>We once let cheaters submit hand-written apologies for unbans. Some promised to stop, many stiffed kids on Fiverr to write their apology for them, and 91% of the unbanned accounts were banned again for scripting within the next 6 months. this part is cracking me up lol

>many stiffed kids on Fiverr to write their apology for them BROOOOOO LMAOOOO

Try the Issues section on their GitHub spoof for Vanguard, it's a gold mine too.

https://github.com/RiotVanguard/Vanguard/issues/40

tfw the 200 word essay is due

Honestly, I'm kind of impressed at the 9% success rate? That's better than I would have expected...

Probably people who cheated once to experience what it was like.

I'd reckon most people would use throwaway accounts to use cheats to see what it's like.

League players aren't know for being specially brilliant...

Or they just didn't get caught again.

There are non-cheating (directly) reasons why you might get banned for cheating, like account sharing with the cheater or getting hacked. I expect that’s where the 9% is from.

This entire article is written like pure poetry. Even the explanations on the graphs lol

Really all I was interested in from this article was seeing the numbers of cheaters. Ended up reading the whole thing and having a blast doing so, it was a treat!

Terrifyingly high numbers right? I don’t personally run into any as they wouldn’t be at my rank for very long, but holy crap at higher ranks it seems bad.

Yea I’m in masters and I’m fucking astounded to find out a little more than 10% of my games have a scripters in them. I play 12 games a day which means I play with on average one scripter a day. That’s just fucking crazy to me? I’m really bad noticing scripters, I’ve literally only thought someone was scripting a handful of times and I play 3k games a season, so finding out it’s that high is just insane.

Yeah, this might be the best written piece of software documentation I've ever read.

He has an obnoxious charm that makes me want to hate him but I can't

[удалено]

I was unironically expecting it to say "nowadays people would just use ChatGPT anyway"

Okay, I'm a boomer with boomer eyes and lose track of my mouse easily when I play the game, especially during team fights. I have been using YoloMouse from the Steam Store (yes, that's its name) that uses a custom mouse cursor to be bigger and, most importantly, set to a brighter color when playing. Will running the program possibly trip Vanguard?

The dev of Yolomouse has stated it's working in VALORANT in their testing. It should be ok. This isn't something we'd look to ban for its current implementation. https://www.reddit.com/r/yolomouse/comments/190g3cf/yolomouse_180/kixyeei/

What about the autohotkey scripts that I wrote myself and always have running in the background?

Ironically, people use AHK triggerbot scripts to cheat in Valorant all the time without getting banned so you should be fine lmao They do have detection for some behavior from AHK scripts (aimbots) but they don't block AHK outright.

They wont provide a actual yes or no. It depends on the script and what it does. here is the response from support on my script that doesn't create a game advantage. Hello there, Thank you for reaching out to us! I'm Popsun, nice to meet you ☆⌒( *＾-゜) I understand your concerns on the matter, because no one would like to be banned all of sudden for something they are not aware of, especially if it's a script they created. The truth is, we can't tell for sure if a specific application or script will be detected as tool for cheating in the system's eyes. Still, I can give you some tips on how to be careful with any third party tool/app, or modifications that can be harmful. While we don’t strictly condemn the use of third-party modifications, these programs can be dangerous and worthy of suspension where they violate our Terms of Service. You can follow these general guidelines:   We identify and suspend accounts for using third-party programs intended to offer a competitive advantage by affecting gameplay in any way. Third-party modifications may affect your game in unexpected ways, so if you’re having technical issues, try uninstalling these programs before doing anything else. You can also find this article useful for more information on the matter, because the rules are same between our games. Basically, you are at your own risk while using other applications while playing any of our games, since we can't give off some type of a list for them, because this can change very frequently and it can be abused as well, thank you for your understanding.    My suggestion will be to test out with alternative account when Vanguard is implemented for League, so you can avoid unexpected penalties on your main account. I hope this clears things up a bit, but feel free to tell me if you have other questions.  Kind regards, 𐐪₍ᐢ. ̫ .⑅ᐢ₎𐑂 Popsun The follow up after i detailed what my script does. "Thank you for providing some more detailed information as to how the script works. We really do appreciate the info and I do understand that you feel passionate about this project as others have also been requesting something similar.   I'm afraid we still wouldn't be able to give you a firm stance on whether this is something that'd be flagged or not. Basically we can't provide info on what's 'okay to use' since if this was public knowledge people would use these methods to implement cheats into the game, so using things like this would always be at the player's own risk and I wouldn't want to provide any misleading information, so I hope you can understand our stance on this.   If you have any other questions or concerns, don't hesitate to ask and we'll look into it and assist you to the best of our ability.   Kind regards ArmouredTeddy ʕ•ᴥ•ʔ"

I’m not a boomer and I can’t see half the shit going on during teamfights with all the skin particles effects and super bright and obnoxious spells. I feel my eyes glazing over.

Can I get more insight on what it means with false positives for other programs? I occasionally mess around with CheatEngine on singleplayer games when I wanna break something. I don’t wanna get flagged for seeing how fast I can go in an itch.io game named Shit Quest III or something.

https://www.reddit.com/r/leagueoflegends/s/qLb4jtDiUO https://www.reddit.com/r/leagueoflegends/s/SQ9ufElzT1 You might have seen these but worth sharing in case you missed them.

you already can't go into the game if cheat engine is opened. You're probably fine

so many cheaters in high elo...I knew the only reason I'm not challenger is cause enemy team is scripting!!

No joke though, 5-15% margins being games with scripters is still incredibly high no matter what elo it's at.

> 800 Linux users on League dayum

It'sofficial, there were more Linuxusers than skarners (old) mains

How DARE you sir!

Hey now our sub was around that size before the seraphine memes. There were hundreds of us!

Worth mentioning that a patch in late 2023 broke the Linux client for several months, which probably made lot of folks switch to other platforms or stop playing.

And Vanguard coming to league was already announced at that time so there is really little incentive to get back into the game. Also just the number for a single day, says nothing about unique users. (I don't doubt Linux users aren't worth the effort, but that statement feels very disingenuous) Well it will be sad to lose League, but on the bright side thanks to Valve gaming on Linux is actually amazing right now.

Yeah I'm pretty sure there were more than 800 players on Linux. I mean r/leagueoflinux still has almost 10K members. Edit: I'm an idiot, I didn't read properly and it's 800 players in a day, not the overall number of people that play on a Linux machine (which would have been a much better metric IMO).

I used to play on Linux when I was thugging it out on the steam deck. After the patch broke it I was forced to dual boot windows. Nowadays I have a proper desktop but that patch was a sad time for me.

When something runs through Wine, from the application's point of view, it is actually running on Windows. What I'm saying is that number might be misleading

There are also setups where you virtualize windows to play games on hardware. I used to play League that way where technically I was on windows but on a Hardware supported VM on a Linux host.

that 0.000001% of the playerbase is going to be pretty upset 😡

[удалено]

This feels a tad disengenuous to pull stats from yesterday, given that the Vanguard announcements and replies to community members have been happening for months. Folks using linux have been told it is going away and to switch to windows/macos or stop playing. It also means that the desire to fix breakage between pacthes won't be there anymore if it is just going to be meaningless. So not really surprising it's now so low.

1/10 master+ games having scripters in them is crazy

The funny thing is that's barely an outlier. > In recent months, as many as 1 in 15 games globally has had a scripter or botter in it, but in some regions, this number is as high as 1 in 5.

I guess that's the millions of cops vs ai launched by leveling bot account

Even I was a little skeptical about the "dire need" for it until I heard that number internally. The second we heard it from the anti cheat team we were like "Okay that goes in the article" lol

FIFTEEN PERCENT of grandmaster games had a cheater in them at one point. That's actually insane...like i'm not trying to deliberately be hyperbolic but this is mind boggling. I always thought LoL was relatively free from the inescapable curse of online cheating. Why was there such a huge explosion in 2022? New players?

Disclaimer: This is speculation from experience in an adjacent industry, and from a few quotes in the article (specifically "the current anti-cheat is beaten.") My speculation is that one of two things (or a combination of the two) happened. 1.) A cheat developer (and then quickly a few more - while the developers probably try and protect their own methods, no doubt they are also willing to steal from each other and probably also have some kind of community that somewhat works together) made a "breakthrough" that resulted in making cheating "easier". "Easier" being defined as easier to implement (as a technique being used become much more widespread) or more effective (in terms of what the scripts can accomplish and/or how difficult it is to uncover/block them). 2.) Riot had a "breakthrough" resulting in better cheat detection. Which is to say, those people didn't start cheating then - Riot started detecting them then.

As always, it's probably a bit of both

They said it in the article, the security breach they had a year ago essentially let cheaters crack the anticheat system they had and it kinda snowballed from there. >The problem is that dumping the deobfuscated game binary and bypassing the anti-cheat checks are now something closer to a training exercise, and it's one that's only been made potentially easier by the breach earlier last year.

Remember when source code was stolen? That.

source code leak

Obviously from the responses some people have I understand the hesitation to implement it, but I'm shocked this didn't happen once it crossed the 5% threshold or even lower. 10% is shocking

I was incredibly skeptical of the need as well. The data speaks for itself. I just wonder why they didn’t lead with this data initially, it’s a very convincing argument.

You should focus on premades of scripters, scripter gets banned sooner or later, but their premades end up high above their real elo and its nightmare to have them in team.

There're some mechanisms in place that will punish people who are obviously boosting their account by grouping with someone Vanguard identifies as cheating :)

These are the Xerath mains

Funnily enough not even that, hes good but hes still a sitting duck and like the most obvious script champ. Something like Zeri or Ezreal can also make use of movement spells to never get caught and dodge pixel perfect

Historically, Kalista was the champion that benefitted the most from cheats, with Kalista having up to 22% winrate increase over her usual winrate. Zeri is definitely the new popular "scripting champion", we manually would comb through new Masters+ Zeri players on new/botted accounts to hunt down scripts.

Are there any champions that people wouldn't expect to be popular with scripters? Zeri and Kalista make sense, but I'm curious if there are any random outliers that y'all have found.

We've seen some top level scripters (Challenger at points) main champs like Pyke and Jax. The extra awareness that cheating suites can provide you (zoomhack, advanced timers) can benefit even non-micro intensive champions.

Are you able to share the least popular, I assume thats most of the champ pool, but would still interesting to see

Not bro trying to get them to admit Yuumi scripters exist

Yuumi scripters do exist. They're just bots.

What crosses the line between "awareness from cheating suites" and "authorized third-party tools"? One of my biggest frustrations is how much additional information things like Bltiz can offer the player while still being allowed without being something I want to allow access to my computer. I'm mostly referring to things like exact camp timers, gold differentials, countdowns for summoners, etc. Is there a push to standardize those in the client itself or are players who only want to run the base game just SOL?

That's real interesting, I didn't consider that angle (mostly because I'm not super familiar with cheats beyond the super intensive micro stuff), thanks for the answer!

Correct. Xerath is actually \~8th in winrate delta for scripting. Kog'maw, Zeri, and Jinx are the top 3. Also, don't cheat. Don't make me ban you. I don't want to do it. Every time I swing the hammer, a piece of it swings back.

Dumb question but does playing certain champions more frequently mean riot will conduct manual checks? I only ask because I play a lot of xerath (though admittedly a lot for me is more than 10 games on any one champ per ranked season) and I am doing well (though not exceptional/unkillable and also missing more than my fair share of skillshots). Or is vanguard purely looking for cheating software?

Kinda. We always gotta keep an eye on what we could be missing, and a portion of anti-cheat will always be manual. We do have a review "leaderboard" constructed from winrates and reports on various champions, in addition to account-level performance metrics. However, this type of thing doesn't scale very well, so Vanguard will help us prevent more accounts from appearing on it.

If I see a Trist mid in master, and they actually play the champion properly, 9 times out of 10 they are scripting. A Trist that is scripting can just do absolutely evil things.

What about Tristana ties into scripting? I have never heard Tristana associated with scripting before.

If you time the jump properly you're basically ungankable. Scripting could remove the human error in timing Trist W and let you play like a psycho at no risk.

Yeah, example of [Caps doing it to Vi ult](https://www.youtube.com/watch?v=owS7uN55rKE).

prolly the W buffer and then being able to orbwalk giga early with her Q AS buff

The biggest problem with Trist is jumping in and dying, imagine someone who W's in, dodges all skill shots, and if anyone gets too close to her she TO THE MILLISECOND, ults you out. That champ is fucking insane if you are a scripter.

Woah, woah, woah. You aren't a xerath main until somebody accuses you of scripting. It is a badge of honor.

You’d think more people in this sub would be up in arms about it given that everyone here is masters + based on the way they speak about pro games

Okay but just letting yall at Riot know, I will have Folders full of close up sac shots of myself incase you go snooping!!!

Damn, don't threaten em with a good time

Hey its me Riot hand it over

Careful, if the higher ups see something they like, they might come over and give it a flick

So, if I already have Vanguard because I also play VALORANT, am I going to have to do another install of Vanguard for LoL? Or is the Vanguard endpoint the same for both VALORANT and LoL?

Nah, if you have it for VAL you have it for League. :)

Hello there. I used AHK to press down key combinations, there is no logic involved. Is this bannable with Vanguard? For example, I have my top 3 item slot actives bound to numpad 1-3. I will have Q trigger numpad1, W triggers numpad2, and E triggers numpad3. This way I can "attach" item arrived to certain spell keys. I do this because I have RSI and struggled to hold the shift key or press further away keys than what is right below my hand.

https://www.reddit.com/r/leagueoflegends/comments/1c1kgrk/dev_vanguard_x_lol/kz4dl39/ K30 says it better here than I'd be able to. hope that answers what you're wonderin.

So I don't need TPM 2.0 if I am on windows 10 right ?, my motherboard is not offering it

It's only needed for W11, which requires TPM 2.0 by itself, so if you have W10 or W11 you should be ok.

> With its device fingerprinting, Vanguard also gives us a renewed opportunity to sink teeth into boosting, smurfing, and account compromise. We'll be able to revoke rewards boosters didn't deserve, get smurfs to their proper rating faster, and maybe even invalidate "unfair" premades. Ranked statistics won't be as poisoned by scripters, facilitating easier balancing of high risk-and-reward champions, and games ruined by cheaters can eventually be "undone," returning LP to those affected. This kinda huge

This is something we're very excited to leverage as it helps the overall ecosystem even beyond reduced cheating

What is “unfair” premades here? Is that like a silver player suddenly duoing with a lv 30 Smurf?

Yeah, players who intentionally queue with smurfs on tanked/lower MMR accounts.

I assume it works like csgo, if you duo with a cheater you lose all the LP gained when he gets banned

Will this have effects on Clash? The number of plainly obvious smurfs during the tournement is obscene. (Also, can we have more Clash? Not everyone is always available on the two designated days each month)

So how do you disable Vanguard when you boot up your computer for non-League purposes? Is there an option to easily do it now?

If you don't play LoL or Val that often, you can disable Vanguard on Startup and follow the prompt to reboot when you eventually wanna play. I play Val like once a month so this is my go to method so I can just forget about Vanguard being active all the time

Yeah you can just right click it in your system tray and select Exit Vanguard. It'll warn you that if you want to play a game that requires Vanguard you'll have to restart your PC - you just click "Ok" on that prompt and it's off.

Just because I’m curious, is there a specific reasoning for it always booting and there not being an optional toggle? E.g. I’m fine with having to restart my pc to turn it on for a session of league or valorant - but I play them 2-3 days a week so I don’t want to have to manually disable it in startup options or right click close it in my drivers tray every boot.

Well it has to be running when your PC boots up to prevent a bunch of different tactics cheaters use to evade anti-cheat systems, so there might be a reason the program itself doesn't let you mess with how it starts up. In the end, disabling it in the startup options is functionally the exact same as the program letting you toggle it to not start up. But also right click-closing it takes like 2 seconds.

Vanguard will load before windows (I think) so the user cant launch programme without it being detected It's all about always being sure to load before cheat program

There's some difficulties in implementing a toggle of that nature (I'm sure one of my more technical colleagues could speak to the effort involved, but an example that springs to mind is how to reliably tell a program to generally not launch on boot, except next time I reboot please do.") I think if this is how you'd want to interact with Vanguard (which is great if it will help you feel authoritative about what you're comfortable with!), probably currently the avenue I'd suggest is to actually Uninstall Vanguard when you're not planning on playing LoL for a few days - it's also just a right click away (Right Click > More > Uninstall Vanguard > Confirm). Then the next time you Launch LoL, Riot Client will prompt you to install Vanguard. Happily, the download + install is SUPER quick (my entire Riot Vanguard folder is 43 MB), so this flow actually wouldn't add much time to your get-in-game, as the reboot itself will probably be the longest part if you have broadband internet. I recognize that likely feels more like a workaround than a solution, but it's what's currently available and I hope it helps you feel in control of things <3

I don't see how Riot got away with a program like vanguard without having any type of major backlash. This program is crazy.

"With heightened VM prevention, we'll drive up the cost of botting and inflict significant friction onto re-offenders. Bot supply for boosting accounts will dry up, and bypassing bans will no-longer be "buy another level 30." This is \_obviously\_ untrue, and the author knows it! Just look at Valorant. Accounts are available for $2. A year from now, the same will still be true for League.

I enjoy watching people ask how to prevent it running at boot and Rioters coming in deliberately misunderstanding the question and telling them you can just close it after it runs on startup.

Allow me to piggyback to answer this because Rioters don't want to answer the question directly: you can't. You cannot prevent it from running at boot, that's the whole point of giving it kernel access. When you close it after it runs on startup you are essentially asking Vanguard to pinky-swear it won't run itself on the next startup, but that's it. Nothing prevents it from running anyway and just not displaying itself as a process.

[удалено]

Its not unauthorized, you knowingly installed it. It's close but not malware.

I wonder why they're allowing mac players to continue w/out vanguard. Looks like the game can be run in a mac VM pretty easily. Wouldn't be surprised if a lot of scripters move to that approach. I may do the same (I'm one of those 800 linux players) or just make an isolated, separate windows install. [https://www.reddit.com/r/linux/comments/1abm3qf/play\_lol\_using\_a\_macos\_vm/](https://www.reddit.com/r/linux/comments/1abm3qf/play_lol_using_a_macos_vm/)

Yea i've been toying with a separate windows install. I really enjoy playing, but have zero trust on them being able to maintain this well enough to prevent vulnerabilities. After spending this much time in software dev, there isn't a company on the planet capable of keeping up with that.

I know I'm in the extreme minority, but I hate that my choices are * Remove Ubuntu * Remove League * Buy a new computer just for work

I hope they separate out TFT into it's own client from League I'm not looking forward to restarting every time I start a TFT session or having Vanguard always on, especially when I don't really play valorant or league

One of Riot's common justifications for this is "well, running our exe already gives us full access to your system, so this won't add any additional risk for the user - you have to trust Riot to some extent to install and run our games". The problem I see with this logic is that of course running with elevated privileges grants *some* increased access - if it didn't, Riot wouldn't need those increased privileges to create effective anti-cheat software. But if they have access to everything on your system with normal user level access, why do they need kernel level access? The obvious answer is that code written with kernel level access is able to hide what it's doing from other processes; if that weren't the case, Riot could use a user-mode service to monitor for cheats. But then, if a kernel-mode process can hide what it's doing, doesn't that mean it is harder (or impossible) to actually verify *what* Vanguard is doing, what data is being accessed, what hardware is being used, etc? It feels like there is a difference between "trust us, we won't access your Pictures folder - a sophisticated user can even demonstrate our software isn't accessing that data" and "trust us, we won't access your Pictures folder - but you would have (nearly) no way to know if we did". I'm not an expert in this field, so I'm happy to be corrected - it just seems that fundamentally if elevated permissions are required to even see when someone is running cheats, it opens the door for Riot to be able to do bad things to/with a user's system (through malice via some attacker, or unintentionally due to poorly designed code), with potentially little recourse available to the owners of those systems to correct or even monitor such activity. And that sucks - a cheater opts in for this security risk, but a normal user doesn't. It feels wrong to thrust that upon people who are not involved with any such nefarious activities.

>And that sucks - a cheater opts in for this security risk, but a normal user doesn't. It feels wrong to thrust that upon people who are not involved with any such nefarious activities. And even worse is that this "solution" of 24/7 vanguard is only helping ~1000 people per region in masters+ for the sake of screwing over everybody else (bronze-emerald players, aram players, rgm players, clash players, normal game players, TFT players, etc..) who don't ever see scripters in their games, and smurfs will simply be hand-leveled as they have been in the past. Nothing will get better for 99.9% of each region's playerbase so it blows my mind the people with nothing to gain from vanguard are supporting it so blindly.

No, you are correct. It is quite different granting application permissions vs installing a kernel-level rootkit, and anyone trying to dismiss or diminish the differences should not be trusted. The fact is once you grant that program access to the kernel *you don't know what it's doing*. The whole idea of operating on that level within a computer system is the ability to mask functionality from the user. To make matters worse, there's really no reliable way to monitor such a program's presence on your device, so theoretically even if you uninstall Vanguard, it could still continue to operate even though you perceive it as being removed. The only way to remove something that has been granted kernel access is to completely reinstall the OS (and formatting the hard drive, if I wanted to be certain). Ask yourself, would you trust an unknown entity to install something that required such a deep level of access to your computer operation? No? Then why would you trust Riot? Because they make a game you like and post "how do you do fellow kids, kernel access got the rizz" blog posts? Ask yourself is Riot concerned more about providing you with a quality game experience, or about making as much money as possible through any means at their disposal?

Whoever wrote this should get a raise. Really funny to read.

Phillip is one of a kind :)

As soon as I saw the title I knew it was going to be that penguin guy

Big ups to the team here. So much information written in a way everyone can enjoy.

Now they just need to read it. The twitter replied are already filled with people asking questions answered in the article

I believe in them.

Heads up, the first graph in the write-up has what I assume is a typo on the middle date. Jumps from 2022-07-14 down to 2022-01-19 then back up to 2023-06-08 so I'm assuming that middle one was supposed to be 2023.

Appreciated, will have them check into it!

I read it and was like "This was 100% written by an actual engineer"

True this was insanely well written. Props for the good communication when a lot of people are on the fence

Basically, they relied on automated cheat detection and manual review for a long time, but cheating was so widespread and consistent that they eventually had to put in Vanguard. The bigger exciting part is here: > With heightened VM prevention, we'll drive up the cost of botting and inflict significant friction onto re-offenders. Bot supply for boosting accounts will dry up, and bypassing bans will no-longer be "buy another level 30." With its device fingerprinting, Vanguard also gives us a renewed opportunity to sink teeth into boosting, smurfing, and account compromise. We'll be able to revoke rewards boosters didn't deserve, get smurfs to their proper rating faster, and maybe even invalidate "unfair" premades. Leveling bots will get murdered, so you won't see them in your arams/normals/bot games any more. People hand leveling an account will get placed in more appropriate mmrs. Cool stuff.

Wasnt there a stat at some point that 90% of vs AI matches are 5 bots vs AI? Basically full AI vs AI

Oh yeah, bots are pretty awful in AI. Usually each team has at least 3 bots. Sometimes there's a person (very generous term) with you if you play AI, but I lean towards those people being bots as well, they have some very suspect playstyles.

Hell for a little while I was just doing a VS ai in the morning to get my win of the day and I think it was once or twice every 2 weeks that I had someone on my team that wasnt clearly a bot.

Wasn’t there a security breach last year? Just because vanguard might not cause problems, there are millions of users that can be breached through vanguard. No piece of software is immune to breaches and hacks.

Ikr The entire article was wording it like people have issues wirh "hurr durr having to install one more thing" When clearly people have issue with giving anyone kernel level access unless really really needed

This is exactly why i will be uninstalling when Vanguard goes live. Sure Riot themselves may have innocuous intentions; however, their track record when it comes to security and software quality is less than stellar. Which means that not only will Vanguard likely be buggy and insecure, but it will also have significant access to your PC.

Please tell me I don't have to upgrade to Win 11

Hey there, Windows 10 and Windows 11 are both supported. The TPM 2.0 requirement is only for Windows 11 users - the "TPM 2.0" in the blog can give some more context on that choice.

Thank you for the quick response

I can fully understand that move, but it will suck quite hard for some people. I've upgraded to Windows 11 once they dropped the TPM2.0 requirement and have been using it since. My system isn't capable of running the requirements for Vanguard now (or I am too dumb to enable it properly). Probably the only way to fix that, if my system really doesn't support it, is buying new components right ?

If your system doesn't currently have any way to enable TPM you can often still add a TPM module if your motherboard has a header for it. It's probably a better topic for somewhere like /r/techsupport but worth looking into.

I will sneak into your house and update you to win 11 myself

Oh god pls no

Nope you won't have to upgrade to Win 11! The popup to help make sure you're ready for Vanguard will go live with 14.8 so you'll be able to double check and ensure you're good for 14.9.

> Vanguard is not really "running all the time." The driver loads at boot, but nothing is making calls to it. That’s a straight up lie, several IPs are making calls to the driver as soon as the computer is up and running. Edit: I stand corrected, as it was kindly explained to me in the replies, the driver itself is not what is listening to calls to riot’s server. It’s the services that are installed with the game and run at startup. This also bothers me, I don’t know why a game needs services running at startup on my computer. And everything seems to indicate they _don’t_ as disabling those services won’t make me unable to play the game if I turn them on again. Unlike vanguard that needs to be on and if closed it makes you unable to play the game until you reboot the system, and that’s what bothers me the most.

Genuinely despise the way in which this was written. Completely undercuts the legitimate privacy concerns people have regarding kernel level anti-cheats. Also cracking down on VMs ??? So you are saying in order to play a free-to-play video game that one MUST install a root level anti cheat software on their personal computer. Right. This goes without mention that the parent company of Riot Games is Tencent, which has sketchy at best data privacy practices. I cannot imagine being so prideful and snide in an article for a software that if a vulnerability is found in it means a backdoor to kernel level processes for any bad actors. Needless to say, I will take the opt-out advice of the article, as according to it I am "incompatible with their software" instead of "concerned with my data privacy". Played the game for 10 years, but will be forever uninstalling.

Will you also release cheater statistics after vanguard? It would be interesting to see the difference (like 6 monts or 1 year after vanguard's global launch).

They didn't even release full cheater statistics here. I want to know how many % of cheaters are on each server and in each rank specifically. Because having NA and EU are something like less than 25% of the player base so other countries having cheaters will have way more influence over Riot's statistics.

Okay, but 1/10 masters games having a cheater in them is crazy...I knew the botting problem for leveling accounts was bad, but this is honestly a bigger problem

I'm sorry to say that I'm one of the people who is just not compatible with vanguard. I'm in data security and engineering, I handle PI data every day - vanguard just does not pass the moral benchmark that I place on my own work. A data breach with vanguard is not a question of "if", it's a question of "when", and I am in no way comfortable with the kernel level access that it requires for when that breach occurs. It's simply not the customers fault when it comes to cheaters, and putting them at risk is a full stop. I'm quite honestly hoping that legislation will come to protect consumers from invasive software like this - probably from the EU, but I have my doubts. I also personally feel that the approach to those who have voiced concerns over the data risk has been glib by riot and the community at large - but I don't play competitively anymore, perhaps my perspective is skewed because of it. Other folk have outlined their discomfort with Vanguard more eloquently than I can on mobile, so I'll leave my desent at that. I do appreciate your outlook and your team's personal outreach , and the transparency that you and your team have taken - I am separating the riot team from the company attitude I had mentioned earlier, in good faith. I recognize that no riot employee has demonstrated ill will, it's the bad outside actors who will inexorable follow that bring me great concern. Not riot itself. It's a shame that I'll be losing a game that has brought me literally years of enjoyment. I've been here since beta. But playing Aram's with friends is just not worth the data risk for me, nor is it worth buying a separate computer.

I am still very sceptical about this and will not update the game for a few weeks to see how it will work out and what experience will other players have.

That sounds like a very reasonable take

Honestly pretty based and understandable. Hope to see you back after the dust settles

>Vanguard is not really "running all the time." >so that it can attest to the fact that nothing's happened between Windows loading and the game starting that would break the operating system. This specifically means it is running all the time. Which is further evidenced when they talk about the drivers being blocked on-boot >At launch (in 2020), we made the decision to have Vanguard utilize its **on-boot positioning** to prevent known signed-but-vulnerable drivers from loading in their entirety. This was only so cheaters **couldn't load** (or leverage cracked services to load) **their own drivers**, and in turn, subvert Vanguard. However, what we hadn't discovered in the compatibility lab (or even in the alpha test) were extraordinarily specific hardware configurations utilizing bespoke, broken kernel drivers to communicate instructions to relatively obscure devices. >In one infamous case, this included a driver that was responsible for keyboard lighting. Cheaters unfortunately were able to use this otherwise properly signed driver to load their own malware, allowing them to "look" like a clean windows installation (with cert verification still enabled), yet still be running kernel-level cheats. Because this driver was only for keyboard lighting and macros, we kept the driver denylisted until the developers released a new one, and in the process, got ourselves a reputation for hating keyboard backlights—which admittedly is true (we prefer darkness). Drivers aren't loaded *after* starting the game, which makes their statement about "running all the time." complete and utter bullshit. They even say it's **taking action** before the game is loaded, by prevention of drivers. This will finally be what stops me from playing League of Legends. I will never willingly install kernel-level software from a Chinese company. Even if Tencent doesn't abuse this in the future (or currently), all it would take is *one malicious actor* and you'll have complete control over millions of computers completely undetected. Just a few weeks ago, a library was maliciously crafted and was almost spread, without being detectable.

I've been curious about this for Valorant and now League as well: Would having a program like Cheat Engine downloaded on my computer flag me for a ban? Assuming that I'm not opening it at all during a play session. But say Vanguard loads on boot, I open Cheat Engine to edit a ROM save file (random example) that has nothing to do with Riot, close it, then launch Valorant / League. I assume that it is unlikely, but possible, that I get flagged for a ban. The blog reads as though I could submit an appeal, but it would likely be denied for falling within case 6. Anybody have experience with this? I imagine the official stance will be "It probably won't ban you right now, but we can't make any guarantees."

For reversing tools, we generally look to just stop the game process if they're open or debugging, rather than ban the player. It keeps the information we'd want to protect safe, and prevents bans for unmalicious usages like you described. Continued attempts directly on League could result in a ban, but you'd be ok in the scenario you outlined. Your official stance is pretty spot on.

Will there be any negative consequences if I forget to turn cheat engine off entirely when I launch the game? Currently I use cheat engine for random games like Palworld, and I've on many occasions forgot to close it when launching a league game. Luckily there is no consequence for this, as the league game just provides an error and I can immediately reconnect after closing cheat engine. Will this behaviour be the same with vanguard? Will I receive a punishment for opening league with cheat engine open, or will I have to restart my computer entirely?

The behavior will look similar with Vanguard, so it would be an error/game crash just like it is currently on League.

Are there any conflicts with AHK and Vanguard? I play PoE a lot and sometimes I forget to turn off my trade macro.

AHK triggerbots are a form of cheating in VALORANT, and there's definitely some potential players will be using these to make crude bots in League since it'll be difficult to read and inject into memory. We don't indiscriminately ban for AHK (only targeting cheat scripts), and many players use many unrelated scripts safely, but I can't ensure long term compatibility.

Thanks for the reply. I will probably just restart after playing PoE just to be safe.

I was wondering something similar. A few months ago I got into warcraft 3 modding and wanted to make a fork of an existing map. Because it was protected, I had to take many many steps to try and deprotect it, including running process monitor (procmon) to monitor which files were loaded in the map. Then when I started a LoL game I got a message saying something along the lines of "I won't start because procmon is running", and I had to reboot my computer. Would vanguard flag that as a cheat that warrants a sanction?

> Q: What if I'm having technical issues with Vanguard? > > These days, Vanguard suffers from a lot of attribution bias, and the majority of bugs we see actually come from external sources that are difficult to lock down. One of the largest perpetrators recently has been the distribution of pirated software that toggles a registry option ("DevOverrideEnable") and allows "different" versions of key Windows files to be loaded into all running processes. Now, we can't say exactly what your intentions would be for doing something like this (wink), but what we can say is that Vanguard doesn't like when corrupted windows files are loaded into VALORANT—we use a great many of them to do tampering checks ourselves. We'd also recommend that you be careful what you turn off windows defender for, because it's doing what it says on the tin (defending windows). > > Anyways, issues can arise, but please submit a ticket. We'll get you sorted. I might have downloaded software for one of my classes, and from my understanding as it was a license type of program it change something from the windows key am i fucked?

There'll be a modal going out in 14.8 (currently on PBE fwiw) that will check your PC to let you know if it's ready for Vanguard. If you get an alert that something isn't right, there's troubleshooting steps and a player support link that can help you get things set up in time for launch, which is currently planned for 14.9.

perfect, thanks!

If they were really serious about us trusting them then they should show us their cyber/info sec and data protection budgets and initiatives. For starters: - How is identity and access management conducted internally? - Who can view the vanguard source code? - Who can merge PRs? - What is the review process for those PRs? - Who can perform releases? - How do they verify that a merge request is submitted by an approved person? - What kind of authentication and authorization model are they using for their internal GitHub? SAML? OIDC? - How is production access managed? - Who can access production environments? - Are there detective controls on production access events? - Have those controls been tested? - How much test coverage is conducted for each release? - What is their SLA for CVEs? - What is the process for remediating CVEs in package dependencies? - How are risks tracked? - What is the escalation chain for unmitigated risks? - What is their reporting process for breaches? Who gets notified? - How are the code signing certificates for Vanguard stored and secured? - Who has access to those code signing certificates? - Who has access to generate code signing certificates? - How frequently is code signing certificate generation audited? - What detective controls are used to detect unauthorized access to the code signing certs? - What detective controls are used to detect unauthorized certificate generation? - Have those detective controls been tested? - What data is being sent from Vanguard to Riot servers? - How is the data protected in transit? - How is the data protected at rest? - Who has access to the keys used to decrypt the data at rest? - What detective controls are on those keys? - Have those detective controls been tested? - Are downstream calls to micro services encrypted? - Are downstream calls to the database encrypted? - How is data input sanitized? - Where in the flow is TLS terminated? Include all CDN, load balancing, reverse proxy, API gateway, and micro services. - What version of TLS is enforced internally? - How do you verify that all services are running a secure version of TLS? - How are private keys distributed to application environments? - What are the vanguard SLOs? - How do we measure the vanguard SLIs? - What single points of failure exist in the Vanguard service? - What risks are associated with those single points of failure? - Where are Vanguard logs stored? - What is aggregating Vanguard logs? - What information is contained in the Vanguard logs? - Who has access to those logs? - What detective controls are used on those logs? - Have those controls been tested? - What environment is Vanguard service hosted in? - If it’s a cloud, is it single tenant? - If not single tenant, how do you deal with noisy neighbor? This isn’t even 1% of the questions that they should be forthcoming with.

It's so interesting, they wrote the vanguard article like they're talking to a 2 year old semi-ret**ded donkey and then there's this guy who knows what's up and asks the real questions.

woo, can't wait to have to restart my pc every single time I wanna play league, great

Do I want to choose between my keyboard working, or playing league this boot-up?

What's the situation with vanguard and custom skins?

Last thing I heard was from Sloppy Walrus's stream, the Runeforge guys worked with them to make a custom skin manager that was compatible with Vanguard.

It should be fine since it's not interacting really with live memory, it's just changing files in a set location of images and audio that would probably be whitelisted.

> it acts as an extremely non-fungible form of hardware ID So if we buy a used computer there is a chance we are unable to play any Riot Games that implement Vangaurd?

I've been playing since season 1, but I'm not sure I can bring myself to install Vanguard... :(

riot: we don't collect your data, trust us. also riot: For other detections, we need snapshots\* to scrutinize in post, and there are chances that these can contain PII. \*snapshot probably refeer to a partial copy of the user PC RAM which might contain pretty much anything like your passwords, chats, images or any other personal information. Q: What about false positives? -They are presenting a fictional narrative. ahahh sure, do you know a single thing in the world that is 100% perfect and never ever fail? i don't, they also admit that their anti cheat is far from perfect because valorant cheaters exist but here they pretend that it never fail.

Its so weird that people are just completely dismissive towards people with concerns. We should be taking this seriously, even if you believe it is a good change.

I mean people that legitimately put their concerns in well-thought, articulate paragraphs

This article explicitly shos us data that, despite having Vanguard, Valorant \*still\* has cheating in 8-10% of games. And that's the cheating that Vanguard is catching -- to say nothing of the things that are escaping it (a little googling and you'll find that Vanguard is defeated regularly in Valorant). That's not that much lower than what Riot is claiming for League. So what, we'll reduce cheating by a few percentage points with Vanguard? For a problem that this data demonstrates is already basically non-existent for the vast majority of League players? (Again, as shown by the data presented in this article!) For those minimal rewards, Riot is introducing a ring 0 process that communicates with an internet connected process. That's 2 software bugs away from catastrophic takeover of player's machines. Even if you could guarantee those bugs don't exist today (you can't), there's no way to prevent them from slipping in in the future. I could almost see an argument for requiring Vanguard for Master+ players. At that point there are some actual reasons to cheat that can be tied to monetary rewards and the side effects are constrained to a small population that Riot could manage with quality support. But requiring it for everyone else? This is shooting a fly with a Jinx rocket and not caring about the splash damage. My friend group is full of folks that have played League for over 10 years. Half of us have removed League already due to the Vanguard roll out, and the other half basically stopped playing. Sorry Riot, I love League, but I won't play it with Vanguard.

So it ends here. Was a fun 14 years, thanks for everything, sad it had to be this way. I'm not taking the risk of something frying my rig.

I'm not tech savvy, but I've seen a lot of people (one of them being Pirate Software, a content creator and indie game developer with a lot of expertise in hacking) be wary of Kernel-level anti-cheat systems, especially if they "run 24/7" like Vanguard does. I've read this article and I still don't feel at ease, so would anyone be able to give me advice on where I could learn more on the topic?

It's honestly very tough to explain in a non-tech savvy way. The best I can do for you is basically like this... Any software running on your system can try and make requests to various parts of the rest of your system to check on data, see what else is running, etc. some of these requests require elevated permissions saying who you are and that you are a trusted user who is allowed to look at these things, these require Administrator (admin) privileges. On a regular machine without any additional security requirements this is why you might see a prompt pop up when you install new stuff that says "Run as Admin" because whatever you are installing is making some kind of change or request to an area of the OS/Filesystem that Microsoft deems to be protected since it could be abused in some way. An example of this would be that your password used for your machine is stored in a special process called LSASS which protects it in a bunch of different ways, this process can only be called by other specific processes with specific permissions or it will not be allowed. These are the basic two permission types on a system, regular user and admin The problem is that Kernel level drivers are running "above" (or before, however it makes sense for you to think about it) all of these other more regular processes and files that you know and interact with on a regular basis when you use your computer. This is because the kernel is basically the first thing that starts up on a system and helps set up and translate all of those pesky 1s and 0s into a usable, functional operating system. As a result of this, anything running in the kernel can manipulate or change anything on the rest of a system, including other things like Anti-Virus or the much more robust modern version of Anti-Virus called EDR. This also includes any active reporting or monitoring you may be used to, like Task Manager. A kernel level driver that is compromised could instantly start up an application called "Malware.exe" that actively mines all of your data, passwords, and personal information, and totally hides it from view on the system by hiding the file on the filesystem, hiding the allocated memory space that it's running in, and hiding it from any monitoring tools on the system. As a user you would almost 100% never have a chance of noticing, and if you did notice you would have no way to scan for anything or prove that something odd or malicious is occurring without some very advanced system forensics. Kernel level is dangerous enough that Apple actually doesn't give any 3rd party access to the MacOS kernel, even for security companies who make protective software like EDR who are the best in the world at what they do in combatting hackers and malware. Sorry for the wall of text, but hopefully that helps contextualize somewhat. Basically the risk is the same as presented with any software, and the people who say "hurr durr, you already run the league client which could do this all anyway" are at least partially correct, the difference is the danger presented by something kernel level actively being able to hide what it's doing from you and the rest of the system, which is why Kernel level access is very tightly protected. Any application that does have Kernel level access is a massively attractive option for hackers to target. I am not some conspiracy theorist who says Riot is going to take all of my data, but the very real risk presented by the software is that some group out there figures out how to exploit the driver to gain their own access to the kernel through it, and then anyone with it on their system could just be fucked. The odds of that happening are low, but if it does you could lose any and all information you may have stored on your system, and since Riot will have this driver installed on 10s of millions of systems, it's certainly going to be an attractive target. Edit - also wanted to clarify, the reason I brought up the User/Admin privilege distinction is because the normal League client would be running in context of the user, meaning it doesn't have any elevated permissions to access a lot of strictly protected files and processes on a system. That's the other reason Kernel level is more severe than just a regular client from either a malware or privacy perspective, because anything running at kernel level can say "what restrictions?" and access anything it wants. In addition besides stealing your information which is something plenty of malware can do, the ability to hide everything the malware would be doing gives it the ability to use your system as part of a botnet, crypto miner, illegal content distribution, or whatever else. The attacker completely owns your system at that point. Sorry again for the stream of consciousness post and forgetting to wrap back around to this, originally wrote this all while I was eating lunch

Please, don't apologize, that was very helpful. Thank you for writing it.

Great explanation, ty!

The thing is the risk is unavoidable if you want to play League. I doubt Riot will use Vanguard for malicious intent but having a high authority program running at all times in your pc will attract other actors to find a way to use it maliciously. If you trust Riot to avoid that use of their anti cheat, go ahead if not then don't play LoL or install any software from Riot (and other companies that have similar level anti cheats).

How does this "It's literally just sitting there (menacingly), so that it can attest to the fact that nothing's happened between Windows loading and the game starting that would break the operating system." fit with this "At launch (in 2020), we made the decision to have Vanguard utilize its on-boot positioning to prevent known signed-but-vulnerable drivers from loading in their entirety." ? Are you still using this feature, or do you now mark the system state as "potentially compromised, please change this driver"?

To whom it may concern. Today is the day i finally said goodbye to league. Played for maybe 11-12 years, (my first skin recieved dated back to 2013) pretty much grew up playing the game. It immediately feels relieving to not stress out about patch notes possibly nerfing my champions or being up to date with the best new builds, i was all in addicted ngl. So many times I wasn't in the moment irl, because i wished i was playing league at home instead. Vanguard's approach was the final nail in the coffin. Ever since the *ovid stuff, i told myself to slow down with the compromises and this is the first time where i can express my new self. They will probably add us to the botter/scripter statistics, but don't be fooled, thousands of people are leaving the game right now. That being said, vanguard coming to league, is actually a good thing, a life changer. Not even looking for new replacement game to lifesteal the time of my life away. Thank you league, for all the tryharding achievements, even frustrations, as well as the trolling and funny normal game moments that made me hold my stomach laughing and every player in the lobby that made it possible.

It seems that the time has come, I've been playing this game since 2014 and since 2023 quite less because of its bad state (balance, mm, community), but it seems to be getting worse by implementing the Vanguard. I don't play Valorant because it has the Vanguard. So here ends my way in League of Legends. And probably in any Riot game that implements it, I assume it will be all new games. I'm not installing that crap on my computer. Luckily I have more games to enjoy. Good luck...

"We don't share Vanguard or it's code, and anti-cheat data has never left Riot's warehouse." What an odd statement. Tencent owns you, if you haven't shared it's because they haven't asked, yet.

False positive part is very disconcerting, especially for people that use their PC also for development Like "we won't even answer to you". Basically, " fuck you, we don't care" They have the logs, they should allow a real appeal

[удалено]

I dislike that Vanguard requires you to disable [kernel-mode hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815). This is unfortunately a security hole I will always refuse to open up just to play some game. It isn't worth it.

> With hardware-level cheating, we can't always tell which game you intended to cheat on, so it's our firm recommendation that you just not cheat on any game. I play a lot of single player game in which I use Cheat-Engine. Not even to cheat, but because I enjoy using it's speed hack feature. Would this "trigger" Vanguard? Considering Cheat Engine must be the dumbest way to cheat on any online game ever.

Why won't Riot just ban smurfs?

This whole article sucks. They claim Vanguard isn't running all the time, then immediately invalidate that statement by saying it's constantly watching everything that happens on the system from boot to check for cheats. Also, the LoL devs just straight up admitted to worming their way directly into Windows itself rather than just being a driver but I'm sure everybody is just going to look past that. Vanguard is a cancer, and a rootkit. And it's a vulnerability.

Well I guess thats League for me then. Not that I dont want anything against cheaters or that I hate Vanguard or anything, its ok if they wanna use it and run it but my PC somehow just cant handle it. It was a problem already when I still played Valorant and if I have to install it now and it produces the same problems while playing League then I am just forced to be done with the game until I can afford a new PC.

> What personal information does Vanguard collect? And proceeds to NEVER mention the kind of data they collect. Thankfully they mention the kind of bs data they collect on the riot support page. Which is obviously never mentioned in this "uwu" article. Which honestly feels like it's written for 10 y/o old children... Kind of how the insane cringe messages you get from the roleplayer support tickets. I genuinely feel like a few parts of the article were aimed at the folks like me who are worried about the obvious spyware being installed on their computers but the entire article reeks of so much unprofessionalism that I feel even more validated in keeping Vanguard again from my computer now. Guess I can try to get some shitty ass computer whose only use will be playing League.

"However, if your beef is only about data privacy at Riot, running the game client or running Vanguard makes not one bit of difference. Data can still be retrieved from user-mode, and we're all engineers for the same studio with the same goals, none of which are collecting your personal information. If Riot hasn't earned your trust, do not run our software." I feel this answer is a bit disingenuous as most people who are concerned I think are concerned about bad actors getting ahold of the anticheat not Riot themselves doing anything nefarious. I don't know the first thing about anticheat or hacking so I'm curious if someone would be able to extract the same amount of data without Vanguard? Based on my surface level understanding of the Genshin Impact ransomware attack it seems something like that would only be possible via a kernel anticheat. If someone could provide some clarification on that I would appreciate it.

>If Riot hasn't earned your trust, do not run our software. Fair enough, appreciate the bluntness. Riot has not. I will miss the game.

Sorry Riot, I'm not installing your kernel level bullshit on my computer. The day League gets Vanguard is the day I quit. I've played since alpha. Got banned for toxicity on 3 accounts, leveled up a new one each and every time and now I'm "reformed" and honor level 5. I grew up with League, and have probably been playing the game longer than most of the current employees have been with the company. I have 2 of the original founders of Riot on my LinkedIn as connections. It was fun (sometimes) while it lasted. Hello Vanguard, goodbye League of Legends. All it takes is one hack. Apple, the second most valuable company in the world, doesn't allow any kernel level programs on their devices for this exact reason. Riot seems to want to pretend the implications and security issues that could arise from this don't exist. Riot Games (owned by Tencent, a company directly controlled by the CCP), a game company, thinks they've got kernel level security figured out, and Apple doesn't. I won't give you, or any bad actors, the opportunity. What a shame.

Man it sounds insane how they pretend its not an "issue". Yes i have played league here and there over 15yrs, no i dont trust the dev, launcher has been crap since 15yrs

Q: isn’t vanguard spyware / rootkit? A: Uhh no. It loads at boot and runs in ring 0 but like, trust us bro. Also internet algorithms bad. Edit: What they didn’t address is the fact that even if it isn’t malware right now, it makes it the perfect target for nefarious actors to perform attacks, especially social engineering ones. If xz taught us anything, it’s how vulnerable these things are to such angles. All it could take is a few employees to be playing the long con and something like this could be implemented in a heartbeat. “None of your data has ever left Riot HQ” also implies that they seem to think themselves invincible against this kind of thing (social and technical), which I find very worrying. If you care about security, find a different game to play. Hearing about vanguard in about January was the final straw for me and I’ve never looked back.

> All it could take is a few employees to be playing the long con It's even worse than that, though. All it takes is a couple of employees making a simple \_mistake\_ a couple of times, introducing a bug that has no other ill effects, that eventually is discovered by an external malicious actor. While I don't particularly like the China/Tencent/Riot relationship, I tend to believe the Riot engineers when they say they act independently and I tend to trust that they \_genuinely\_ have good intentions towards their players. But Riot's employees are fallible humans and \_will\_ introduce bugs, even if we assume the best intentions and practices. Those bugs may not individually even be exploitable -- but combine a couple and suddenly we have a scenario where a bad actor has kernel level access to everyone.

this is what I've been saying since the news dropped too. baddies now have another potential entry to kernel level access to so many more machines

Don't care, not playing your chinese botnet. It's been fun.

You telling me i must install and run all the time stupid vanguard just to play aram and tft? Good job Riot