Riot’s Vanguard anti-cheat finally steps out of your PC’s startup cycle

After years of player outcry over intrusive kernel-level access, Riot Games is rolling out an on-demand mode for its security software.

For years, the persistent shadow of Riot’s Vanguard anti-cheat has been a point of contention for the PC gaming community. Since its 2020 debut, this kernel-mode software has acted like a permanent resident on players' machines, launching the moment the computer boots up and remaining active until the final shutdown. For the millions of players logging into Valorant, League of Legends, and 2XKO, the software’s presence was a necessary evil—a deep-level guardian against cheaters that many felt overstepped its bounds by occupying system resources round-the-clock.

That dynamic is changing today. Riot Games has announced that Vanguard will finally shift to an "on-demand" model. Instead of running quietly in the background from the moment you hit the power button, the driver will only engage when a game is active and will terminate once the session ends. It is the compromise that players have been demanding for years, bringing the studio’s security measures more in line with industry standards seen in titles like Call of Duty or Genshin Impact.

The "Secured" Fine Print

However, this newfound flexibility comes with strings attached. Riot’s anti-cheat chief, Phillip Koskinas, clarified that this feature is strictly for "sufficiently secured" PCs. While roughly 35% of the user base already meets these criteria, the rest will have to jump through several technical hoops to unlock the setting.

To turn the anti-cheat off when not playing a game, your hardware must support modern security protocols. This means running Windows 11 25H2 or later and ensuring that UEFI Secure Boot, TPM 2.0, VBS, HVCI, and IOMMU are all enabled. If your machine doesn't meet these rigorous "pre-boot" standards, the software will continue to function in its traditional, omnipresent mode.

Why it matters

This move is a subtle but significant pivot in how gaming giants manage the tension between aggressive security and user autonomy. For a long time, companies like Riot justified kernel-level access by citing the sheer scale of the cheating problem in competitive titles. By tying the "on-demand" feature to modern Windows security standards, the studio is effectively outsourcing part of its trust model to Microsoft’s ecosystem. It signals a shift: Riot is betting that if a machine is locked down at the hardware level, it no longer needs to keep a constant, intrusive watch on the background. It is a pragmatic attempt to reclaim goodwill without compromising the integrity of their competitive lobbies.

Whether this will satisfy the privacy-conscious community remains to be seen. While some users have long expressed fears about deep-level system access, Riot has consistently maintained that the software does not brick PCs, despite persistent rumors circulating in cheater forums. By offering an opt-in path for secure systems, the company is finally acknowledging that players deserve control over their own hardware—provided they meet the threshold for modern digital hygiene.