Regarding Rootkit Ant-Cheats

https://areweanticheatyet.com/ - A great resource for checking games, this curator doesn't have everything!

"A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed and often masks its existence or the existence of other software."

Many online games are using anti-cheat programs that act like spyware and pose a big risk to your computer's security (as shown with Genshin Impact's Anti-cheat being used as a vector for ransomware[www.trendmicro.com]), and is a huge breach of privacy. These anti-cheats are installed with the games, usually without your permission, and when running, act like spyware by logging your keystrokes and scanning your active processes. What makes them rootkits is the fact they all act with admin permission, meaning they can terminate processes, write and read files, and do just about anything you can do.

These programs sometimes aren't always uninstalled with the game and can remain on your system.

- Remove by deleting the game and this file: C:/Windows/xhunter1.sys

- The xhunter1.sys service is hidden because it is installed on a kernel level.
- XIGNCODE3 is a keylogger.
- XIGNCODE3 can see every file you have accessed within the last 48 hours, including the filepaths.

-Remove by deleting the game, and nppt9x.vxd & npptNT2.sys in either C:/Windows/System32 or C:/Windows/SysWOW64

-GameGuard is a keylogger.
-It monitors the entire memory range
-Can terminate processes defined by the developer

Wikipedia article on GameGuard[en.wikipedia.org]

(from Zullfix's review of VRChat)

What EAC has done in the present/past:

- Take routine snapshots of the user's desktop/video buffer

- Scan all processes running on user's machines

- Kill or try to kill all "unknown" or "untrusted" or "unregistered" running processes (including homemade processes)

- Locate the files of "unknown" or "untrusted" or "unregistered" processes and upload them to Epic's servers

- Scan the user's C:\Users\ folder and appdata folder

- Stop users from launching the game if Windows fails to install/update itself "correctly" (google "easyanticheat UNEXPECTED-KERNEL-MODE-TRAP", though epic tries to censor this issue)

- Stop device drivers that are "unknown" or "untrusted" or "unregistered" from running (including homemade drivers)

Did some research and found this, it is using a kernel-level driver, requires certain BIOS settings and requires you to disable Hyper-V, so I'd stay far away from it, that's very intrusive.

https://support.faceit.com/hc/en-us/articles/9394666828188-What-is-FACEIT-Anti-cheat-and-how-does-it-work-