Should I Run a Spoofer Before Every Session?
Yes, every session if you have ever been hardware-flagged, and as cheap insurance even if you haven''t. Cold boot Windows, run Raw Spoofer as administrator before opening Steam, Epic, Battle.net, or NetEase. The spoof persists until reboot. Skipping the spoofer means one signature detection bans your hardware permanently across every account on that machine. The 4-second spoof time per session is the cheapest insurance in the cheat workflow.
Running the spoofer before every session is the difference between a clean recovery from a future detection and a hardware-ban that follows you across format reinstalls, motherboard swaps, and fresh accounts. The cost is 4 seconds of spoof time per session. The benefit is permanent hardware-level protection.
What the spoofer actually does between sessions
Raw Spoofer randomizes 16 hardware identifiers per run: SMBIOS UUID, motherboard serial, all SATA and NVMe disk serials, every NIC's MAC address, GPU UUID, MachineGuid, Windows Product ID, Windows install date, RAM SPD strings, USB controller IDs, PCI device IDs, monitor EDID. After running, your PC looks like a different machine to every anti-cheat that reads any of these surfaces.
The session model
Each Windows boot is a session. Inside that session your identifiers are whatever they are — original or spoofed. Reboot resets to the firmware-level original values (the spoof is in-memory only, not persistent). Re-running the spoofer at next boot reseeds new random values.
Skipping the spoofer once
Most users won't get caught the one time they skip the spoofer. But "most" doesn't mean "all" — and the cost of being in the unlucky few is permanent hardware ban that propagates across EAC, BattlEye, Vanguard, NeacSafe, Activision Ricochet, and Blizzard Warden hardware-ban databases. The asymmetry is enormous: 4 seconds of work versus a banned PC for life.
Cold boot vs warm restart
A cold boot (full power-off, then power-on) is necessary because Windows 10/11 Fast Startup hibernates kernel state between restarts. A "restart" via the Start menu doesn't fully unload the previous session's cached identifiers. Anti-cheat telemetry caches SMBIOS reads — running the spoofer after Fast-Startup-restored cache makes the spoof miss the cache hits.
Run-as-administrator requirement
The 16 identifiers Raw Spoofer touches live in protected locations. Running without admin produces a partial spoof — volume serials move, SMBIOS doesn't, MachineGuid doesn't. Anti-cheats see the mismatch (some identifiers fresh, others stale) and that mismatch is itself a flagable signal. Right-click, Run as administrator, every time.
Order of operations
Cold boot to Raw Spoofer (admin) to Raw loader to game launcher. If you open Steam, Epic, or Battle.net before the spoofer runs, the launcher caches your pre-spoof identifiers and uses them for the session — defeating the spoof for that session.
How often is "every session"
Every time you boot Windows and intend to play with cheats. If you boot, play a non-cheat game first, then decide to load cheats — re-run the spoofer first (and ideally cold-boot first). Mid-session loading of cheats without a spoof-cycle is a risk vector.
When skipping is borderline OK
If you boot, spoof, play, alt-tab to a non-cheat game, come back to cheat — the spoof is still active. You don't need to re-spoof between games in the same boot session. The spoofer only needs to run once per boot.
VPN interaction
Run the VPN client AFTER the spoofer. Some VPN clients install virtual network adapters that the spoofer would randomize alongside physical NICs — running the VPN first adds an interface the spoofer didn't randomize, creating a fingerprint asymmetry.
What spoofing does NOT cover
TPM 2.0 endorsement keys, Microsoft Pluton, Ring-3 CPU ID, Microsoft Remote Attestation chains. These are firmware-rooted and unspoofable from user-mode. Most current anti-cheats use these as launch gates, not fingerprint anchors — so spoofing the remaining 16 identifiers covers the realistic attack surface. See can a spoofer beat TPM 2.
Long-term operator habit
The 4-second spoof becomes part of the boot ritual: power on, log in, spoofer, loader, game. Like remembering to plug in your monitor or check your headset volume. Within a week the habit is automatic. Skipping it once you're acclimated feels actively wrong.
For the spoofer install workflow see how do I install Raw Spoofer. For the full HWID picture see the HWID spoofer pillar.
Related Pages
Sources
- About Easy Anti-Cheat — Epic Games
- BattlEye Support FAQ — BattlEye Innovations
- TPM 2.0 Overview — Microsoft
Related Questions
Avoiding bans is layered defense: use a paid cheat (not a free infostealer), run an HWID spoofer on cold boot before every session, configure aimbot and ESP with humanizer at 80-150ms trigger delay and 0.4-0.6 smoothness, play on a separate account from your main Steam or Battle.net, never party with legit friends while cheating, skip stream and replay-shared modes, and watch the forum status board for paused builds. Single-layer defense fails; combined defense survives.
Run Raw Spoofer on cold boot before every cheat session to randomize 16 hardware identifiers (SMBIOS, motherboard serial, disk serials, MAC addresses, GPU UUID, MachineGuid, RAM SPD, monitor EDID). Use a paid cheat (free cheats trigger detections faster). Configure aimbot and ESP with humanizer settings — aggressive tuning gets accounts flagged which can escalate to hardware bans. Don''t run the cheat without the spoofer. The 4 seconds per session is the difference between recoverable and permanent damage.
Cold boot Windows before launching anything, right-click the Raw Spoofer binary and select Run as administrator, paste your spoofer license into the activation field, and click Spoof. The tool randomizes 16 hardware identifiers including SMBIOS UUID, motherboard serial, disk serials, MAC addresses, GPU UUID, MachineGuid, RAM SPD, and monitor EDID in about 4 seconds. Reboot is not required. Launch your cheat loader and game afterward.
Yes, always. Use a new Steam, Epic, Battle.net, or Riot account for cheat play — never your main. Bans cascade across publisher accounts (Overwatch ban affects Battle.net catalog, Marvel Rivals ban kills Naraka and Identity V via NetEase, Arc Raiders ban affects EAC titles like Fortnite/Apex/Rust). Keep the cheat account socially isolated, no friends list overlap with your main, separate email, separate payment method if possible. Account-link bans from 2023+ make this non-negotiable.
Modern anti-cheats fingerprint a composite of 16+ identifiers: SMBIOS UUID, motherboard serial, all disk serials (SATA + NVMe), every NIC''s MAC address, GPU UUID, MachineGuid (Windows registry), Windows Product ID, Windows install date, RAM SPD strings, USB controller IDs, PCI device IDs, monitor EDID, BIOS strings, TPM 2.0 endorsement key (unspoofable from user-mode), CPU ID, and Microsoft Remote Attestation. Raw Spoofer randomizes 13 of these; TPM EK and Pluton are firmware-baked and out of reach.
