Antiviruses do this, so do lots of other bits of software like those you mentioned.
Either they actually do basically rootkit the machine and break functionality, which is a huge "fuck you" to everyone and may actually require people manually enter exceptions in AV software, or they settle on the non-functional but "scary sounding" protections every other game uses.
This is a fight that has been long since over, not that people don't still try. I spent a lot of time working around anti-cheats in various games over a decade ago. PB was a fun one, C-D thought it was clever, there were jokes like CMN's "anti-cheat", and other games that had things like nProtect GG. Some went so far as to actually use packers, hilariously some used UPX while others used things like Themida. There was one of these things that actually injected a rootkit into every running process (and thus required administrative permission) to disallow you from killing the game's process or even accessing the memory of it. Of course this was hilarious when the game would hang as you expect with buggy software, and the only way to actually kill the process was to restart or do it from ring0. I thought that was a pretty fucked up thing. It was trivial to bypass though, and I forget the specifics, but you could actually start the game or anti-cheat with the main thread frozen and inject whatever code you wanted that then had privileged access before resuming it. I thought when I did that "I'm 15 years old and in 10 minutes I've bypassed what some team probably took months to build." I did get a bit frustrated with my lack of knowledge when much more capable packers were used, but some people did nothing but break these things (and would break new versions in minutes). It was pretty fun to debug, work around all the protections, find the real code, then reconstruct the executable so it would run without the protections, but handling VMs needed programmatic debugging which was a bit more than I was capable of dealing with back then.
As expected we eventually were gifted ring0 anti-cheats (though most remain ring3), so cheats went there too, and when I stopped caring as much about that scene, some really clever hooking methods were being devised as well as hypervisor based cheats. There's no winning this fight for the anti-cheats, so the real solution is to detect whatever behavior you don't want on the server, where they have no access. The client-side anti-cheat is more of a deterrent, and it turns out nobody really tries to make cheats very hard to detect in this manner, most players can visibly tell almost instantly if someone is cheating just by observing them briefly. Not to say that ring0 cheats were hard to detect, I made a proof of concept in about 20 minutes that detected all but 1 of the existing public ring0 cheats for CS at the time -- they all modified a specific struct in memory, and that modification was present even in ring3 cheats, so I generally wondered what those anti-cheat developers were doing most of the time.
Either they actually do basically rootkit the machine and break functionality, which is a huge "fuck you" to everyone and may actually require people manually enter exceptions in AV software, or they settle on the non-functional but "scary sounding" protections every other game uses.
This is a fight that has been long since over, not that people don't still try. I spent a lot of time working around anti-cheats in various games over a decade ago. PB was a fun one, C-D thought it was clever, there were jokes like CMN's "anti-cheat", and other games that had things like nProtect GG. Some went so far as to actually use packers, hilariously some used UPX while others used things like Themida. There was one of these things that actually injected a rootkit into every running process (and thus required administrative permission) to disallow you from killing the game's process or even accessing the memory of it. Of course this was hilarious when the game would hang as you expect with buggy software, and the only way to actually kill the process was to restart or do it from ring0. I thought that was a pretty fucked up thing. It was trivial to bypass though, and I forget the specifics, but you could actually start the game or anti-cheat with the main thread frozen and inject whatever code you wanted that then had privileged access before resuming it. I thought when I did that "I'm 15 years old and in 10 minutes I've bypassed what some team probably took months to build." I did get a bit frustrated with my lack of knowledge when much more capable packers were used, but some people did nothing but break these things (and would break new versions in minutes). It was pretty fun to debug, work around all the protections, find the real code, then reconstruct the executable so it would run without the protections, but handling VMs needed programmatic debugging which was a bit more than I was capable of dealing with back then.
As expected we eventually were gifted ring0 anti-cheats (though most remain ring3), so cheats went there too, and when I stopped caring as much about that scene, some really clever hooking methods were being devised as well as hypervisor based cheats. There's no winning this fight for the anti-cheats, so the real solution is to detect whatever behavior you don't want on the server, where they have no access. The client-side anti-cheat is more of a deterrent, and it turns out nobody really tries to make cheats very hard to detect in this manner, most players can visibly tell almost instantly if someone is cheating just by observing them briefly. Not to say that ring0 cheats were hard to detect, I made a proof of concept in about 20 minutes that detected all but 1 of the existing public ring0 cheats for CS at the time -- they all modified a specific struct in memory, and that modification was present even in ring3 cheats, so I generally wondered what those anti-cheat developers were doing most of the time.