Enterprise EDRs and XDRs

The following text only applies to customers that enable Memory Integrity and Assembly protection.

Over the past few years, security solutions that prevent malware have increasingly started using techniques such as hooking and DLL injection to monitor the actions of processes in greater depth. While this can be an effective method for detecting and preventing malware, it can also cause issues for software protection products such as anti-cheats and anti-tampers.

To address this issue, our team actively monitors and ensures that no security solution is flagged as a tampering attempt. We verify modules and only allow reputable security vendors to place hooks or run DLLs in memory, minimizing the potential impact on software protection products.

Although our system will still log tampering found in the process, if it is determined to be coming from a trusted vendor, it will not be raised as an alert (unless specifically enabled in the dashboard). This helps to prevent false positives and ensure that only genuine tampering attempts are flagged and responded to.

False Positives

In the event that a customer experiences a false positive, we recommend reaching out to our support team for assistance.

Our engineers will verify the false positive and push an update as soon as possible to resolve the issue. It is important to note that attackers may attempt to make false reports in order to shift blame and regain access to the application. Therefore, it is always recommended to wait for confirmation from an engineer before taking any action in response to a reported false positive.

Customer Grade Anti Viruses

Standard antivirus (AV) products are generally not prone to this issue, as they do not typically use the level of deep visibility that can cause conflicts with software protection products. However, there are some exceptions, and our team works closely with these AV vendors to minimize any potential impact.

Last updated