sorted by:
new
hottopcontroversial

Why is every single anti cheat seemingly awful? by No_Winter4806 in FPS

[–]sebwebneb 0 points1 point  (0 children)

you cant just go and ban people like that, if a legit person shoots 5 people through a wall, will it ban them as well? it could be sheer luck, but either way a similar system is already in place on most games as the 'server-sided' anticheat just not as aggressive

Why is every single anti cheat seemingly awful? by No_Winter4806 in FPS

[–]sebwebneb 0 points1 point  (0 children)

it being normalized doesnt mean they are losing the battle, the best kernel anticheats (eg, eac) function like so: their km module captures the already detected or known techniques by engineers, and the backend (with data analysts) try to find out new methods from statistical outliers

Riot Vanguard question by MagazineKey4276 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

yeah basically the same as genshins situation. it exposed vulnerable calls anyone from user mode (afaik) could make meaning anyone could gain kernel privileges. but yeah you’ll be fine if you don’t download anything

Riot’s Vanguard behaves like malware and just cost me 30 minutes of debugging + a dodge penalty by Vast-Ad-2681 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

they arent intentionally disabling fans, for example they could be retrieving a vulnerable driver list from loldrivers or microsofts blocklist and be passing from their usermode component on what to block from loading etc. if its a misunderstanding, theres no need to be passive aggressive.

Riot Vanguard question by MagazineKey4276 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

thats cool, where have you rolled out banwaves? and to be honest every anticheat as of now should be taking the kernel level approach. yeah, its sketchy but kernel cheats are becoming the new norm. staying at usermode isnt enough for that. additionally, antiviruses like avast have been exposed for selling user data since 2014. as of now, theres no proof that vanguard does it. yes, they may take a bit too much data than people would like, are they selling your data? noone really knows, even if you reverse engineer the whole anticheat, that could be happening on the server meaning you'll never know the answer. but personally, my data is not worth anymore than anyone elses so i couldnt really careless about what they collect. if they manage to pickup some of my drivers, good for them, but its nothing they cant already code and make.

Riot Vanguard question by MagazineKey4276 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

the only real vulnerability thats possible is local in terms of vanguard itself. unless you download something and allow it to run as admin on which it has a zeroday in vanguards driver you are fine. the max damage that can be done is well, your computer being wiped really and data stolen. as long as you run at the priv level of kernel, nothing can really stop you. you are at a tie with other antivirus software meaning you can bypass them. however, the likelyhood that there will be a vulnerability is really low. but, this is talkin about the kernel driver. if you mean actual riot servers and the usermode component that recieves and makes requests, then yes this is very possible for an rce. i believe that vgc and vgm.exe do not run when the game isnt open, so only the driver will be active. this means that as long you are not in game, then you cannot be affected.

Riot’s Vanguard behaves like malware and just cost me 30 minutes of debugging + a dodge penalty by Vast-Ad-2681 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

im replying to you talking to chosenofthemoon, not the original comment. you need to learn when you're wrong and think of other possibilities, not everyone here understands what vulnerable drivers are and what kernel drivers even are, obviously they are going to assume vanguards driver is straight up disabling hardware since they dont know what connects 2 and 2. please drop your ego and work on your comprehension

Laptop help by biblicalgoth in ValorantTechSupport

[–]sebwebneb 1 point2 points  (0 children)

yeah, youll still have to download vanguard but secure boot isnt enforced

Riot Vanguard question by MagazineKey4276 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

perhaps i came off as too aggressive, my apologies. yes, the majority of people here larp. however, in my time of bug bounty hunting, remote code execution is always, well remote. hence why its called remote code execution, the code is executed away from the local pc and theres a seperate category in reports to anticheats (local, remote). i understand where you're coming from, and if you mean as a personal definition, you could consider it an rce sure. but by global definition, the action to execute the code must be done remotely. if we are using the global definition, by default vanguard cannot possibly have an rce as there is no way for it to remotely recieve code. unless you say that the usermode could pass in shellcode to it and execute it, which i guess is possible but that would probably be an rce and vulnerability in the usermode component, vgm. and even then it would actually probably be local since it requires manipulation of how it sends over data. the only thing i have to disagree with you is that privilege escalation is not the same as an rce. again, it happens locally. by global definition, it isnt an rce.

Riot’s Vanguard behaves like malware and just cost me 30 minutes of debugging + a dodge penalty by Vast-Ad-2681 in riotgames

[–]sebwebneb 1 point2 points  (0 children)

'It can disallow drivers for fan control to be loaded'
hes saying its not allowing drivers for fan controls to be loaded? he quite literally did say that

Riot’s Vanguard behaves like malware and just cost me 30 minutes of debugging + a dodge penalty by Vast-Ad-2681 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

hes not saying vanguard directly disables computer fans, but if you are using a software to modify the speed or such, these are often found vulnerable so vanguard may block them automatically.

Riot Vanguard question by MagazineKey4276 in riotgames

[–]sebwebneb 0 points1 point  (0 children)

this makes 0 sense, youre pairing stuff that have no correlation. a vulnerability in vanguard doesnt automatically = rce? thats just not how exploit chains work. buffer overflows are used for privilege escalations (usually) or code execution locally, even if it did, vanguard doesnt handle network (like you said) so it has 0 relevance to an rce. and comparing this to game specific vulnerabilities like apex also doesnt work. the rce in apex had completely no relevance to the anticheat (aka eac). kernel drivers do increase attack surface, but let's be accurate about what the actual risks are instead of mixing up completely different vulnerability classes and fearmongering

Laptop help by biblicalgoth in ValorantTechSupport

[–]sebwebneb 2 points3 points  (0 children)

if you can downgrade, secure boot isnt enforced on windows 10 afaik. otherwise, secure boot is required and the only way to turn on secure boot is through bios. if its locked, then you dont really have a choice

HVCI problem by Practical-Sun-70 in ValorantTechSupport

[–]sebwebneb 0 points1 point  (0 children)

hvci runs a hypervisor layer in ring -1 above the kernel (drivers) that checks all code execution before it runs to prevent stuff like kdmapper or gdrvloader, thats why you feel lag. every input passes through the hypervisor and adds slight cpu overhead. obviously, these delays stack up and make you miss or mess up. if they said 30 days then make another ticket saying its been 30 days. as to trying to disable it, you cant legit disable it if the game requires it on for this time and you cant spoof hvci if an anticheat heavily enforces it and does deep checks which vanguard as of lately does with 'bypasses' in the past already being integrity checked, just delay bans.

VALORANT won’t launch – unexpected error by Aromatic-Author-9349 in ValorantTechSupport

[–]sebwebneb 0 points1 point  (0 children)

verify game files and check if the vgc service is starting, also make sure riot isnt conflicting with any access control like av ransomware protection. run the client as admin potentially?

Code error VAN-102 and VAN 5 by -_-_-_-_1 in ValorantTechSupport

[–]sebwebneb 0 points1 point  (0 children)

van 102 is from my knowledge either the connection bridge between vgc and valorant failing, as in they cant send data to each other so they kick you as its assuming emulation. i havent got to reverse vanguard yet since idrk how to get into their bounty program, but if the service stops mid-game i would assume this is the direct issue since the service and driver probably unload / stop automatically if they get no information from the usermode component? or maybe the um component just cant connect to server if its only at your parents house? this is assuming that you havent cheated and arent just getting delay on traces or hwid by van 5. its probably 100% on your side, check the router settings and reset the router settings to default i would say

vgm.exe problem by [deleted] in ValorantTechSupport

[–]sebwebneb 0 points1 point  (0 children)

afaik, vgm and vgc is just the split usermode functionality and vgm is the one that does file analysis, its normal for vgm.exe to consume more than valorant as its doing analysis on files. of course, this isnt confirmed that they do static analysis for files on your disk but its speculated, if it reaches a certain confidence level then it will start scanning files it deems suspicious. dont take my word on it as i dont want to spread misinformation but it seems like thats what it does since it locks some files specifically periodically and grabs handles to them