VAN9003 on Windows 11: Proven Fixes for Valorant's Vanguard Anti-Cheat

The VAN 9003 crash that left many Valorant players staring at the message “This build of Vanguard is out of compliance with current system settings” proved to be less a single bug and more a collision of modern Windows security posture, anti‑cheat kernel drivers, and inconsistent platform configuration — and it forced both Riot and the Windows community into a months‑long sprint of diagnosis, BIOS fiddling, driver reinstalls, and patch management. What started as scattered reports in late 2022 and through 2023 crystallized into widely shared troubleshooting patterns in 2024, and Riot’s guidance plus community fixes culminated in a reliable set of remedies: enable Secure Boot and TPM (or verify their state), ensure Vanguard’s VGC service is running, reinstall Vanguard after relevant Windows updates or BIOS changes, and apply OS/firmware updates where applicable. Riot’s support documentation now directs Windows 11 users through Secure Boot and TPM checks, and multiple independent troubleshooting guides and community threads document the same practical steps—and the risks—players should take.

Background: why Vanguard, Windows 11, and VAN 9003 intersected​

Vanguard is Riot’s kernel‑level anti‑cheat driver that integrates deeply with the Windows boot and kernel lifecycle to detect and prevent cheating. Windows 11 raised the platform security baseline compared with previous Windows releases by strongly leaning on Secure Boot, Trusted Platform Module (TPM) 2.0, and virtualization‑based protections. Vanguard’s modern builds and their attestation logic rely on the secure boot chain and, in many configurations, TPM attestation to determine whether the system environment meets the anti‑cheat’s integrity expectations. When the OS or firmware reports a state that Vanguard deems untrustworthy — for example Secure Boot disabled, UEFI/CSM conflicts, or missing TPM attestation — Vanguard can refuse to load and Valorant will error out with codes such as VAN9001, VAN9003, or VAN9090. Riot’s support pages explicitly tie VAN9003 to Secure Boot not being enabled on Windows 11.
That coupling is deliberate: modern anti‑cheat tools need to verify that no early‑load tampering or kernel hooking has taken place before allowing a competitive, multiplayer game to run. But it also means any change in firmware settings, Windows updates that touch the boot chain, or OEM BIOS quirks can break the handshake between Windows and Vanguard — producing the now‑familiar out‑of‑compliance message. Community logs and forum archives show this pattern repeated across motherboards from Gigabyte, ASUS, MSI and others during multiple Windows update waves.

---

Technical anatomy: what VAN 9003 actually checks​

To understand why VAN 9003 fired for so many systems, it helps to break down the checks that Vanguard and the OS perform:

• Secure Boot: UEFI Secure Boot verifies boot components’ signatures to prevent unsigned or tampered bootloaders and drivers from loading. Vanguard expects Secure Boot to be active on Windows 11 systems. If Secure Boot reports “Off” or “Unsupported” in msinfo32, Vanguard may block.
• TPM 2.0 / Attestation: TPM provides hardware attestation and key protection. Windows 11 leverages TPM/attestation for several security features. Vanguard’s more recent checks can depend on TPM presence/attestation to verify the platform’s trusted state. If TPM is disabled or mis‑reported, failures can arise (VAN9090 often indicates TPM initiation issues).
• Boot mode (UEFI vs legacy/CSM): Windows 11 expects UEFI. A system left in legacy BIOS/CSM mode may have Secure Boot unavailable. Switching between UEFI/CSM and Secure Boot modes or toggling Secure Boot settings has been repeatedly correlated with resolving or creating VAN9003 errors. Community reports detail toggling Secure Boot mode between “Custom” and “Standard” or disabling CSM entirely as part of fixes.
• Vanguard components and services: Vanguard installs kernel drivers and the VGC service (vgc.exe). If the VGC service’s startup type is incorrect, or if the Vanguard driver is out‑of‑date (or corrupted after an OS update), Valorant will fail to launch. Users commonly resolved issues by reinstalling Vanguard or setting the VGC service to Automatic and restarting.
• Windows update/firmware interactions: Cumulative updates or firmware updates can change the way Secure Boot/TPM are reported or handled. Several community threads and internal forum archives tied specific Windows updates to a spike in Vanguard compatibility issues; in some cases, Microsoft issued out‑of‑band fixes for broader compatibility regressions. The relationship is complex and path‑dependent, so one system may recover after a restart while another still needs BIOS or Vanguard reinstallation.

---

Timeline and root causes (short chronology)​

• Initial cluster reports (late 2022–2023): Users upgrading to Windows 11 or after BIOS changes encountered VAN9003; early fixes focused on enabling Secure Boot and TPM in BIOS and ensuring UEFI boot mode. Community workarounds emerged quickly.
• Widening reports and OS update correlations (2023–2024): As Windows 11 feature updates and monthly cumulative updates rolled out, more users found Vanguard failing even with Secure Boot and TPM enabled. The variable that often separated working and non‑working systems was firmware/BIOS handling of Secure Boot modes (Standard vs Custom) and whether VGC service was started automatically.
• Vendor‑level guidance and hardening (2024 onward): Riot consolidated troubleshooting guidance and published support pages to walk users through msinfo32 checks, TPM management (tpm.msc), and BIOS guidance. Microsoft’s documentation and industry reporting reinforced Secure Boot and TPM as Windows 11 security prerequisites, while independent tech outlets published step‑by‑step fixes (reinstall Vanguard, run SFC/DISM, set VGC to Automatic).

Important caution: while the pattern implicates Secure Boot/TPM, not every VAN9003 instance is identical — some cases traced to corrupted Vanguard installs, service permissions, or third‑party drivers. Where available, Riot’s diagnostic tools and support ticket logs have been used to collect system logs to provide targeted fixes.

---

Verified fixes: step‑by‑step checklist that solves the majority of cases​

These steps are drawn from Riot’s official guidance and corroborated by multiple independent troubleshooting guides and large‑scale community threads. Follow them in order and stop when your problem clears; do not edit BIOS settings unless you’re comfortable and have backups.

• Check Windows system state (quick verification)
• Press Windows key, type msinfo32 and press Enter. Confirm BIOS Mode = UEFI and Secure Boot State = On.
• Press Windows key, type tpm.msc and press Enter. Confirm Specification Version = 2.0 and Status = The TPM is ready for use where applicable.
• Confirm VGC service state
• Open services.msc, locate VGC, right‑click → Properties, set Startup type = Automatic, and start/restart the service. Reboot and test Valorant. Many users reported immediate success after ensuring VGC runs.
• Toggle Secure Boot mode in UEFI if Secure Boot appears enabled but Vanguard still complains
• Some motherboards (Gigabyte, ASUS, MSI) require toggling Secure Boot Mode from Standard to Custom and back, or temporarily disabling CSM (Compatibility Support Module), then restarting without saving on a specific prompt, as documented in community threads. This odd BIOS dance mitigates certain OEM firmware states that report Secure Boot incorrectly. Warning: BIOS options vary widely; consult your OEM documentation and record current settings before changing.
• Reinstall Vanguard (clean install)
• Uninstall Riot Vanguard from Apps & Features, reboot, then launch Valorant to trigger a fresh Vanguard install. This replaces corrupted drivers and resets the kernel‑level components. Many persistent cases cleared after a clean Vanguard reinstall.
• Repair OS files if system integrity looks suspect
• Run SFC and DISM:
• Open an elevated Command Prompt and run:
• sfc /scannow
• DISM /Online /Cleanup-Image /RestoreHealth
• Reboot and test. Some guides show this resolving cases where Windows reports Secure Boot but kernel interfaces fail to surface consistent states.
• Update BIOS/UEFI and Windows
• Apply the latest motherboard firmware and Windows updates (install cumulative/security updates). Firmware updates frequently include fixes for TPM/ Secure Boot reporting and UEFI compatibility. After firmware updates, re‑verify UEFI/Secure Boot/TMP settings and reinstall Vanguard if required.
• If all else fails: collect logs and contact Riot Support
• Use Riot’s diagnostic/repair tools and submit a support ticket with system info (motherboard model, BIOS version, the Riot log bundles). Riot can analyze attestation logs—these are often necessary for complex driver/firmware mismatches.

---

Practical examples: common user scenarios and fixes​

• Scenario A — Secure Boot shows “Off” in msinfo32: Enter UEFI/BIOS, find Secure Boot and enable it, set Secure Boot Mode to Standard, disable CSM if present, save and reboot. Confirm msinfo32 now shows Secure Boot State = On. Then reinstall Vanguard if Valorant still fails.
• Scenario B — Secure Boot & TPM enabled but VAN9003 persists: Start by ensuring VGC service is Automatic and running; if still failing, reinstall Vanguard, run the Riot Repair Tool as admin, and try toggling Secure Boot Mode (Custom ↔ Standard) followed by reboot cycles. Community fixes repeatedly report success with this sequence.
• Scenario C — occurs after a Windows cumulative update: Check for known regressions and vendor advisories; reinstall Vanguard and update the motherboard BIOS. If the update is known to cause issues, vendors or Microsoft may have published out‑of‑band fixes—apply those before resorting to disabling protections. Forum archives and vendor sites are the most reliable way to confirm a known regression for your specific update path.

---

Risks, tradeoffs, and important cautions​

• Do not disable Secure Boot or TPM as a “hack” to get the game running: these protections are there to defend your system against boot‑level tampering and disabling them undermines system security. Many online “fixes” that suggest switching to legacy boot or turning off TPM are short‑term and increase risk.
• BIOS changes can brick a system if done incorrectly: editing UEFI/BIOS settings or flashing firmware is inherently risky. Back up your settings and follow OEM instructions; consider seeking professional help on unfamiliar boards. Riot’s guidance explicitly warns users about BIOS edits.
• Vanguard runs at kernel level: some users make privacy or security tradeoffs by running kernel‑level anti‑cheat software. Those concerns are outside the scope of fixing VAN9003, but they are real and have been discussed widely. Removing Vanguard will prevent Valorant from running; reinstalling is necessary to play.
• Not all VAN9003 instances are identical: while Secure Boot/TPM is the leading cause on Windows 11 systems, corrupted Vanguard installs, service permissions, and third‑party driver interference are plausible and need different remediation strategies. Collect logs if the problem resists standard troubleshooting.

---

Why this matters beyond gamers: platform and vendor implications​

The VAN9003 saga highlights larger tensions between platform hardening and application compatibility. Windows 11’s insistence on a stronger secure boot and TPM posture is a security win for the platform, but it raises compatibility friction for applications that rely on low‑level drivers and attestation. Enterprises and IT admins should note:

• Update testing and pilot rings are vital: cumulative updates or SSU changes can inadvertently alter how firmware or boot components are reported. Thorough pilot testing on representative hardware is essential. Community analysis and internal forum archives illustrate how broad updates can destabilize third‑party kernel drivers in practice.
• Clear vendor communications reduce support burden: motherboard vendors that document Secure Boot and TPM configuration specifics save users and support teams hours of troubleshooting; the varied behavior across OEMs (Gigabyte vs ASUS vs MSI) was a major amplifier of confusion.
• Anti‑cheat teams and OS vendors need coordinated release testing: kernel‑level software (anti‑cheat, DRM, virtualization drivers) require close coordination with OS vendors for large feature updates. The episode reinforces that such coordination cannot be ad hoc.

---

What to do next: concise checklist for affected users​

• Verify msinfo32 — ensure UEFI + Secure Boot On.
• Verify tpm.msc — TPM 2.0 present and ready.
• Set VGC service to Automatic, start it, reboot.
• Reinstall Vanguard (uninstall → reboot → launch Valorant to reinstall).
• If persistent, run SFC/DISM, update BIOS, update Windows, and then reinstall Vanguard.
• Collect logs and contact Riot Support with full system/BIOS details if unresolved.

---

Conclusion: the VAN9003 episode as a case study​

VAN9003 was not a single, exotic bug but the visible symptom of modern Windows security architecture meeting real‑world firmware/driver diversity and frequent operating‑system changes. Riot’s support guidance, combined with community troubleshooting, converged on a set of repeatable fixes: verify Secure Boot and TPM, ensure VGC is running, reinstall Vanguard, and apply firmware/Windows updates. Those steps resolve the majority of cases, but the incident also exposed the fragility that can occur when kernel‑level components and platform security mechanisms must align across hundreds of OEM firmware variants.
The broader lesson is about coordination: platform vendors, OEMs, and anti‑cheat teams must maintain close compatibility testing and clear communications to avoid knocking users offline. For players, the practical path forward is careful, methodical troubleshooting (and avoiding security‑weakening “shortcuts”). For administrators and OEMs, the call to action is to ensure firmware options and Windows updates are predictable and well documented — because when the boot chain becomes the battleground, fixing gaming errors quickly becomes an exercise in system security hygiene.

---

Source: www .oiv .int. International Organisation of Vine and Wine