Riot Vanguard finally drops its controversial always-on requirement for anti-cheat — new on-demand mode requires a strict Windows 11 security stack

Riot Games has announced that it plans to let players stop its Vanguard anti-cheat from loading at Windows start-up, the company has announced, ending the boot-time behavior the kernel driver has had since 2020. The new mode, Vanguard On-Demand, loads the driver only when a Riot game launches and unloads it on exit, made possible by a Windows 11 25H2 feature that records driver activity even while Vanguard is dormant. It works only on PCs that also have UEFI Secure Boot, TPM 2.0, Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and IOMMU switched on. Riot anti-cheat lead Phillip Koskinas said roughly 35% of players already clear that bar, while about 3% are running incompatible hardware.

Riot calls the qualifying checklist Vanguard Pre-Check, and many prebuilt PCs and laptops sold in the past couple of years ship with the features on by default, and Koskinas estimates the share of fully secured machines at 34.33% and rising one to two percentage points a month. Everyone else will need to enable the settings manually, and most are UEFI options that Vanguard can’t change, meaning a trip into BIOS for those who want to do so.

The feature leans on Microsoft's Runtime Driver Attestation Report, built with the company's Xbox OS Security team and new to Windows 11 25H2. It records every driver loaded since boot as a running, append-only hash kept in the TPM, which is the same measured-boot method the Windows Boot Manager already uses for boot-start drivers. Vanguard can then confirm at launch that no vulnerable driver slipped in while it sat idle, closing the gap that forced the always-on design before. Older Windows releases lack that reporting hook, however, so 25H2 is a baseline requirement.

Riot Games has spent years pushing the same security stack as a barrier to play, having begun enforcing TPM 2.0 and Secure Boot on Windows 11 in 2020. The company drew backlash when it brought it to League of Legends in 2024, and in December, flagged a pre-boot motherboard flaw across Asus, Gigabyte, MSI, and ASRock boards. Last month, a Vanguard update bricked DMA cheat hardware in a move that was likely tied to stricter IOMMU enforcement.

VBS and HVCI are likely to become sticking points for users who are most likely to want the option to toggle Vanguard’s anti-cheat. Both run parts of the kernel inside a hardware-isolated enclave, and benchmarks have long since shown a small but noticeable degradation to frame rate, which is why many gamers leave them off. Turning VBS on also activates Microsoft's vulnerable driver blocklist, which can disable older peripheral drivers.

Alternatively, payers can leave Vanguard as-is, with Riot saying it’s not “making anyone change anything” and is willing to wait until the ecosystem matures.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.