How Microsoft’s Kernel Changes May Impact Anti-Cheat Software

Options
Patrick.Yu
edited 6:18AM in Gaming
How Microsoft’s Kernel Changes May Impact Anti-Cheat Software.jpg

Microsoft is changing how security software works in Windows, and it could have a big impact on PC gaming. After a failed update from CrowdStrike caused millions of computers to crash, Microsoft is moving antivirus and security tools out of the Windows kernel. This matters for gamers because many anti-cheat systems also run in the kernel, which is the core part of your computer's operating system. The kernel controls memory, hardware, and other low-level functions. 

If Microsoft limits access to it, games may need to find new ways to stop cheaters. In this article, we will explain what kernel-level software is, why Microsoft is making these changes, which games use kernel-level anti-cheat, and what it all means for gamers and developers.

What is kernel-level software, and why does it matter for gaming?

The kernel is the core part of your computer’s operating system. It controls how software talks to your hardware. That includes memory, storage, input devices, and graphics cards. Because it has full access to the system, software that runs at the kernel level can do powerful things. But it can also cause serious problems if it crashes or gets exploited.

Kernel-level software is often used by antivirus programs and anti-cheat tools. In games, it helps detect advanced cheating methods that try to hide from regular monitoring. By operating deep inside the system, it can catch cheats before they even reach the game.

But this power comes with risks. If something goes wrong, it can crash the entire system. It can also raise privacy concerns because kernel-level tools can see almost everything on your computer. This is why Microsoft’s new policy matters. It could change how games handle security and fairness from the ground up.

Why is Microsoft changing how the kernel works?

In 2024, a broken update from cybersecurity company CrowdStrike caused a global Windows crash. Over 8 million machines were affected. The problem came from a kernel-level driver, a small piece of software that had deep access to the system. When it failed, the result was a widespread Blue Screen of Death, with many businesses and users unable to recover their systems quickly.

This incident exposed a major flaw in how Windows allows security tools to operate. Giving third-party software full kernel access increases the chance of a serious system failure. It also makes it harder for Microsoft to ensure the overall stability and safety of Windows.

In response, Microsoft is working with security vendors like CrowdStrike, ESET, and Bitdefender to move antivirus and endpoint detection tools out of the kernel. The goal is to reduce risk, improve system recovery options, and make sure no single vendor’s mistake can crash millions of devices again.

Where do anti-cheat systems fit into the picture?

Just like antivirus tools, anti-cheat systems often run in the kernel. This gives them deep access to your computer, allowing them to detect hidden cheat software that runs outside the game itself. Games like Valorant, Call of Duty: Warzone, and Destiny 2 all use kernel-level anti-cheat to catch cheaters who try to bypass normal security checks.

The problem is that these systems carry the same risks as antivirus tools. A bug or security flaw in a kernel-level anti-cheat driver can crash your system or open the door to hackers. It also raises privacy concerns. Giving a game that much control over your computer can make some users uncomfortable, especially when the company running it has ties to foreign governments or handles large amounts of user data.

Now that Microsoft is changing how kernel access works, anti-cheat developers will need to find new ways to monitor for cheats without relying on deep system access. This could reshape how competitive multiplayer games are built and secured in the future.

What anti-cheat systems use kernel-level access? (Top 6)

These six anti-cheat solutions are widely used and run at the kernel level, offering deep system insight and cheat protection, but not without controversy.

1. Vanguard

  • Used in: Valorant, League of Legends
  • Made by: Riot Games
  • Starts with your computer, runs in the kernel to prevent cheats early, but raises privacy and always‑on concerns.

2. Ricochet

  • Used in: Call of Duty: Warzone, Modern Warfare II/III
  • Made by: Activision
  • Kernel‑mode driver detects cheats trying to manipulate the game from outside.

3. EA AntiCheat

  • Used in: FIFA 23, Battlefield V, and other EA titles
  • Made by: Electronic Arts
  • Works at the kernel level to block code injection and system tampering.

4. BattlEye

  • Used in: PUBG: Battlegrounds, Rainbow Six Siege, Escape from Tarkov, Arma 3
  • Made by: BattlEye Innovations
  • Can run in kernel mode when enabled; known for aggressive protection that can sometimes conflict with other software.

5. Easy Anti-Cheat (EAC)

  • Used in: Fortnite, Apex Legends, The Finals, Dead by Daylight
  • Made by: Epic Games
  • Supports kernel‑level modules for advanced cheat detection, mostly in competitive games.

6. XIGNCODE3

  • Used in: Black Desert Online, Phantasy Star Online 2, Dragon Nest
  • Made by: Wellbia
  • Kernel‑mode driver widely used in MMOs, though often criticized for performance impacts.

For a full list of anti-cheats that run on the kernel level and the games they support, check out this link.

How can this impact gamers? (The good and the bad)

How can this impact gamers (The good and the bad).jpg

Microsoft’s decision to limit kernel-level access could have a big effect on how games work and how players experience them.

The good:

  • Better privacy and security
    Kernel-level anti-cheat tools can see everything on your system. Moving away from this approach could lower the risk of data collection or unwanted background activity.
  • Fewer crashes and bugs
    When a kernel-level driver fails, it can crash your entire computer. If anti-cheat systems are moved to safer parts of the system, players may see fewer blue screens and system errors.
  • More control for the user
    Some kernel-level tools keep running even when the game is closed. These changes may give players more control over what runs on their PC and when.

The bad:

  • Weaker cheat detection, at least for now
    Kernel-level access helps anti-cheat tools catch cheats that run outside of the game. Without this access, it may be harder to stop advanced hacks until better tools are created.
  • Growing pains for developers
    Developers will need time to update or replace their current systems. Some anti-cheat tools may need to be rewritten, which could lead to bugs or security gaps during the process.
  • Possible performance changes
    Performance may improve or drop depending on how developers build the new detection systems. The results will likely vary between games.

What are game developers going to need to do?

Game developers who rely on kernel-level anti-cheat systems will need to rethink how they detect and prevent cheating. Microsoft is not banning kernel access right away, but it is making it harder to use and encouraging developers to move away from it. In the long term, more restrictions are likely.

To keep up, developers will need to start using new security APIs that Microsoft is building as alternatives to kernel access. These APIs aim to provide strong protection without giving software full control over system memory or hardware. Developers will also need to work closely with Microsoft and other partners to stay informed about the changes and help shape how the system evolves.

Many games may need to rebuild or upgrade their anti-cheat tools so they work without touching the kernel. This process will take time, testing, and possibly major code changes. Developers will also need to find the right balance between detecting cheats and respecting user privacy. Clear communication about how their anti-cheat tools work, and why they are necessary, will be important to keep player trust during the transition.

What will happen going forward?

Microsoft's shift away from kernel-level access marks a major turning point for Windows security and for PC gaming. In the short term, antivirus and endpoint protection tools will be the first to move out of the kernel. Anti-cheat systems will follow more slowly, since game developers need time to adjust and find new ways to fight cheating without deep system access.

Some games may continue using kernel-level drivers for now, but the long-term trend is clear. Microsoft wants to reduce the risks tied to kernel software and create a safer, more stable platform. That means developers will face increasing pressure to update their tools and follow the new guidelines.

For players, this could lead to fewer crashes, better privacy, and more control over what runs on their machines. But it may also mean a period of change, as developers test new methods and deal with growing pains. In time, if the new tools are built well, the end result could be a more secure and transparent gaming experience for everyone.

Patrick Yu is a Senior Project Manager at Level Interactive and has 8 years of experience writing business, legal, lifestyle, gaming, and technology articles. He is a significant contributor to Acer Corner and is currently based in Taipei, Taiwan.

Socials

Stay Up to Date

Get the latest news by subscribing to Acer Corner in Google News.

Follow