cheats… ??? I think you don't know how anti cheats works…
Well I know enough to acknowledge that it's weird that the Anti Cheat of Valorant is so strong that it kills of cheats for other Games.
@@imhyouka8101 bro you said nothing in a whole sentence, you cannot inject cheats into other games if you have vanguard on because it flags them, i guess you never had vanguard on your pc
Quick correction - FACEiT is for Counterstrike 2, but it is a 3rd party Anti-Cheat. It is NOT run by Valve or required to play the game. Instead Valve uses a Server side Anti-Cheat
True,They use valve anti-cheat
@@marcelbromm2625 Oh yeah they banned for using stuff
But doesn't a server side anticheat suck?
@@NightRaven5568Not necessarily. It can actually be more effective than Kernel-level AC, but also requires the studio to hire a team whose job is to break the cheats down to their assembly code and write heuristics based on the Assembly..... but they'd rather pay less to build/buy kernel-level AC than to build server-side heuristics.
Also, Self-hosted servers with community admins are the best kind of AC, but it also takes away the ability of the publisher to end support and force players to the next game.
@@marcelbromm2625 As a CS2 cheater I must agree
I blocked vanguard on my firewall when I wasn’t playing and it would blue screen my pc when I restarted lol. Had to uninstall riot games completely.
sounds like rootkit sypware to me. like why does it need to run 24/7 or else it bricks your system.
It's a rootkit, windows firewall wont help here, only if you setup firewall on your router it will have any sense.
@@kidnamedfinger.productionsreflash bios or run rkhunter with lynux is an option i mean
I remember this vividly but, I heard that even after uninstalling Valorant, it's anticheat (rootkit) still remains on your system.
@@Sunrise-d819i2Fr
"bUt I dOnt HaVe anYthiNg tO hiDe, I doNt CaRe if I haVe maLware in mY coMpuTer"...
riot is not gonna be seeing my 5 terabytes of media
Cool bro, go gamble some money on cases while seeing cheaters every game in the most hacked game in the world.
Meanwhile i'll be queing valorant, with the best anticheat in the world currently.
Enjoy getting maphacked on every game at high mmr in CS.
@@mis8866 this is peak copium. "I'm so addicted that I'm willing to throw away personal security so I can get my cartoon shooting game dopamine hit"
@@joeybarela363 valorant players always defend their game with all their life
@@pixelsavant1 Honestly i can understand why people are angry about that but lets be honest 5 sec : Vanguard is not the only one to do that and we can't (valorant players ) do anything to correct this problem ,except unistall the game but that mean we won't play it anymore unless we like the game.
It's _something_ ! I called Razer for a failure of a pretty new headset - instead of asking if I'd turned it off and on again, they asked if I had installed Valorant.
Holy shit I’m having a problem like that. When you uninstalled Valorant was it fine?
Riot responded to this issue saying the drivers that Razer devices require were so bad that cheaters could trivially inject cheats into the driver and circumvent Vanguard so Vanguard just blacklists that driver from functioning properly.
Razer also is a non-US company that requires you to run software 24/7 to get basic features of your devices working, but let's ignore that.
@@Nors2Ka GPU drivers allow the same thing.
@@Nors2Ka I don't like SteelSeries GG but at least I am not forced to keep it open 24/7
@@Nors2Ka Not kernel mode drivers i assume?
spying on your wallet
MOOD
spying on your soul to see what skins you'll buy
Truer than the absolute truth itself
Fr,The skins will hit headshots much more and are expensive
if you're way too weak and somewhat rich, lol
Playing Valorant should already be unfortunate enough.
I'm glad I quit. Was hooked for 2 years and spent a lil over 500 euro's. I can't believe it myself.
@@Shouko91 LMAO
@@Shouko91 I'm still grateful that you finally quit it though.
@@Shouko91 you could have got a m9 bayonet
@@dinosharttt other trash game that is even worse, people that just play cuz of gamble addiction LOL
And people say that Linux is worse for not running some anticheat games like Valorant, but in reality it's protecting people's privacy.
Shit games btw
Which means if you are running windows you are fucked before even downloading valorant lol.
Just imagine Tim Sweeney telling you that the attack surface on Linux is just too big.
When you can easily defeat their kernel mode anticheat by halting and resuming the initiating process when the driver is loaded.
@@MrDT2012we already knew that.
@@sjoervanderploeg4340 that’s the point LOLOL
My boyfriend used to close vanguard after he was done playing but it messed up his game. Now his game freezes more often, takes time to load him into the lobby and gives him a warning for ban after every game even though he doesn't seem to break any rules. He had no choice but to uninstall
Cause he closed the anti cheat. Most games won't work if you turn off anti-cheat, because you know.. it's an anti cheat.
@@untitledmisouthere’s this thing called ‘reading’ and ‘understanding the text’. It’s a hard skill to learn and im sure you’ll manage to do so
@@untitledmisou cmon bro valorant fan base cannot defend this one, its crazy how it rus while your pc is off!
your boyfriends pc is just shit
there's is no bf here opsie woopsie 🤭
Something that was not mentioned was that Tencent is legally required to send information to the Chinese government. Have fun playing Valorant!
I mean, that is how every game both in US and China has to do business, by ‘sending information’. You are going to have to be more specific in motive for maliciousness.
@@twenty-fifth420factually incorrect. Do you have to submit your data to the US government everytime you log into COD? No you don’t because that’s ridiculous, however all Chinese games MUST send their data to the CCP. Learn about the topic before distributing misinformation
Does that mean the chinese government knows all of my lose streak?
damn china knows alot about me
@@twenty-fifth420the US government needs a proper warrant to receive information from companies relevant to criminal cases. The Chinese government just needs to tell them to fork everything over. Naturally the US government could also buy information from companies, but that isn’t a forced transaction.
Spookiest thing is that kernel drivers have the ability to read memory of other processes meaning they can monitor absolutely everything you do, decrypt your connections to websites, decrypt your crypto wallet and many more.
You forgot the part where they don't care, their game having no cheaters is more important than user security
If more companies will be install more anti-cheats like this. Aftertimes begin approached peoples which liked you full cash on card or you own computer. I think need block like this programs
You need a agency to be allowed to run debug versions and review code at this level problem solved
@@shroomer3867 No cheaters? Valorant has more cheaters than any other game beside CS:GO probably.
@@kidnamedfinger.productions I meant it as in what they want. I know there are cheaters in Valorant, sorry for not clarifying.
bro I had no clue about any of this. Thank you for the video and explanation.
So can’t there be an option to not have it running except when trying to run the game and only restarting the pc then and there with the Vanguard in the startup list? Kinda how some very old games/programs worked where you’d insert your disk and restart to boot it
Having to manually close it or even uninstall it because you don’t play every day or week seems tedious.
I mean you can manually make it not start like every other application
I think it's important to note that FaceIt is a community project and does not come directly from Valve, the company behind CS2, and they have nothing to do with the FaceIt project. The official anti-cheat of CS2 is VAC (Valve Anti-Cheat).
Valve doing anything is funny (VAC is pretty dogshit), but shoutouts to the community
So CS fanboys will say it's cool if community made kernel anti cheat collects all the data and sells it but not RIOT? lol Riot doesn't even collect data.
@@deivytrajanmore like massive indifference since most people can and will just play on the official client, avoiding kernel level AC entirely.
If you don’t want kernel level AC to play Valorant? Tough shit, you can’t even launch the game.
@@deivytrajan I don't play CS2 nor Valorant, but I think no game should have kernel-level access to your machine. Also, I don't know if Riot or FACEIT collect data.
also another thing to mention, with FACEIT they have far less motives to monitor your PC, with it being just an esports platform and the company was found in London. Riot however, is technically owned by the Chinese Goverment, who would benefit from having everyone's data from all over the world.
if it acts like malware...... it is
acts like malware, uses ring0 rootkit techniques, runs the entire time your pc is running, owned operated and used by the chinese communist party.
Nah i think its just an anti cheat to ban cheaters 🤓🤓🤓
so every AV ever is a virus? logitechs software is a virus? all of nvidia's drivers are a virus? Vanguards not doing much different than any of those
This is the best mindset when it comes to security.
I've had valor ant installed on and off for 4 years and nothing has happened, why worry so much, I guarantee the Chinese has sold you're data already regardless of having the anti cheat or not
@@wlockuz4467 The problem is that the average person on RUclips has no clue what malware is and that's why they watch a video of some random guy hoping he's gonna say what they're already thinking
Where is that mountain range from your desktop background? Very inormative video by the way.
Cinque Terre
I sure hope you didn't think I was Iran😅
That flag is Italian
There was a dude who said Cinque Terre, but I can't see his comment anymore. I wanted to thank him for being a goated user of this platofrm
what are all the software you used in this other than tcpview? I'm learning and i'd love to try all these tools :))
He didn’t use anything fancy, just regular Wireshark and Microsoft’s Process Explorer
I think he uses porcess explorer and TCPview and maybe some NirSoft utilities.
I remember a friend begged me to hop on Valorant, jumped through all the hoops of recovering my user, installing the game, installing the anticheat, enabling and disabling windows features that the game wanted me to... and as soon as I launched the game I blue screened with kernel security error :D (i9-12900k, rtx3080, msi z690)
Uninstalled everything, re-setup how I liked my machine and never looked back
Smoking gun lmao
Skill issue I think
Hey! Had that same issue, just had to leave a pc off for a while, came back and it worked.
@@slawnyfivemowiec dont worry :D I'm not coming back to it. Just wanted to share my experience. But thank you for the heads up :)
I've never had to do any of that lol
This is something i never knew the anti cheat even did, really informative in less than 10 minutes! Props to the PC Security channel for being this informative!
This is something everyone already knew, but as he pointed out it's important to make the distinction in behaviour: while faceit installs a kernel driver you can shut it down and turn it back on at your whim, as opposed to valorant which really strongly nudges you into having it on 24/7 and making it extremely inconvenient to not have it on.
@@xFluing ah I see, I never personally played valorant or any other shooter games on pc, and I don't face myself towards the gaming industry too much so this is new information to me, but I am glad people were already aware of such thing.
@@xFluing
Everyone minus many that didn’t know, isn’t everyone.
It is similar to “never except…”.
@@antman7673☝️🤓
@@xFluing Except that you got it the wrong way round, when you disable vanguard, it unloads the driver, FACEIT driver runs 24/7 regardless if you have the anti-cheat on or off. Not being able to just unload and load drivers is extremely important for a kernel AC.
thanks for always being so thorough in your explanations!
Excellent video. Well done!
Forget those "pro-active detection" tests between Bitdefender and Kaspersky, the real winner is whoever blocks Vanguard
i remember BD had issues with Valo when it first came out lol
@@LynKazoyuu Lol
Windows itself blocks the Vanguard driver if you have "hardware-enforced stack protection" turned on, and this is supposed to be a security feature.
@@mosti72 Oh you mean the same anti-tamper protection that also stopped EAC and Battleye from working? Or let me guess, you didn't do enough research to know that most major AC's were affected?
@@unearthlynarratives_ Did I ever say that it only exclusively blocks Vanguard? FYI, I've had similar experiences with other anti-cheat software, and I'd say the worse I had experienced so far is nProtect. My point is that the Windows anti-tampering mechanisms itself doesn't like these anti-cheat software.
Dont forget that kernel level games and apps make you more vulnerable
the genshin impact scandal
@@il_panda1979 whats that
Yeaaa and then i play 2games of cs and rb6 and i get insta spinboting in cs and obvious walls in rb 6 oh and dont get me even started about tarkov 😂😂 i have never encountered a cheater in valorant in 2 years of playing.
@@callmenik1298 And what has that to do with what he said?
@@callmenik1298 the reason theres no cheaters is cuz everyone is fucking scared of the anticheat actually just bricking their computer. one day we will decompile the anticheat and its just gonna have a dedicated function to just wipe your hard drive
Good video. A measured response, not coddling Riot nor being hyperbolic
I appreciate the deep dive, most of any discussion about the game simply stops at "just don't install it". Thanks!!
Forgot to mention the part where it's difficult to uninstall it also
Just uninstall the game xd
@@sx1805 Uninstalling the game unsurprisingly does not uninstall vgc.
@@sx1805 the only way to uninstall it is go into settings and then apps. the thing is the game doesnt uninstall at all even after a reboot.
the true way of uninstalling is deleting the game folder, uninstalling vanguard and then riot client itself
go to control panel, uninstall valorant and then it will ask you to uninstall vanguard aswell, do so, then delete the riot client alongside with any other games.
use revouninstaller to remove it completely
I honestly never watned to play Valorant simply because I don't have any trust for Tencent at all. I would rather not take that risk.
same.
FAANG are just as bad as tencent...
e-e
you can play valorant through a VM, OrdinaryGamers has a video about it
Your data is already out there. At least you know this devil.
Any plans to make the Video about Wuthering Waves AntiCheat when its Released at 23th may? that would be very interssing.
Bro the trainer from OG literally told people about it like 2 years ago, thats the only reason why I uninstall entirely Riot Games.
Nice pfp lol
@@PedroHenrique-wo6pn hello handsome
It's also about trusting the integrity of the driver. All it takes is an upstream backdoor to get pushed out to millions of people with ring 0 kernel access and it's gg
Is it just me thinks there's an alternate earth where all softwares want ring 0 kernel access to avoid being cheated / 🏴☠
If all softwares are ring 0 kernel access, no one is.
@@MangaGamified iirc back in the DOS days a lot of programs get to access the hardware directly (aka ring-0)
@@MangaGamified also if everyone have access to ring-0, the next goal would probably be ring -3 lmao
@@MangaGamified that's why TempleOS exists
Same can be said for Microsoft drivers, AMD, Nvidia?
Honestly you should rename this to "Is Vanguard Spyware?" or "Is Riot Game's programs Spyware?" because I literally linked this to a friend who begs me to play League (which also uses Vanguard now by the way) and he simply responded with "Don't play Valorant so doesn't matter" and won't even watch the video...
He might not be the target audience but simply asking if Valorant is spyware isn't really accurate anymore now that they're forcing it onto players for all Riot games now.
so ture, most of the people is not smart enough to understand this...
i have a friend too and he does not even care about it, he literally saying "everyone is stealing the data".
🤓 actually vanguard is currently only on the philippines server so if your friend is not playing on that server he does not need vanguard to be installed to play league
league does not use vanguard
@@COLAdg for now...
I dont know if this is helpful or not but I usually play valorant on seperate os that i installed on a different hard drive, its a debloated lite version of windows 10 with none of my data included, no sign ins, nothing. Just Valorant. I did this because I use windows 11 as my main OS and my CPU is fairly old and doesn't support all the tpm features valorant needs to run. Am I still safe or do i need to switch to a vm?
yeah its safe
Its safe either way tbh, this video is quite bad, things like cs go have a worse anti cheat but basically do the same thing.
@@FlazuelJr we found riot dickrider
I doubt the anti-cheat would work inside a VM, but completely isolating your two Windows installations sounds pretty safe
love your video. honestly underrated
wish to see network activity when the game is not running. May be very definitive red flag.
With a half comprehensive firewall, you can set up logging and rules to do just that. The dream machine pro is a pretty good one if you like Unifi products.
@@ahabsbane this is a good suggestion, but it still can accumulate data when there's no internet access and send it right after you start playing the game, essentially unblocking the firewall.
I mean, you just saw those connections in wireshark, the game was not running.
@@pcsecuritychannel well... It definitely means it's totally not a spyware =)
@@anispinner this is not about blocking it from spying - but about clues if it actually does that. If it sends something when the game is not even running - does that mean something?
Yes, any DRM that runs with kernel level permissions can be considered spyware turning into malware category, Windows is already a data harvesting center, no need to add more vulnerabilities to it.
Have you tried proxying the HTTPS connections through Burp or similar? If they don't enforce HSTS then you could read most if not all the packets, although latelly a lot of endpoints are enabling this feature
You think anti-cheat will communicate with server using https lol? Anyway, even if you bring up a local DNS server, most likely the traffic will be encrypted, so the best solution is reverse-engineering and find encryption method before send and after recv.
@@partoftheworlD I doubt it uses plain HTTP…
That is all I needed to hear
Something I'd like to add simply as food for thought is that vanguard, from a anticheat perspective, runs before user mode is initialized due to the fact that cheating drivers are able to be launched before user mode initializes as well. This way the anti cheat can catch cheat drivers that inject into the host pc to then uninitialize before VGC can run. I think their are much better work arounds for this rather than making your AC run as a kernel driver 24/7 on your pc but it does make sense as an argument as to why it needs to be initialized at boot.
Someone with critical thinking skills in the comments? You can't be here lol
You're completely right. It makes perfect sense that it works and runs the way it does. Most people just use the word rootkit as a buzzword because you can farm clicks from people who wouldn't change their opinion even if the AC was found to be safe.
Riot would be stupid as hell to use this to steal anything from its users. Their reputation would not just go out the window but they would also be in trouble legally.
its a good excuse but there are surely other workarounds. also the anticheat doesnt work properly and people are still cheating so there is that...
@@zezanje1 I mean no defensive system is going to ever be bulletproof. Anti cheat development is a game of cat and mouse. Also, i agree with you on their being other methods, just playing devils advocate for the purpose of providing food for thought
@@Kosaii- ye i understand that completely but then why be so invasive when even that much isnt goign to bring you back to where you were a few years ago + a lot of peopel wont play the game just because of that. and now the same is going to happen for league. in my 8 years of playing league i have never met someone who was scripting but now they are supposedly all over high elo so that is why everyone in low elo is forced to have this invasive anticheat on 24/7. makes no sense. they should do something similar to how valve treated csgo. you were allowed to type in a launch command that dissables some parts of the anticheat so you could have programs like discord, faceit and nvidia overlays on during the game, but beacuse of that there are slightly bigger chances of you meeting cheaters, like you are put in sepparate queues from people who dont have that command on, but then again most people prefer to put on filters while playing cs so everyone would have that command on and there was no purpose for the change to make game more clear of cheaters, when its quite clear what the playerbase values more, and i feel like the same woudl go for league. the only peolpe that have problems with cheaters are people in the top 1000 in each reason so a total of less than 10k people, and because of that dozens of millions will have to have invasive anticheat on...
@@zezanje1 that's just dishonest. No one has ever claimed that valorant is cheater free and riot never claimed vanguard would do that. How about not making a bad faith argument because you're too uneducated to actually think of something that makes sense.
An excellent topic since it involves so many games nowadays.
It would be great if you could do more reporting on similar software, so that people can make more informed choices.
Whenever I installed Valorant and had Vanguard running in the background, I often experienced blue screens, occurring once a day when playing other games or sometimes crashing when browsing random stuff on the internet.
Thankyou for explain.
They claim it needs to run 24/7 so you can’t inject cheats before u open the game. So when you’re injecting before joining the game, you essentially get tagged and you’re banned. My question however is, how do cheat developers still get around it? What’s the point of having kernel rootkit on your computer when you can still cheat? Then it all adds up. Tencent.
How many blatant cheaters do you encounter in your games though?
I encountered only one in more than 400h of playtime, and the cheater was actually banned mid-game. Nobody complains about cheats in ranked, that's how trusted Vanguard is regarding banning cheaters.
Maybe it's spyware idk, but regarding banning cheaters, it does a good fucking job.
@@namufoxy LOL most ppls cheat with simple AHK scripts that aren't even recognized by anticheat. That is a sad fact. They just want you to believe it god tier anticheat when in reality it's just there to farm your data. Don't be stupid my guy, who wanna cheat will find a way.
@@namufoxymaybe because some people closet cheat or arent as oblivious to cheating, closet cheating is ALWAYS seen and is really easy to do when you have experience actually
@@user-zd3iz3xx6k Nope in Vanguard most (if not all) memory injection cheats are detected quite easily. The cheats that people use usually involve a PCI device and a second computer to read the data, for less serious cheats like radar cheats. The aimbots most Valorant cheaters use are Machine learning image recognition HID-based cheats, that provide mouse inputs based on where the enemies are on the screen.
I am NOT justifying vanguard's level 0 previleges, I'm just writing some facts for clarification
@@asldfkhjaslk all that yappin but the only blatant cheat in there is aimbot, everything else is used for closet cheating
Really love this Format! Would love to also check other games with anticheat if possible!
I really like that process explorer, where did you get it ?
It's from the Sysinternals Suite, procexp
Nice video!
I would have some follow-up questions based on this observation:
- How much data does Valorant send when the game is not running? Are we in the kilobytes, megabytes, hundreds of megabytes per hour?
- Does this value increase significantly when the game is running?
- Are there other events that cause an increase in the amount of data sent? Such as filling in a password/credit card in an online form, typing China or Taiwan on the keyboard, etc.?
These could help us understand more about what it does :)
Thanks!
china actually wants access to the 5 dollars in your bank
valorant sends everything about your config to tencent in the TB range from advertising data to last windows install date, if the game is running it doesn't send anything and functions purely as an anticheat, if you make online payments specifically for riot skins it's reported, other transactions are logged but are disregarded, it also sends more data if it suspects you are using a vpn, riot also keeps a log of if you're browsing their secret list of account selling websites with an IP kept, some of it is security through obfuscation
source: nothing, this is just baseless speculation I was hoping someone else could contribute
@@trektncome on I read your message hoping to get a source and its just nonsense
@@FlazuelJr some of it is plausible, riot won't tell us what they check or do so cheaters can clean up their footprint in those areas so it's not a completely bulletproof anticheat if you know the right things to hide. Some of the things they are actually checking is DMA devices if you potentially did something cheaty but possess a device that can freely edit memory
Yea, that is exactly why I don't like this anti cheat, not because it's kernel but the behavior
Unless you have value in your pc doesent matter at all I
@@corpingtons in every situation you have something value in your pc)
@@yrmuqif i had a pc for gaming i would specifically make it so theres nothing of value on it and i would have it on a separate network because video games are chalk full of malware and online games open yourself to network attacks from easily angry gamer script kiddies.
@@ricerice245you are just hating on video games 😂 and spitting random accusations around
@@ricerice245just say you don't like to play games
This is why I love this channel. Keep up the great work!
If I uninstall valorant does dit actually remove the kernel level anti cheat or is a clean windows install required?
You can uninstall Vanguard separately in control panel from the game.
i heard even if you disable it, its still running, is that right?
i literally deleted valorant and youtube recommenced me this
your data has been sold to the youtube 😂
theyre in your walls. u nder your skin. ... inside your brain .. . . . wake up . . . . . . . john google is onto you..
@@EfeDursun125data is being sold everywhere, i mean idgaf if youtube sells my name or password, f*** tencent its just personal hate
get a fresh install of windows you still have the backdoor
delete vanguard too if possible
Wou, thanks so much. I have waited so long for this kind of video: Video-games + Cybersecurity.
Please, the next video could be EA/Respawn Apex Legends? Recently this video-game had a scandal related with cheats and it's anti-cheat in online competition.
Thanks!
Tencent owns EA therefore they also own apex/Respawn...
I used to get blue screened when trying to uninstall vanguard. Had to delete registry keys to fully remove it
I’m pretty new to the topic, I stumbled on this video. But you got me curious. Maybe you can answer the question, why does Val (like the actual application) sometimes stay active, even if it seems like you closed it? In task manager is sometimes still showing their win-shipping exe running… and I wonder if that’s just mu pc or not…?
Think thats just the game not closing properly.
kind of a wierd thing, when i unistalled valorant its still in the task manager start up with power on programs as a file that can be turned on or be disabled and the icon is a deaflot icon for txt files. Is it still spying on me , idk but im a little bit concerned.
Edit: the file name in task manager is "Riot"
prob riot client
dude riot is not fucking spying on you. you uninstalled valorant, not riot client, just uninstall riot.
@@omniyx7837 that's the thing, I don't have riot installed
Beautiful wallpaper, where did you get it?
How do i get that DLL view?cause vangaurd still doesnt appear under processes which is a bit concerning.
Please can you also do Naraka Baldepoint? It's also free2play and has been rumoured to also contain Spyware and requires you to disable windows security settings just for it to run.
Thank you! 😀
Also not to mention that it REQUIRES you to have Secure Boot enabled in bios 💀
Meaning that if I want to run linux based distros and play valorant on Windows, I gotta non stop switch bios settings
Oh! Didn't know that! Thanks
That sucks but as a Linux User I'm sure you're skilled enough to make your OS secure boot compatible ;)
You can just install windows 10 and ditch the trash that is windows 11, i dualboot arch+win 10 and no secure boot is required.
fedora, ubuntu, debian and linux mint all have secure boot support, but it can get dicey if you use the nvidia drivers that arent part of the main OS.
This is why you use open suse.
For it would be a very easy decision.. I would not even consider getting the game. I don't care if it can be disabled (but can it really)... It is a matter of principle.. And coming from a very questionable source makes it even more problematic.
Would be nice to see some traffic figures with the service actually activate while not ingame.. If it is still sending/receiving data or maintaining connections.
And as for malwarebytes.. I've tested 3 major antivirus/total security solutions in the last month.. Malwarebytes, ESET and Norton 360.... Malwarebytes was slowing my system down so much (it fealt like by more than 50%) it didn't pass the test.... ESET was the best performance wise. But finally settled on norton 360 deluxe because I could get it for a very affordable price. So far it does not dissapoint.
Performance impact seems a tad higher than ESET but overal great. Malwarebytes needs serious work (IMHO).
I also absolutely dispise Malwarebytes big android like interface.... Like I'm running it on a phone or console. I haven't seen any comparison videos testen several antivirus back to back for years now I think.. Aside from your ransomware 200+ script tests which you seem to like doing but in my opinion the way you are testing it is far from optimal.
i play the game but i feel like these are one of the things everyone should be aware of with such a delicate topic as data collecting
I set my firewall to ask me when any app is trying to connect to the internet... Vanguard always try it whenever you out of the game from some time. You play, some time later it try to send data via UDP connection. I wonder why
Updates
There's loads of services and apps that are always connected to the internet for the purpose of checking for updates and downloading them when a new one is sent out.
Does the vanguard driver get uninstalled alonside the valorant&vanguard system when you tell your computer to uninstall them?
no
@@uigoku8600 when uninstalling val and riot it gives u an option to uninstall vanguard tho?
Tencent is a huge 🚩
yeaahh but so is like every big corporation
yea racist
@@johnli7818 wtf
@@ingohregg688 yeah, but difference being Tencent is from China, and lets not fking pretend that China goverment isnt way worse than some others big corporations (unless we are talking about the US)
And screw anyone that thinks that this is somehow ""racist""
@@johnli7818 what?....
Can't we somehow change the private key so that we can decrypt the data? Or maybe fetch the original key?
Read it off the memory or the dll
i would love to see a video about that if it's possible
No, you can't... How tls work is that you get the server's public key and use it to encrypt the connection and only the server's private key can decrypt that...
Look at it like a pair of padlock and key, the client and the server exchange their locks (public keys) during the handshake and then the server/client lock the message box with the other's padlock and only the server's key can unlock just like only your private key can unlock the server's response...
You'd have to actually hook the functions or read the memory to see the message before encryption
what scares me the most is when i hadn't touched the game in like a year i wanted to try it out with some friends but i had gotten perma banned when i hadn't even played the game for "use of 3rd party programms" at first i though my account had gotten botted or something but it is deffinetly very weird to me still.
Systemcare can off the background vanguard if open the valorant. vanguard not opening but you need to optimize use systemcare after open valorant
I really like these types of videos, I wish you would bring more of this content. You can include R6, Cs2 or some games with Easy Anti Cheat, and then compare them
cs' anticheat is a joke
yea none of them works lmao thats why you need vanguard
@@johnli7818 huh
@@Nabashy have you played those games? I invest thousands hours in Cs, hundred hours in cs2 and thousand hours in apex. They are flooded with cheater. Imagine the pro league of Apex legend NA tournament got hack mid game literally! That tells you what EAC is capable of nothing.
@@johnli7818 always been like that all you goota do is pray god not to have cheaters in your game we ll been there i have 5k hours in cs and 2k in apex i play them a lot
I would suggest looking at a rampant development of "cheating" software, where things go up to having a separate system running video analysis and sending commands to a mechanical mouse controller connected to a gaming station. Or "mouse assist" software. What I think AV companies are missing is a gaming solution. Most of the AVs have ELAM drivers so you are already up in the filters list anyways, you just make a product game companies can all on a machine and after a success reply progress into a game menu.
Fun fact.
Any media that is owned by the chinese is OBLIGATED to lie when asked.
So Riot is not only lying, they are legally forced to lie.
Yes it is, the difference is that they're forced by law not to sell the data they collect, but by the other aspects it is, in fact you would be scared if could see the amount of data they collect per day.
It could be interesting to set up a Pi hole DNS and use it to monitor the DNS lookups over a longer period. Plus trying to block some of the domains to see if the game is still playable.
apparently, anything you do to it gives you a BSOD. certainly wise to have such unstable software in your kernel.
@@guguigugu Ah yes, totally not a rootkit
@@shroomer3867 You're so delusional, drivers are specifically made to BSOD you if you tamper with them. They will have hooks on debugging flags and any changes made to the driver will cause a BSOD. That's how every single AC driver works, they BSOD you to prevent cheaters from reverse engineering it further.
@@guguiguguYou don't test software stability by disabling shit it needs.
@@ehqwk thats exactly how you do it
interesting video! if you could do another video on anti-cheats like faceit aswel would be great!
Agreed, vids on easy anti-cheat and BattlEye too would also be really helpful
also make sure to deactivate the autostart for vanguard
Not to mention about random stutter that happens on most DDR4 AMD with FTPM and secure boot issue, although it needed.
something to note about FACEIT: while you can stop it you cant play online just by turning it on again you have to restart your pc aswell idk why that wasnt mentioned
edit: should also be noted that one of the ways that csgo cheats bypassed vac for a LONG time was just shutting down vac/steam loading all the stuff needed and then turning it back on so its not like its completly pointless that vanguard is always running and wont let you play valorant if you've turned it off.
It was making my computer restart immediately after shutting down Vangard, so i couldnt use my computer at all unless I left it running, the games not good enough to deal with that, so its gone forever lol
you dont have to restart your pc for faceit AC to work you just have to load it up and restart your game
Simple redundancy check would solve the vac bypass issue which u mentioned in ur edit ? Dont u think ?
I don't trust tencent with a 10 foot pole
Riot games is located in California not china they have stake also riot employees are us citizens it’s not a virus
its called tencent cuz every person that uses its product gets its personal data stolen and sold for ten cents
I don't trust anything that's under the CCP's control, not even chinese citizens abroad. Look up chinese civilian-military merge laws, there are NO chinese civilians, everyone is required to act as a soldier or spy whenever the CCP requests it.
@@PartlyXenonfool go be a teacher at some high school or something homie. Dont waist yo time being up in them comment on RUclips
I assume you don't play any unreal engine based games, you don't use discord, you don't play any games on your phone being made by studios where tencent has stakes in them etc. Or else this is just a lie you tell yourself at night to sleep well.
Questions to the folks who are more familiar with Windows kernel drivers. Is it necessary for a high-privilege drive to initialize at boot time? If not, can it be stopped and started without full OS restart?
Did you install Valorant on a VM? If so, how did you do that?
When I disabled it from auto start in Task Manager does it still sturt up hidden? The game never requires me to restart a pc when I launch it (so I think it does) but wanna be 100% sure
Same here...I disabled the auto start and never saw vangaurd on my system tray after that. The worst part is that the game runs fine without it. So I checked the services running and saw that vgc.exe never runs even if I launch riot client. Either vanguard is just useless or it is running a process which I am not aware of...
Most likely you have disabled only the tray icon. The driver still runs.
So i deleted valorant like last year i went and checked my process explorer and found that the kernel mode driver is actually still running, how do i quit out of the driver so i can delete it?
Open up command prompt as an administrator
type in "sc delete vgc" and then enter
then type in "sc delete vgk" then enter
reboot and then open up file explorer and go to C:\Program Files\
find "Riot Vanguard" right click it and delete it
viola
go to control pannel and delete valorant from there. it should give you the prompt of if you want to delete vanguard
Get yourself the free trial version of the REVO uninstaller since it uninstalls more than just the program itself but also everything else it at some point left in your system
@@eagleclaws1781Bruh. Settings has a uninstall button and worst case search the program in “This PC” of the files app. You don’t gotta install more software.
well made video good work brother
What’s the best way to get rid/uninstall the riot client & vanguard? I uninstalled valorant a while ago because I dislike it but the launcher & anticheat still remain
Ok, so Vanguard is coming to league of legends soon. I'm thinking of only running the game on a separate computer from my other work and games. Do you think that would be a good idea and keep myself safe from issues?
I mean you COULD do that, but you could also just stop playing league. I think we both know the healthier option.
anticheat for League??? that's definitly a malware then
If you are an important or popular person and have extremely confidential documents (company CEO or something), then yes, you should have a gaming PC and work PC. Mainly because you never know the vulnerabilities in games and apps. If you are an average joe, then no. The only thing you should be concerned about is someone hacking fully into any anti-cheat. Even if they do, memory reading is extremely tedious so, again, you’d most likely have to be a target.
@@Icerz. You forgot that data collection compagnies spy on everyone and Tencent is one of them
Great video. Would you check the anti cheat for things such as helldivers 2? I heard that is also a intensive kernel level anticheat that is very disliked. But is it worth avoiding?
was considering buying this game, so also would like to know this
Actually, EasyAntiCheat and BattleEye are also Kernel Level as far as I know so games like PUBG, Apex, Ark and co are the same.
Never had issues with Helldivers tho
only worth avoiding if you use illegal porn. and you are not a main character in a show. Only important people need to care about security. most anti cheat today are kernel level. windows alone is already a data harvesting machine.
You are more likely to die than being exploited by this kernel level cheats.
Yeah amazing video.
- "I dont know what this anticheat is doing but it spooks me and its also chinese so its a SPYWARE!!!!!"
@@sas408 cannot wait for videos like this but for antiviruses, with their logic is easier to unalive yourself because everything and everyone collecting data on you even if you are not using anything, simply going outside getting you spied on.
This is why open source applications are so important
Is it possible to verify that Vanguard actually does stop doing things when you disable it or uninstall it?
No, not really its a Kernel level rootkit, also fun fact about vanguard, normally if a process crashes it can only effect things at its privlige level, but since vanguard has privilige over every process it can (and has) crash and brick your entire computer. There is a gist article about if you want more information.
Wait, if riot vanguard is turned off as startup, it should not run 24/7, right? The icon symbol does not appear. When launching the game you need to give admin permissions to launch it
Yup, you can disable it so it doesnt boot on startup, and its off untill you turn it back on.
literally 3 seconds before pressing the install button this video appears, thank you
Tbh this video is pure shit, go have fun on the game. Your phone, windows, google and RUclips do has much has vanguard does
Thanks for the video!
Will uninstalling it be enough or do ya need a removal tool?
Btw dont get scared by this video, your data aint safe anywhere, from. Google to youtube to even just windows and your phone. Uninstalling it does work but there’s no point to it
From what I've heard from the vanguard developers the main reason for the need to have it launch on boot is to prevent tampering with it prior to launch. So to summarize all of it's odd features:
- Anticheats are useless unless they are embedded within the kernel
- Vanguard is one of if not the best at detecting cheats
So the simple answer seems to be that these are just measures taken to secure the competitive integrity of the game. But I don't doubt that somewhere along the line someone at tencent has looked into this and seen a juicy juicy data collection opportunity. I believe the original reasons were honest, but that they might've been turned into something else along the way.
Well yeah Vanguard goes hard you are almost guaranteed to get banned from Valorant in the first 30 minutes-1 hour of using cheats a friend of mine was in a comp game that ended because someone turned on their cheats it is a necessary evil otherwise the ranked games would be filled with nothing but cheaters
Finally someone reasonable that doesn't parrot the same shit all these idiots do. I applaud you for having critical thinking skills dude
Vanguard is average at best, valorant has as many cheaters as pretty much any other game. Original reasons behind vanguard are irrelevant, point is that CCP can request data from tencent at anytime.
@@IWatchSecksTheres no way you say it's "Average at best" when high level CS players find cheaters to be a massive problem while high level valorant players basically never complained about cheaters.
@@IWatchSecks "average at best" why don't you list me all the competitive games and their respective AC that are better than vanguard. I've been playing for 3 years now CONSTANTLY duoing or stacking with my friends at diamond and WE have personally never seen the red screen during those sessions. Im curious what you think is better
Me watching this with Valorant running in the background
Lmao😂
💀💀💀💀💀💀💀💀
Bro silently closes valorant 😅😅😅😅
Dont let the video scare you, you’re data is already there, your phone, google, youtube and windows already sell your data.
On my setup. I disabled Vanguard on startup, and the Vanguard icon is not showing on the taskbar tray, it is not also running when checking task manager. However, I can play Valorant and League of Legends.
task manager usually show u deeply embedded stuff running like that right?
What software i need to view these deep proceses
You legitimately cannot, Kernel level 0 means the actual hardware of your computer, this is always obfuscated because you simply do not EVER need access to your mult register or your cache lines, it will literally be able to do MORE ON YOUR MACHINE THAN YOU. Sorry for caps but I cannot stress this enough.
Awesome video as always. I don't trust them. They will bring this malicious software to LoL in a future update. 😢
Also, Please make an analysis video for Opera GX. It's another software called 'chinese spyware'. 🤔
was that your private IP and location?
local one, so worthless
So can i install tft on a vm or does vanguard also start on the host then?
there was something weird about the fact that Vanguard anti-cheat was announced on Riot's anniversary when they announced the game. they didn't spend a ton of time on the game overall, the beta wouldn't launch for a few months, and they decided to spend that time announcing... a new anti-cheat? they really wanted you to know it was a *really* good anti-cheat, and showcased how it would put a huge "game terminated" screen if it detected a cheater, and everyone was like why?
Its because most popular fps have tons of cheater and its annoying, so by announcing that its really good its selling the game has being more cheater free than others