How Do I Set Up RawCheats?

Buy the Raw cheat for your game plus the Raw Spoofer add-on, cold boot Windows, run Raw Spoofer as administrator and enter your spoofer license to randomize 16 hardware identifiers, launch the Raw loader and enter the cheat license, select your game from the dropdown, then start the game via Steam, Epic, or Battle.net. Click Inject in the loader at the main menu and press INSERT in-game to open the overlay.

How Do I Troubleshoot RawCheats Injection Issues?

Most injection issues come from five causes: the game wasn't fully loaded at the main menu when you clicked Inject, the loader caught a paused signature update on the forum status board, Windows Defender quarantined the loader binary, you ran the loader and game at mismatched admin levels, or you skipped the spoofer cold boot. Check the forum status first, then re-run with admin, then verify Defender exclusions. Discord support averages under 10 minutes during waking hours.

How Do I Update RawCheats?

The Raw loader auto-updates on launch. When you open the loader, it checks our update servers, downloads any patched binaries, and verifies signatures before running. No manual download, no folder management, no executable swaps. Major rebuilds (a full anti-cheat patch response) take 1-3 minutes to download, minor offset updates are instant. If auto-update fails, delete the loader folder and re-download from rawcheats.com using the same license — no extra cost.

What's the Risk of Free Cheats vs Paid Cheats?

Free cheats from sketchy forums commonly bundle Lumma, Vidar, or RedLine infostealer payloads that exfil browser sessions, Steam tokens, crypto wallets, and saved passwords. Microsoft seized 2,300 Lumma command-and-control domains in May 2025 because free-cheat distribution was the primary delivery channel. Free cheats also detect within days because they''re widely distributed. Paid cheats from established providers don''t bundle malware and ship signature-patches within hours of detection. Risk asymmetry is massive.

Does Windows Defender Flag RawCheats? — 2026 Guide

Q: How Do I Exclude RawCheats From Antivirus?

Open Windows Security, go to Virus and threat protection, click Manage settings under Virus and threat protection settings, scroll to Exclusions, click Add or remove exclusions, click Add an exclusion, choose Folder, and select %LOCALAPPDATA%\RawCheats plus your Raw Spoofer install folder. For ESET, Avast, Kaspersky, or Bitdefender, the equivalent path is Settings then Exclusions then Add folder. Restart the loader after adding the exclusion. Microsoft documents this as a supported configuration.

Does Windows Defender Flag RawCheats?

Sometimes. Windows Defender's heuristic engine flags many cheat loaders, including legitimate overlay software, because they share API patterns with malware — process attach, memory read, synthetic input. RawCheats binaries are clean (no info-stealer payload, no token grabber, no clipboard hijack), but Defender doesn't differentiate. The fix is a folder exclusion for your RawCheats install path, which Microsoft documents as a supported scenario. Don't disable Defender entirely; the exclusion is enough.

RawCheats Anti-Cheat Research Team — Anti-Cheat Research TeamUpdated May 12, 2026

Windows Defender flagging a cheat loader is normal and expected. The Microsoft Defender heuristic engine scores executables on behavioral patterns — process attach, memory reads, synthetic input generation, network beacon-like traffic — that overlap with malware regardless of intent. Steam overlay, Discord overlay, Nvidia GeForce Experience, OBS, and dozens of legitimate tools have all triggered Defender false positives over the years.

What Defender actually sees

Microsoft Defender uses a layered detection stack: static signatures, heuristic analysis, behavior monitoring, cloud-based ML, and the Attack Surface Reduction (ASR) ruleset. Cheat loaders trigger heuristic and behavior rules because they look at running processes, draw overlays via Direct3D hooking, and send input through SendInput. None of these are malicious on their own — the same techniques power streaming software — but the combination is statistically correlated with credential theft tools.

What RawCheats binaries don't do

We don't run info-stealer payloads, credential grabbers, clipboard hijacks, browser session exfil, or wallet pivots — the things free cheats from sketchy forums genuinely do. Microsoft seized 2,300 Lumma Stealer command-and-control domains in May 2025 because free-cheat distribution channels were a primary delivery vector for those payloads. RawCheats binaries are clean — the issue is that Defender heuristics can't tell that apart at the file level.

The fix — folder exclusion

Microsoft documents Defender exclusions as a supported configuration. Add a folder exclusion for %LOCALAPPDATA%\RawCheats and the spoofer's install folder. Defender will skip those paths entirely. See how do I exclude RawCheats from antivirus for the step-by-step.

Why we don't sign loader binaries

A standard Authenticode signature would solve Defender false positives, but it also produces a signed binary that anti-cheat vendors can blacklist by signature. Code-signed cheat loaders get blacklisted faster than unsigned ones — the exact opposite of the safety goal. The trade-off is worth it: a one-time exclusion versus a permanently-burnable certificate.

Don't disable Defender entirely

Disabling Defender is the wrong fix. It removes baseline protection against unrelated threats (Office macros, drive-by browser exploits, USB autoplay), which is real risk you don't need to accept. Folder-level exclusions limit Defender's scope only inside the RawCheats path. The rest of your system stays protected.

Third-party antivirus

ESET, Avast, Kaspersky, Bitdefender, Malwarebytes all behave the same way as Defender — heuristic flagging on cheat loaders is universal. Each one supports folder exclusions in its UI. Your cheat folder needs the same exclusion in every AV product you run.

Stream-watching Defender during sessions

Defender's Cloud-delivered protection setting (the cloud-based ML component) occasionally re-evaluates files. After a loader update, a previously-clean binary can be flagged for a few hours until the cloud sample updates. If injection suddenly fails post-update, check Defender Protection History — recently quarantined items often show up there. Restore and re-add the exclusion if needed.

EAC/BattlEye relationship to Defender

Easy Anti-Cheat and BattlEye don't read Defender's quarantine list as a detection signal. They scan the live process space at runtime, not Defender's log. So having binaries in a Defender exclusion folder doesn't bias the anti-cheat detection one way or the other — it just keeps Defender out of your install workflow.

For exclusion setup steps see how do I exclude RawCheats from antivirus. For free-cheat malware risk see free vs paid cheats and the Microsoft Lumma takedown.