When a player is connected to a VAC-secured server (denoted by a security badge and the letter V in the server browser), the VAC system checks if any foreign processes are hooked into the player's local game binaries. If the VAC check finds a positive ID for any possible cheating tool, the offending player's Steam account is then permanently banned from all VAC-secured servers after a variable amount of time.
Valve Anti-Cheat will not detect content hacks such as invisible wall textures or bright-colored player models. Server admins that wish to block such activity will need to run a pure server.
Valve Anti-Cheat is a shared element of the Source engine; thus, it is supported by any Source-based multiplayer game.
For server admins that wish to use VAC, you should run your server with the
-secure command line parameter. If you are using the Steam srcds frontend, make sure that the Secure (Valve Anti-Cheat) option is checked.
As a developer there are situations in which you may legitimately wish to inject code into the application process of a game that uses VAC and/or Trusted Mode. In this case you need to ensure that your code injection only takes place when and if the game client application is operated in the appropriate mode in order to avoid the user receiving a ban. Check with the game’s documentation to find out what, if any, settings have to be applied.
Code Injection in CS:GO
If the code you wish to inject is Authenticode signed the CS:GO game client has to be run in “Allow Third Party Software” mode; for any other code the CS:GO game client has to be run in “Insecure” mode.