Valve Anti-Cheat

Valve Anti-Cheat, more commonly known by its acronym VAC, is a proprietary anti-cheat system developed by Valve for use in GoldSrc, Source and Source 2 multiplayer games, as well as many other third-party multiplayer games on various other engines (such as the original COD: Modern Warfare 2 from 2009). Valve Anti-Cheat was introduced in 2002 with the release of Counter-Strike 1.4 and updates to GoldSrc games and engine.

Valve Anti-Cheat is a shared element of the Source engine; thus, it is supported by any Source-based multiplayer game. Not all Source games use VAC however; for example, Apex Legends uses Easy Anti-Cheat (EAC), which is technically superior due to being kernel-based (meaning that it was able to detect hidden cheats/kernel-based cheats), but may be vulnerable to security issues.

List of Games using VAC

There are currently over 100 games that use VAC (both games using non-Valve and Valve engines), according to Steam Store when searching for games with VAC. However some of the list may be incorrect, such as singleplayer games being included on the list, or some games were missing on the list.

GoldSrc

• Counter-Strike
• Counter-Strike: Condition Zero
• Day of Defeat
• Deathmatch Classic
• Half-Life
• Ricochet
• Team Fortress Classic

Note:If the player is VAC banned in one of these GoldSrc games, they will get banned in all of them.

Source

• Counter-Strike: Source
• Counter-Strike: Global Offensive (no longer available)
  • If you receive a VAC ban (for any game) you will no longer have access to the CS:GO and CS2 Store, receive CS:GO and CS2 item drops, or be able to trade CS:GO and CS2 items.
• Day of Defeat: Source
• Half-Life 2: Deathmatch
• Half-Life Deathmatch: Source
• Team Fortress 2
  • If you receive a VAC ban in any Source games (aside from CS:GO, see below), all your items will be removed from your Team Fortress 2 inventory and Steam Support will be unable to restore these items. Additionally, you will no longer have access to the TF2 Store or receive item drops.

Note:If the player is VAC banned in one of these Source games, they will get banned in all of them. But notably, getting banned in Counter-Strike: Global Offensive or Team Fortress 2 will not get you banned from the other games and vice versa.

Bug:VAC is nonfunctional for mods running on the Team Fortress 2 branch which do not have their own Steam AppID. This is not the case for earlier SDKs.

Source 2

• Counter-Strike 2
  • If you receive a VAC ban (for any game) you will no longer have access to the CS:GO and CS2 Store, receive CS:GO and CS2 item drops, or be able to trade CS:GO and CS2 items.
  • Note:Also in CS2, if a cheater was detected by VAC Live, the match will be automatically cancelled.^[1]
• Deadlock
• Dota 2
• Confirm:Does Dota Underlords support VAC?

Note:If the player is VAC banned in one of these Source 2 games, they will get banned in all of them.

Other engines

• See more at Steam Store

Heuristics

Message displayed to a VAC-banned client. Screenshot from Team Fortress 2.

Message displayed on Steam client when the player has been VAC banned.

Early versions of Valve Anti-Cheat before 2005 will ban player for 24 hours (with duration of the ban was increased over time, up to 1 year and 5 years). Since the release of VAC 2.0 in 2005, when a player is connected to a VAC-secured server (denoted by a 🛡 security badge and the letter V in the server browser), the VAC system checks if any foreign processes are hooked into the player's local game binaries. If the VAC check finds a positive ID for any possible cheating tool (like aimbot/wallhack software, OpenGL hack), the offending player's Steam account will be flagged as cheating immediately, but the player will not receive any indication of the detection until after a variable amount of time (usually few days to a week, as Valve wanted to catch many cheaters as possible),^[2] Valve will notified the player that they are permanently banned from all VAC-secured servers. If the player was falsely banned for using software that is not a cheating tool (such as Recording software, overlays, drivers, etc...), or by launching the game with updated game DLLs files which was mistakenly marked as cheating tools/DLL injectors, the player may get unbanned by Valve after Valve investigating the ban, and the software that VAC detects. Valve does not disclose which programs are listed on VAC database, because releasing these information only benefit cheat developers.

One example of false positive VAC bans, in this case with COD: Modern Warfare 2, due to DLL files being updated by Steam after it was loaded by the game, over 12,000 players were banned. These bans have been revoked and those who got affected by the ban have been gifted Left 4 Dead 2 for free by Valve, plus one to send as a gift to friends. Another one in 2023, affects most AMD Radeon 7000 series graphics card users with "Anti-Lag/+" feature enabled, which results in false VAC ban in Counter-Strike 2 and other games such as Apex Legends (though it uses EAC). This issue was partially resolved with the updated AMD driver, which temporarily disabled the "Anti-Lag+" feature, and both developers of the affected games above have reversed all bans related to the Anti-Lag+.

Valve Anti-Cheat will not detect content hacks such as invisible wall textures or bright-colored player models. Server admins that wish to block such activity will need to run a pure server.

Using VAC

For server admins who wish to use VAC, you should run your server with the -secure command line parameter. If you are using the Steam srcds frontend, make sure that the Secure (Valve Anti-Cheat) option is checked.

Code Injection

As a developer, there are situations in which you may legitimately wish to inject code into the application process of a game that uses VAC or Trusted Mode. In this case, you need to ensure that your code injection only takes place when and if the game client application is operated in the appropriate mode to avoid the user receiving a ban. Check with the game’s documentation to find out what, if any, settings have to be applied.

Code Injection in CS:GO & CS2

If the code you wish to inject is Authenticode signed, the CS:GO and CS2 game client has to be run in “Allow Third Party Software” mode; for any other code the CS:GO and CS2 game client has to be run in “Insecure” mode.

VAC Errors

Message displayed to a system which fails to enable Valve Anti-Cheat, or prevent Valve Anti-Cheat from working. Screenshot from Counter-Strike: Source.

Aside from VAC Ban, if there are any issues with your operating system, hardware, or other issues that prevent Valve Anti-Cheat from working, the game will simply disconnect and preventing users from connecting to secure severs until the problem is fixed.

List of VAC errors

This issue means that some third-party software (and corrupt Windows/Mac/Linux installation), interfering with the game or Steam client. To solve this problem, try to uninstall or exit any software that interferes with Valve Anti-Cheat, restart your computer, repair Steam service, verify your game files, restore boot settings, or repair system files. If these fixes doesn't solve the problem, try to reinstall Windows (or other operating systems).

Game ban vs. VAC ban

Sometimes, a player may only get banned from a single game instead of all VAC games. This is because they received a game ban, which is not the same as a VAC ban. A game developer or moderator usually initiates game bans that will only restrict features of one specific game (e.g. Overwatch in CS:GO and/or Counter-Strike 2, aswell as Team Fortress 2 (since June 2024) gave out game bans and not VAC bans). VAC bans can only be given by VAC (automatically) or Valve employees.

External links

•  Valve Anti-Cheat on Wikipedia
• Steam Support - I've been VAC banned

References