Problem: VALORANT (and other Riot games using Vanguard) suddenly blocks players with “VAN: RESTRICTION” and effectively forces a BIOS/UEFI security update many users aren’t prepared to do

Published: 2025-12-30 14:15 (local time)

Quick Summary

Many PC players are being stopped from launching/playing Riot games due to a Vanguard restriction that points at motherboard/boot security requirements.
The restriction is tied to closing a pre-boot / DMA-style security gap that can be exploited to bypass anti-cheat protections.
The “fix” is often not a simple in-game setting: it may require a BIOS update and enabling UEFI-era security features (TPM, Secure Boot, IOMMU, VBS/Memory Integrity).
There’s no universal one-click solution because BIOS menus, naming, and safe procedures differ across ASUS/MSI/Gigabyte/ASRock and laptop OEMs.
Workarounds exist to reduce risk and confusion (verify what’s actually failing, update in the correct order, avoid common BIOS traps), but some users should stop and use professional/official support.

What’s happening

In late 2025, Riot’s Vanguard anti-cheat began enforcing stricter system trust requirements on some PCs, resulting in a “VAN: RESTRICTION” message that prevents players from accessing Riot games. Riot’s own support guidance explains that Vanguard can restrict access when a PC is considered “too cheat-capable,” and specifically calls out motherboard updates as part of closing a “pre-boot gap.”

This has become especially disruptive because updating a motherboard BIOS/UEFI firmware is a high-friction, high-anxiety task: it varies by manufacturer, can fail if done incorrectly, and may require additional configuration (like switching from Legacy BIOS mode to UEFI, then enabling Secure Boot).

News coverage indicates Riot’s move is connected to a motherboard-level weakness that could allow sophisticated cheaters (notably DMA-style approaches via PCIe devices) to bypass protections if IOMMU / pre-boot DMA defenses aren’t properly initialized. Motherboard vendors have issued BIOS updates, and Riot may require those updates to keep playing.

Likely causes (what research suggests)

Outdated motherboard firmware that doesn’t properly enforce early-boot protections: Reporting indicates Riot identified a weakness involving early system initialization that can undermine IOMMU / pre-boot DMA protection, enabling advanced cheating methods unless firmware is patched.
Security features are disabled or not actually active: Riot support repeatedly points players to confirm or enable TPM 2.0, UEFI mode, Secure Boot, IOMMU, and Windows security virtualization features (VBS / Memory Integrity), implying that “installed” hardware isn’t enough if the feature is off.
Legacy boot mode or MBR partitioning blocks Secure Boot: Riot’s guidance notes that if BIOS Mode is “Legacy,” players may need to convert/adjust to meet Secure Boot/UEFI requirements.
Conflicting drivers or system integrity problems: Riot support includes steps like SFC/DISM repairs and calls out incompatible drivers that can interfere with enabling security features or cause instability (including BSODs) when toggled.

Solutions & Workarounds

1) Read the exact “VAN: RESTRICTION” checklist and fix only what it names first

Who it helps: All affected Riot Vanguard users (VALORANT and other Riot titles using Vanguard), especially those overwhelmed by generic advice.

Step-by-step:
- Launch the game to reproduce the error and write down the exact restriction text.
- Follow Riot’s Vanguard Restrictions article and map the message to the minimum required items (for example: “enable Secure Boot” vs. “update motherboard”).
- Do not change unrelated BIOS options “just in case.”
Risks / tradeoffs: Minimal, but you may still need advanced steps later.
Stop and contact official support when: The message is unclear, changes each launch, or you cannot identify your motherboard model reliably.

2) Confirm your current boot/security status in Windows before touching BIOS

Who it helps: Players who believe “Secure Boot is on” (but it isn’t, or Windows doesn’t recognize it), and players trying to avoid unnecessary BIOS changes.

Step-by-step:
- Press Win+R, type msinfo32, press Enter.
- Check BIOS Mode (UEFI vs Legacy) and Secure Boot State (On/Off).
- If BIOS Mode is Legacy, you likely won’t meet Secure Boot requirements without migrating to UEFI (see Solution #4).
Risks / tradeoffs: None—this is read-only verification.
Stop and contact official support when: msinfo32 is inconsistent with your BIOS settings (could indicate platform/OEM quirks or misconfiguration).

3) Update motherboard BIOS the safest “boring” way (correct model, stable power, default settings)

Who it helps: Desktop PC users on ASUS/MSI/Gigabyte/ASRock (and other vendors) receiving the motherboard update restriction.

Step-by-step:
- In Windows, run msinfo32 and record BaseBoard Manufacturer/Product (motherboard model) and BIOS version/date.
- Go to your motherboard vendor’s official support page for that exact model and download the latest BIOS that mentions security/compatibility fixes.
- Use the vendor’s built-in flash tool (commonly accessed from BIOS) and follow their instructions exactly.
- Keep power stable (avoid storms; laptops should be plugged in; desktops ideally on a UPS).
Risks / tradeoffs: BIOS updates can brick a board if interrupted or misapplied. Settings may reset (XMP/EXPO, fan curves).
Stop and contact official support when: You cannot find an exact BIOS for your exact model/revision, your system is unstable, or flashing fails once.

4) If you’re in Legacy mode: move to UEFI properly (don’t just flip a BIOS switch blindly)

Who it helps: Users stuck on “Legacy” BIOS mode who can’t enable Secure Boot as a result.

Step-by-step:
- In Disk Management, confirm whether the OS disk is GPT or MBR (Riot’s article describes checking partition style).
- If you need to convert MBR to GPT, back up important data first (conversion mistakes can prevent boot).
- After conversion, switch BIOS Boot Mode to UEFI, then enable Secure Boot.
Risks / tradeoffs: Highest risk of making Windows unbootable if done incorrectly.
Stop and contact official support when: You’re not comfortable with disk/boot changes, BitLocker is enabled and you don’t have recovery keys, or the PC is mission-critical.

5) Enable the specific security features Vanguard expects (TPM 2.0, Secure Boot, IOMMU, VBS/Memory Integrity)

Who it helps: Players whose restriction message points to one or more security toggles rather than “update BIOS” alone.

Step-by-step:
- In BIOS, enable TPM 2.0 (may appear as “PTT” on Intel or “fTPM” on AMD).
- Enable Secure Boot (ensure it’s in Standard mode if your BIOS offers modes).
- Enable IOMMU (wording varies; Riot provides example paths for some boards).
- In Windows Security, enable Memory Integrity (Core isolation) if required, then restart.
Risks / tradeoffs: Enabling VBS/Memory Integrity can reduce performance in some scenarios; enabling features may expose driver incompatibilities (Riot notes driver conflicts and BSOD possibilities).
Stop and contact official support when: Enabling the feature causes repeated BSODs or the BIOS auto-disables the option after reboot.

6) Repair Windows system integrity if features won’t stay enabled

Who it helps: Users hitting errors/BSODs when enabling security features or whose system state appears corrupted.

Step-by-step:
- Run Windows Update fully.
- Open PowerShell as Administrator and run the SFC/DISM sequence recommended in Riot’s Vanguard Restrictions guidance.
- Reboot and re-check msinfo32 Secure Boot State and required Vanguard settings.
Risks / tradeoffs: Low risk, but can take time; may not fix firmware-level issues.
Stop and contact official support when: DISM/SFC repeatedly fails, or you suspect storage/hardware errors.

Prevention (so it doesn’t come back)

Keep motherboard BIOS reasonably current, especially when vendors publish security-related fixes.
Avoid “custom” Secure Boot configurations unless you know exactly why you need them.
After BIOS updates, re-check that TPM/Secure Boot/IOMMU settings didn’t revert to defaults.
Maintain stable Windows updates and avoid installing sketchy low-level drivers/utilities that could conflict with VBS/Memory Integrity.

FAQ

Q: Is Riot really forcing a BIOS update?
A: Riot support explicitly references “Motherboard Update” as part of addressing a pre-boot gap, and reporting indicates players may be blocked until they apply relevant firmware patches.

Q: Why does an anti-cheat care about my BIOS?
A: The weakness described in reporting involves early-boot / DMA-related protections; firmware is where those protections are configured and enforced.

Q: I enabled Secure Boot but Vanguard still complains—why?
A: Windows may not recognize Secure Boot as active (check msinfo32), or you may still be in Legacy mode, or other required features (TPM/IOMMU/VBS) may be missing.

Q: Is enabling Memory Integrity required?
A: Riot’s restriction guidance includes steps for enabling HVCI/VBS Memory Integrity and troubleshooting when it can’t be enabled, suggesting it may be required for some restricted systems.

Q: Will this affect other games?
A: The news framing suggests this is part of a broader industry “arms race” against hardware cheats, so similar requirements could expand to other competitive games over time.

Q: What if I’m on a laptop?
A: Laptop BIOS updates are OEM-specific. If the update tool is unclear or your laptop is older, use the laptop manufacturer’s support channel rather than a generic motherboard guide.

Q: When is it safer to stop troubleshooting?
A: If you’re about to convert boot modes/partition styles, you don’t have backups/recovery keys, or you can’t confidently match your exact motherboard model, pause and use official support or a professional technician.