Riot Games has begun rolling out Vanguard On-Demand, a new mode for its kernel-level anti-cheat that stops the Vanguard driver from loading at Windows startup on qualifying Windows 11 PCs and instead starts it only when players launch Riot titles such as Valorant or League of Legends. The concession is real, but it is not a retreat from kernel anti-cheat. Riot is trading one form of trust — an always-present driver — for another: a PC that can prove, through Windows and hardware-backed security, that nothing suspicious slipped in while Vanguard was asleep.
That makes the change more interesting than a simple “Vanguard finally has an off switch” headline. The old fight was about whether a game company should be allowed to run privileged code from boot. The new fight is about who gets to define a sufficiently secure Windows PC in 2026: Microsoft, Riot, firmware vendors, or the player staring at a BIOS menu they never wanted to open.
Vanguard’s reputation was forged in the most sensitive part of Windows: the kernel. When Valorant arrived in 2020, Riot argued that serious cheating required serious countermeasures, including a driver that could observe the system early enough to catch cheats before the game started. Many players heard a different message: a competitive shooter wanted a permanent seat at the lowest level of their PC.
The new On-Demand mode changes that daily experience. On supported systems, Vanguard’s driver no longer needs to load at startup, and it can unload when the Riot game session ends. For players who installed Valorant years ago, stopped playing regularly, and still saw Vanguard sitting in the system tray after every reboot, this is the complaint Riot should have addressed sooner.
But Riot is not saying kernel anti-cheat was a mistake. It is saying Windows has finally grown enough supporting machinery to let Vanguard arrive later without surrendering the integrity checks Riot considers necessary. That distinction matters. On-Demand is not a privacy-first redesign of competitive gaming; it is a security architecture swap.
The always-on version treated time as the problem. If Vanguard was present from boot, it could reduce the chance that a cheat loaded first and hid itself. On-Demand treats the platform as the problem. If the operating system, firmware, and hardware can attest to what happened before the game launched, Vanguard can afford to sleep.
That is why the feature comes with a gate. Players do not simply click a “run only when gaming” switch because Riot has softened its stance. They earn that switch by running a Windows configuration Riot believes can close the gap left by a dormant driver.
That requirement will be painless for some players. Riot says roughly 35 percent of players already qualify automatically, which means their systems have the right OS version and security settings enabled. For them, the change should feel like a rare win: update the client, flip the toggle, and stop carrying Vanguard around between game sessions.
For everyone else, the story becomes more complicated. Secure Boot and TPM 2.0 are familiar to anyone who lived through the Windows 11 upgrade debate, but VBS, HVCI, and IOMMU remain less visible to typical gaming PC owners. They may be present but disabled, hidden behind motherboard firmware labels, blocked by old drivers, or tangled in OEM-specific defaults.
That is where the friction begins. A security feature that looks elegant in a platform diagram can become a support problem when it reaches a self-built desktop with years of BIOS updates, RGB utilities, capture-card drivers, overclocking tools, and peripherals whose software was written for a less locked-down Windows era. Riot is offering a cleaner anti-cheat lifecycle, but it is asking players to move closer to enterprise-style endpoint assumptions to get it.
The small but important caveat is that the old mode remains available. Riot says players who do nothing can continue with Vanguard as it works today. That avoids turning the update into an immediate access crisis for players on Windows 10, older machines, or systems that cannot pass the checklist.
Still, optional does not mean irrelevant. Once a vendor defines the preferred path as Windows 11 25H2 plus hardware-backed security, the center of gravity moves. Players who want the least intrusive Vanguard experience are being nudged toward the newest Windows security baseline, and that nudge will feel different depending on whether you own a recent laptop or a stubborn but perfectly capable gaming tower.
That is a meaningful shift in the anti-cheat arms race. Historically, game companies building kernel anti-cheat systems have tried to compensate for what Windows could not reliably guarantee to them. Now Microsoft is providing more of the substrate: boot integrity, virtualization-backed isolation, code integrity enforcement, DMA protections, and runtime attestation.
This is also Microsoft’s broader Windows 11 security strategy arriving through a gamer-facing controversy. Secure Boot, TPM 2.0, VBS, HVCI, and related protections have often been pitched in the language of enterprise defense, ransomware resilience, credential protection, and modern device management. Vanguard On-Demand translates that into something players immediately understand: turn these things on, and the anti-cheat does not have to live in your tray all day.
That is clever politics for both companies. Riot gets to say it listened to complaints about always-on Vanguard without weakening its anti-cheat posture. Microsoft gets another real-world reason for users to adopt the security stack it has been pushing since Windows 11’s launch.
But it also means the trust chain grows longer. Players are not just trusting Riot’s driver; they are trusting Microsoft’s attestation mechanism, motherboard firmware behavior, TPM reliability, Windows security settings, and Riot’s interpretation of the resulting signal. The old model was intrusive but conceptually simple. The new model is less visibly intrusive, but more dependent on layers most users cannot audit.
That trade may be worthwhile. It is still a trade.
Secure Boot verifies that the boot path has not been casually tampered with. TPM 2.0 provides hardware-backed identity and cryptographic services. VBS uses virtualization to isolate sensitive parts of Windows. HVCI, commonly exposed as Memory Integrity, makes it harder for malicious or vulnerable kernel code to run. IOMMU protections help constrain device memory access, which matters in a world where DMA attacks and low-level manipulation are no longer purely academic.
None of those concepts exists because of Valorant. Riot is riding a wave Microsoft has already been building. The difference is that a game can motivate behavior Microsoft’s own security prompts often cannot.
That motivation cuts both ways. A sysadmin might celebrate more consumer PCs enabling Memory Integrity and Secure Boot. A gamer chasing frame rates may see the same features as another layer between hardware and performance. A tinkerer with unsigned tools or old drivers may see them as a gradual closing of the Windows ecosystem.
The result is a strange cultural collision. Anti-cheat vendors want more locked-down PCs because cheating thrives in ambiguity. Enthusiasts often like PCs precisely because they permit ambiguity: custom drivers, unusual hardware, kernel-adjacent tools, firmware experiments, and old utilities that still work because Windows has historically bent over backward for compatibility.
Vanguard On-Demand does not resolve that conflict. It makes it explicit. The cleaner user experience is available to the PC that agrees to be more formally secured.
That does not mean players should reflexively reject the feature. A newer CPU, current firmware, updated drivers, and a clean Windows 11 install may handle these protections with little drama. Many laptops already ship with parts of the stack enabled, and Microsoft has worked to make the overhead less painful over time.
The real problem is variability. One user may enable Memory Integrity and never notice. Another may discover that an old audio interface driver, RGB controller, fan utility, capture card, or anti-cheat from another game does not like the new regime. A third may take a measurable frame-rate hit in the exact title where consistency matters most.
This is why Riot was wise not to force the transition. If On-Demand had replaced always-on Vanguard wholesale, every driver conflict would become Riot’s problem overnight. By making it opt-in, Riot lets the most compatible machines move first while the rest of the ecosystem catches up.
There is a subtle irony here. The always-on Vanguard model was criticized because it demanded too much trust from users. The On-Demand model may demand more technical literacy from them. It is less invasive during everyday use, but the path to enabling it may run through firmware menus, Windows Security panels, and driver cleanup sessions.
Yet “optional” features in platform security often serve as reconnaissance. They measure readiness. They reveal which hardware fails, which OEMs ship usable defaults, which drivers break, and which support articles users actually follow. Riot’s 35 percent figure is not just a convenience statistic; it is a map of how far the Windows gaming ecosystem has moved toward modern security.
The more players qualify, the easier it becomes for Riot to raise expectations later. That does not mean an immediate mandate is coming. It does mean Vanguard On-Demand creates a data-driven path toward one. If Microsoft’s attestation feature proves reliable and the percentage of compatible systems rises, Riot will have less reason to preserve the older model indefinitely.
This is how platform baselines shift. First the feature is optional. Then it becomes recommended. Then new functionality assumes it. Eventually, the unsupported configuration is not banned, but it is outside the happy path.
For Windows 10 users, that should sound familiar. Windows 10 remains present on many gaming PCs, but the industry’s security and anti-cheat incentives are aligning around Windows 11’s hardware requirements. Riot’s move is another signal that the Windows 11 transition is not only about Microsoft’s lifecycle calendar; it is about third-party software beginning to depend on features that Windows 10 will not receive.
But the privacy story should not be overstated. On-Demand mode still runs Vanguard at kernel level when the game launches. It still asks players to accept powerful anti-cheat inspection during play. It still depends on Riot deciding what system state is acceptable and what is suspicious.
The difference is scope and timing. Riot is shrinking Vanguard’s window of activity for qualifying systems. That matters, particularly for users who leave their machines on for days, use them for work, or simply dislike game software persisting outside the context of a game.
It also addresses the symbolic insult of the system tray icon. Vanguard’s presence at boot was a constant reminder that a game publisher had claimed a permanent foothold in the PC. Even if many users never experienced a concrete problem, the optics were terrible. On-Demand mode removes that ambient irritation for the people whose machines qualify.
Still, this is not a move from invasive anti-cheat to non-invasive anti-cheat. It is a move from continuous anti-cheat presence to conditional anti-cheat presence backed by Windows attestation. That is better for many users. It is not a philosophical surrender.
Vanguard On-Demand suggests that runtime attestation and hardware-backed security signals are becoming more useful to third-party software. Today the beneficiary is a game. Tomorrow it could be financial software, exam proctoring tools, DRM-heavy creative applications, or enterprise access agents that want stronger evidence about the state of a user’s unmanaged PC.
That should make administrators both optimistic and cautious. Stronger attestation can reduce reliance on permanently resident agents. It can also create new support burdens when a machine technically supports a feature but fails a vendor’s interpretation of readiness. Anyone who has debugged Secure Boot state, TPM provisioning, or Memory Integrity blocks knows that “enabled” is not always the same as “accepted by the application.”
There is also a policy lesson. Riot is framing the old always-on mode as acceptable for now, while the new mode is available only to sufficiently secured devices. That is a pattern enterprises know well: conditional access, compliance baselines, and posture checks. The difference is that consumers are now encountering it through a game launcher.
If Microsoft wants Windows to be seen as both open and trustworthy, it needs these transitions to feel predictable. Users can tolerate strict requirements when the error messages are clear, the remediation steps are accurate, and firmware vendors expose settings consistently. They are less forgiving when they are told to enable a feature that appears enabled everywhere except inside the one application refusing to launch.
On-Demand mode vindicates part of the criticism. If Vanguard can now run only when needed on sufficiently secured systems, then the always-on design was not an eternal law of physics. It was a response to the limits of the Windows platform at the time. As those limits change, the anti-cheat should change too.
That is an important precedent. Security vendors frequently describe intrusive designs as unavoidable right up until a better platform primitive appears. Users are right to keep asking whether yesterday’s compromise is still necessary today.
At the same time, Riot’s answer is not “we can do less because you complained.” It is “we can do less if your PC can prove more.” That framing preserves Riot’s anti-cheat posture while acknowledging that permanent residency was never the ideal user experience.
The healthiest reading is that pressure worked, but only in combination with platform progress. Player backlash alone did not produce Runtime Driver Attestation Reports. Microsoft’s security stack alone did not make Riot change its product behavior. The improvement required both.
The direction of travel is unmistakable: anti-cheat, Windows security, and hardware attestation are converging, and the gaming PC is being pulled into the same trust architecture that already defines modern enterprise endpoints. Vanguard On-Demand is a meaningful improvement because it reduces needless always-on kernel presence, but it also previews a future in which the freedom to run less invasive software depends on accepting a more locked-down platform underneath it.
That makes the change more interesting than a simple “Vanguard finally has an off switch” headline. The old fight was about whether a game company should be allowed to run privileged code from boot. The new fight is about who gets to define a sufficiently secure Windows PC in 2026: Microsoft, Riot, firmware vendors, or the player staring at a BIOS menu they never wanted to open.
Riot Gives Up the Boot Slot, Not the Security Model
Vanguard’s reputation was forged in the most sensitive part of Windows: the kernel. When Valorant arrived in 2020, Riot argued that serious cheating required serious countermeasures, including a driver that could observe the system early enough to catch cheats before the game started. Many players heard a different message: a competitive shooter wanted a permanent seat at the lowest level of their PC.The new On-Demand mode changes that daily experience. On supported systems, Vanguard’s driver no longer needs to load at startup, and it can unload when the Riot game session ends. For players who installed Valorant years ago, stopped playing regularly, and still saw Vanguard sitting in the system tray after every reboot, this is the complaint Riot should have addressed sooner.
But Riot is not saying kernel anti-cheat was a mistake. It is saying Windows has finally grown enough supporting machinery to let Vanguard arrive later without surrendering the integrity checks Riot considers necessary. That distinction matters. On-Demand is not a privacy-first redesign of competitive gaming; it is a security architecture swap.
The always-on version treated time as the problem. If Vanguard was present from boot, it could reduce the chance that a cheat loaded first and hid itself. On-Demand treats the platform as the problem. If the operating system, firmware, and hardware can attest to what happened before the game launched, Vanguard can afford to sleep.
That is why the feature comes with a gate. Players do not simply click a “run only when gaming” switch because Riot has softened its stance. They earn that switch by running a Windows configuration Riot believes can close the gap left by a dormant driver.
The Price of the Off Switch Is a Modern Windows Security Stack
The checklist is not casual. Riot’s Vanguard Pre-Check requires Windows 11 25H2 or later, UEFI Secure Boot, TPM 2.0, Virtualization-Based Security, Hypervisor-Protected Code Integrity, and IOMMU support. In other words, this is not merely a Riot setting; it is a demand that the PC resemble Microsoft’s preferred model of a hardened Windows machine.That requirement will be painless for some players. Riot says roughly 35 percent of players already qualify automatically, which means their systems have the right OS version and security settings enabled. For them, the change should feel like a rare win: update the client, flip the toggle, and stop carrying Vanguard around between game sessions.
For everyone else, the story becomes more complicated. Secure Boot and TPM 2.0 are familiar to anyone who lived through the Windows 11 upgrade debate, but VBS, HVCI, and IOMMU remain less visible to typical gaming PC owners. They may be present but disabled, hidden behind motherboard firmware labels, blocked by old drivers, or tangled in OEM-specific defaults.
That is where the friction begins. A security feature that looks elegant in a platform diagram can become a support problem when it reaches a self-built desktop with years of BIOS updates, RGB utilities, capture-card drivers, overclocking tools, and peripherals whose software was written for a less locked-down Windows era. Riot is offering a cleaner anti-cheat lifecycle, but it is asking players to move closer to enterprise-style endpoint assumptions to get it.
The small but important caveat is that the old mode remains available. Riot says players who do nothing can continue with Vanguard as it works today. That avoids turning the update into an immediate access crisis for players on Windows 10, older machines, or systems that cannot pass the checklist.
Still, optional does not mean irrelevant. Once a vendor defines the preferred path as Windows 11 25H2 plus hardware-backed security, the center of gravity moves. Players who want the least intrusive Vanguard experience are being nudged toward the newest Windows security baseline, and that nudge will feel different depending on whether you own a recent laptop or a stubborn but perfectly capable gaming tower.
Microsoft Quietly Becomes Part of Riot’s Anti-Cheat Boundary
The key enabling piece is Microsoft’s Runtime Driver Attestation Report, a Windows 11 25H2 feature developed with Microsoft’s Xbox OS Security Team. The idea is straightforward in principle: Windows can provide a record of drivers loaded since startup, giving Vanguard a way to inspect the system’s driver history when it launches. If Riot can trust that record, Vanguard no longer needs to be awake from the beginning of the boot process.That is a meaningful shift in the anti-cheat arms race. Historically, game companies building kernel anti-cheat systems have tried to compensate for what Windows could not reliably guarantee to them. Now Microsoft is providing more of the substrate: boot integrity, virtualization-backed isolation, code integrity enforcement, DMA protections, and runtime attestation.
This is also Microsoft’s broader Windows 11 security strategy arriving through a gamer-facing controversy. Secure Boot, TPM 2.0, VBS, HVCI, and related protections have often been pitched in the language of enterprise defense, ransomware resilience, credential protection, and modern device management. Vanguard On-Demand translates that into something players immediately understand: turn these things on, and the anti-cheat does not have to live in your tray all day.
That is clever politics for both companies. Riot gets to say it listened to complaints about always-on Vanguard without weakening its anti-cheat posture. Microsoft gets another real-world reason for users to adopt the security stack it has been pushing since Windows 11’s launch.
But it also means the trust chain grows longer. Players are not just trusting Riot’s driver; they are trusting Microsoft’s attestation mechanism, motherboard firmware behavior, TPM reliability, Windows security settings, and Riot’s interpretation of the resulting signal. The old model was intrusive but conceptually simple. The new model is less visibly intrusive, but more dependent on layers most users cannot audit.
That trade may be worthwhile. It is still a trade.
The Gaming PC Meets the Managed Endpoint
For WindowsForum readers, the most interesting part of this announcement may not be Vanguard itself. It is the way a consumer game is normalizing a security posture that looks increasingly like a managed corporate endpoint. The hobbyist PC, long defined by user control, legacy compatibility, and “if it boots, it works,” is being asked to behave like a device with a measured chain of trust.Secure Boot verifies that the boot path has not been casually tampered with. TPM 2.0 provides hardware-backed identity and cryptographic services. VBS uses virtualization to isolate sensitive parts of Windows. HVCI, commonly exposed as Memory Integrity, makes it harder for malicious or vulnerable kernel code to run. IOMMU protections help constrain device memory access, which matters in a world where DMA attacks and low-level manipulation are no longer purely academic.
None of those concepts exists because of Valorant. Riot is riding a wave Microsoft has already been building. The difference is that a game can motivate behavior Microsoft’s own security prompts often cannot.
That motivation cuts both ways. A sysadmin might celebrate more consumer PCs enabling Memory Integrity and Secure Boot. A gamer chasing frame rates may see the same features as another layer between hardware and performance. A tinkerer with unsigned tools or old drivers may see them as a gradual closing of the Windows ecosystem.
The result is a strange cultural collision. Anti-cheat vendors want more locked-down PCs because cheating thrives in ambiguity. Enthusiasts often like PCs precisely because they permit ambiguity: custom drivers, unusual hardware, kernel-adjacent tools, firmware experiments, and old utilities that still work because Windows has historically bent over backward for compatibility.
Vanguard On-Demand does not resolve that conflict. It makes it explicit. The cleaner user experience is available to the PC that agrees to be more formally secured.
The Performance Argument Will Not Die, Even If It Shrinks
The most predictable reaction to the checklist will be performance anxiety. VBS and HVCI have been debated for years because they can impose a performance cost, especially on older processors or configurations that lack newer hardware optimizations. In modern systems, the hit is often modest, but “modest” is not the same as invisible to a competitive player who tunes Windows services and GPU drivers for every last frame.That does not mean players should reflexively reject the feature. A newer CPU, current firmware, updated drivers, and a clean Windows 11 install may handle these protections with little drama. Many laptops already ship with parts of the stack enabled, and Microsoft has worked to make the overhead less painful over time.
The real problem is variability. One user may enable Memory Integrity and never notice. Another may discover that an old audio interface driver, RGB controller, fan utility, capture card, or anti-cheat from another game does not like the new regime. A third may take a measurable frame-rate hit in the exact title where consistency matters most.
This is why Riot was wise not to force the transition. If On-Demand had replaced always-on Vanguard wholesale, every driver conflict would become Riot’s problem overnight. By making it opt-in, Riot lets the most compatible machines move first while the rest of the ecosystem catches up.
There is a subtle irony here. The always-on Vanguard model was criticized because it demanded too much trust from users. The On-Demand model may demand more technical literacy from them. It is less invasive during everyday use, but the path to enabling it may run through firmware menus, Windows Security panels, and driver cleanup sessions.
Riot’s Optional Toggle Is Also a Test Balloon
Riot says players who do nothing can keep playing as before, and that is the right immediate policy. Valorant and League of Legends are too large to make a sudden hard cut to Windows 11 25H2 and a strict security baseline. Competitive integrity matters, but so does not detonating a player base.Yet “optional” features in platform security often serve as reconnaissance. They measure readiness. They reveal which hardware fails, which OEMs ship usable defaults, which drivers break, and which support articles users actually follow. Riot’s 35 percent figure is not just a convenience statistic; it is a map of how far the Windows gaming ecosystem has moved toward modern security.
The more players qualify, the easier it becomes for Riot to raise expectations later. That does not mean an immediate mandate is coming. It does mean Vanguard On-Demand creates a data-driven path toward one. If Microsoft’s attestation feature proves reliable and the percentage of compatible systems rises, Riot will have less reason to preserve the older model indefinitely.
This is how platform baselines shift. First the feature is optional. Then it becomes recommended. Then new functionality assumes it. Eventually, the unsupported configuration is not banned, but it is outside the happy path.
For Windows 10 users, that should sound familiar. Windows 10 remains present on many gaming PCs, but the industry’s security and anti-cheat incentives are aligning around Windows 11’s hardware requirements. Riot’s move is another signal that the Windows 11 transition is not only about Microsoft’s lifecycle calendar; it is about third-party software beginning to depend on features that Windows 10 will not receive.
The Privacy Win Is Real, but Narrower Than It Looks
Players who objected to Vanguard running at boot have a legitimate reason to welcome this change. A kernel driver that is not loaded cannot observe the system in the same way as one that is active. Reducing always-on privileged code is good hygiene, especially when the software exists to serve a game rather than a core computing need.But the privacy story should not be overstated. On-Demand mode still runs Vanguard at kernel level when the game launches. It still asks players to accept powerful anti-cheat inspection during play. It still depends on Riot deciding what system state is acceptable and what is suspicious.
The difference is scope and timing. Riot is shrinking Vanguard’s window of activity for qualifying systems. That matters, particularly for users who leave their machines on for days, use them for work, or simply dislike game software persisting outside the context of a game.
It also addresses the symbolic insult of the system tray icon. Vanguard’s presence at boot was a constant reminder that a game publisher had claimed a permanent foothold in the PC. Even if many users never experienced a concrete problem, the optics were terrible. On-Demand mode removes that ambient irritation for the people whose machines qualify.
Still, this is not a move from invasive anti-cheat to non-invasive anti-cheat. It is a move from continuous anti-cheat presence to conditional anti-cheat presence backed by Windows attestation. That is better for many users. It is not a philosophical surrender.
Administrators Should Read This as a Consumer Preview of Future Defaults
Enterprise IT should pay attention because gaming anti-cheat often acts like an early-warning system for Windows platform tension. Vanguard, Easy Anti-Cheat, BattlEye, FACEIT, and other systems live where consumer demand, kernel policy, driver signing, virtualization, and hardware security collide. When those systems change requirements, they reveal where Microsoft’s platform is heading.Vanguard On-Demand suggests that runtime attestation and hardware-backed security signals are becoming more useful to third-party software. Today the beneficiary is a game. Tomorrow it could be financial software, exam proctoring tools, DRM-heavy creative applications, or enterprise access agents that want stronger evidence about the state of a user’s unmanaged PC.
That should make administrators both optimistic and cautious. Stronger attestation can reduce reliance on permanently resident agents. It can also create new support burdens when a machine technically supports a feature but fails a vendor’s interpretation of readiness. Anyone who has debugged Secure Boot state, TPM provisioning, or Memory Integrity blocks knows that “enabled” is not always the same as “accepted by the application.”
There is also a policy lesson. Riot is framing the old always-on mode as acceptable for now, while the new mode is available only to sufficiently secured devices. That is a pattern enterprises know well: conditional access, compliance baselines, and posture checks. The difference is that consumers are now encountering it through a game launcher.
If Microsoft wants Windows to be seen as both open and trustworthy, it needs these transitions to feel predictable. Users can tolerate strict requirements when the error messages are clear, the remediation steps are accurate, and firmware vendors expose settings consistently. They are less forgiving when they are told to enable a feature that appears enabled everywhere except inside the one application refusing to launch.
Riot’s Move Is a Small Victory for Complaints That Were Easy to Dismiss
For years, defenders of Vanguard argued that critics exaggerated the risk. Riot was not secretly interested in spying on spreadsheets, they said, and kernel anti-cheat was simply the cost of competitive integrity in a hostile environment. There was truth in that, but it too often dodged the central complaint: users were being asked to accept a privileged, always-on component for the sake of a game they might not even be playing that week.On-Demand mode vindicates part of the criticism. If Vanguard can now run only when needed on sufficiently secured systems, then the always-on design was not an eternal law of physics. It was a response to the limits of the Windows platform at the time. As those limits change, the anti-cheat should change too.
That is an important precedent. Security vendors frequently describe intrusive designs as unavoidable right up until a better platform primitive appears. Users are right to keep asking whether yesterday’s compromise is still necessary today.
At the same time, Riot’s answer is not “we can do less because you complained.” It is “we can do less if your PC can prove more.” That framing preserves Riot’s anti-cheat posture while acknowledging that permanent residency was never the ideal user experience.
The healthiest reading is that pressure worked, but only in combination with platform progress. Player backlash alone did not produce Runtime Driver Attestation Reports. Microsoft’s security stack alone did not make Riot change its product behavior. The improvement required both.
The New Vanguard Bargain Is Written in Firmware Settings
The practical takeaway for players is simple but not necessarily easy: if you want Vanguard out of your startup path, your PC has to pass Riot’s modern Windows security test. That test may be automatic on recent systems, but it may be fiddly on older desktops or machines with legacy driver baggage. The feature is a welcome option, not a universal fix.- Vanguard On-Demand stops the anti-cheat driver from loading at Windows startup only on systems that pass Riot’s Pre-Check requirements.
- The required stack includes Windows 11 25H2 or later, Secure Boot, TPM 2.0, VBS, HVCI, and IOMMU.
- Players who do nothing can continue using Vanguard in its existing always-on-at-boot mode for now.
- Riot says roughly 35 percent of players already qualify, while a small minority are on hardware too old to meet the requirements.
- Enabling the required Windows security features may expose old driver problems or modest performance costs, especially on older gaming PCs.
- The bigger shift is that Riot is leaning on Microsoft’s hardware-backed attestation rather than relying solely on Vanguard being present from boot.
The direction of travel is unmistakable: anti-cheat, Windows security, and hardware attestation are converging, and the gaming PC is being pulled into the same trust architecture that already defines modern enterprise endpoints. Vanguard On-Demand is a meaningful improvement because it reduces needless always-on kernel presence, but it also previews a future in which the freedom to run less invasive software depends on accepting a more locked-down platform underneath it.
References
- Primary source: TweakTown
Published: 2026-06-29T02:10:16.120333
Loading…
www.tweaktown.com - Related coverage: pcgamer.com
You can finally turn Riot's Vanguard anti-cheat off when you're not playing a game | PC Gamer
Most of you, anyway.www.pcgamer.com - Related coverage: tomshardware.com
Riot Vanguard finally drops its controversial always-on requirement for anti-cheat — new on-demand mode requires a strict Windows 11 security stack | Tom's Hardware
The toggle needs Windows 11 25H2 plus TPM 2.0, Secure Boot, VBS, HVCI, and IOMMU.www.tomshardware.com - Related coverage: notebookcheck.net
Loading…
www.notebookcheck.net - Related coverage: bo3.gg
Loading…
bo3.gg - Related coverage: windowsforum.com
Loading…
windowsforum.com
- Related coverage: tech.yahoo.com
Loading…
tech.yahoo.com - Related coverage: altchar.com
Riot's Vanguard anti-cheat no longer needs to run all the time | AltChar
Riot Games has introduced Vanguard On-Demand, allowing League of Legends and VALORANT players to run Vanguard only while playing supported games.
www.altchar.com
- Related coverage: telset.id
Riot Hentikan Vanguard Boot-Time, Ganti Mode On-Demand | Telset.id
Riot Games akhirnya mengubah Vanguard anti-cheat dengan mode On-Demand yang hanya aktif saat game dimainkan. Simak persyaratan teknisnya.telset.id - Related coverage: techspot.com
Loading…
www.techspot.com - Related coverage: thelab.gr
Loading…
www.thelab.gr