Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer Rights Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Kernel Level Anti-Cheats
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Security concerns=== As kernel-level software holds the highest authorization on the hardware of a user,<ref>{{Cite web |last=Litchfield |first=Ted |date=27 Feb 2024 |title=According to experts on kernel level anticheat, two things are abundantly clear: 1) It's not perfect and 2) It's not going anywhere |url=https://www.pcgamer.com/according-to-experts-on-kernel-level-anticheat-two-things-are-abundantly-clear-1-its-not-perfect-and-2-its-not-going-anywhere/ |url-status=live |archive-url=https://web.archive.org/web/20250406200223/https://www.pcgamer.com/according-to-experts-on-kernel-level-anticheat-two-things-are-abundantly-clear-1-its-not-perfect-and-2-its-not-going-anywhere/ |archive-date=2025-04-06 |access-date=2025-06-10 |website=PC Gamer}}</ref> this is favorable towards malicious actors. If a malicious actor was to discover a security issue in a kernel level anti-cheat significant enough to allow them to hijack the software, they would be able to directly execute code at its level of access, allowing them to bypass security measures put in place by the {{Wplink|operating system}} and {{Wplink|Antivirus software|anti-virus software}}. This is not a purely hypothetical scenario; it has already taken place in an incident with the popular {{Wplink|Gacha game|gacha}} co-op adventure [[Genshin Impact|''Genshin Impact'']], where the game's anti-cheat '''mhyprot2.sys''<nowiki/>' was hijacked by malicious actors to disable users' anti-virus software, with the intent of distributing {{Wplink|ransomware}}.<ref>{{Cite web |last=Soliven |first=Ryan |last2=Kimura |first2=Hitomi |date=2022-08-24 |title=Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus |url=https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html}}</ref> Another perfect example is Hotta Studios' Tower of Fantasy game. Users have reported that the kernel-level anticheat 'ksophon_x64.sys' has caused BSOD along with the DPC_WATCHDOG_VIOLATION. This incident occurs when the game is uninstalled, launched, closed, or even running before the new publisher Perfect World Games. As of now, since the update by the company, the file doesn't appear to exist in System32/drivers.
Summary:
Please note that all contributions to Consumer Rights Wiki are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Rights Wiki:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
