What Is NeacSafe Marvel Rivals Anti-Cheat?
NeacSafe is NetEase's in-house kernel-mode anti-cheat used by Marvel Rivals (NOT Easy Anti-Cheat as every competitor blog wrongly claims). Driver file is NeacSafe64.sys, also referenced internally as NEP (NetEase Enterprise Protection) or NetEase Game Security. Closed-source, VMProtect-packed, loads from %TEMP% then deletes itself off disk after kernel load. No DriverUnload routine, no kernel-to-user heartbeat. Independent reverse-engineering published by 0x90.sh in June 2025.
What NeacSafe actually is
NetEase ships its own in-house kernel-mode anti-cheat across its game lineup. The community references it as NeacSafe (driver file name NeacSafe64.sys) or NEP (NetEase Enterprise Protection — internal codename glimpsed in user-mode component NEP_Usermode.dll). Some NetEase support documentation calls it NetEase Game Security. The names are interchangeable; the product is one thing. It is the anti-cheat protecting Marvel Rivals, Naraka: Bladepoint, Identity V, Once Human, and other NetEase titles.
The most-repeated falsehood
Almost every competitor cheat blog (TATEWARE, Battlelog, SkyCheats, ScalaCube, ExitLag) confidently states Marvel Rivals uses Easy Anti-Cheat. This is wrong. Marvel Rivals has never used EAC. The misconception is so prevalent that a vendor naming NeacSafe correctly is the canonical editorial-credibility tell when evaluating Marvel Rivals cheat providers. If your vendor's pitch says "EAC bypass for Marvel Rivals," they have either not done their research or are repurposing EAC-tuned code for a different anti-cheat entirely. The bypass techniques are fundamentally different.
The technical profile
Per 0x90.sh's June 2025 driver analysis and corroborating community reverse-engineering work, NeacSafe's technical signature includes: (1) Closed-source. No published documentation, no open driver internals. (2) Packed with VMProtect 2.x/3.x. Commercial code-obfuscation product. Makes static analysis significantly harder than open-source kernel ACs like EAC. (3) Loads via %TEMP% at game start, then deletes its on-disk copy after kernel load. A forensic snapshot of the disk does not reveal the driver was present. (4) No DriverUnload routine. Cannot be surgically unloaded by standard kernel-driver-unlinking techniques. (5) No kernel-to-user heartbeat. The driver does not require continuous communication with a user-mode service. Both (4) and (5) are unusual design choices that make NeacSafe harder to bypass than vanilla EAC.
What NeacSafe reads for HWID fingerprinting
Per the 0x90.sh analysis and corroborating RE work: SMBIOS UUID + serial + manufacturer + product (standard), motherboard serial, all disk serials (SATA + NVMe), MAC addresses, GPU device UUID, RAM module IDs (when readable from SMBIOS Type 17), MachineGuid, BIOS version. Composite hash sent to NetEase's identification server. The hash is shared across all NetEase games — Naraka: Bladepoint, Identity V, Once Human, Marvel Rivals — so a hardware fingerprint flagged in one game prevents play in all of them.
The cross-NetEase ban risk
The single most under-discussed Marvel Rivals risk in 2026. A ban in Marvel Rivals propagates across the entire NetEase portfolio on the same hardware. If you also play Naraka or Identity V or Once Human on the same machine, those go down with the Marvel Rivals ban. The cumulative cost of a cross-NetEase ban often exceeds the cost of a comparable single-game Steam library ban because the NetEase portfolio has substantial cosmetic / event-pass investment per title. Most spoofer marketing does not address this; ours does.
What NeacSafe does NOT do
It is not EAC. It is not BattlEye. It is not co-developed with Microsoft. Despite Steam community privacy complaints calling it a "rootkit," it operates as a standard ring-0 kernel driver — same architectural pattern as Riot Vanguard, EAC, BattlEye, and other commercial kernel ACs. The "rootkit" framing is rhetorical, not technical. Worth flagging because privacy-conscious users sometimes refuse to install Marvel Rivals citing "Chinese kernel-level anti-cheat" without understanding it is the same kind of software they are already running for any major FPS.
The Steam Deck / Proton caveat
NeacSafe's behavior under Proton (Steam Deck and macOS via Crossover or similar) is occasionally inconsistent. The January 2025 NetEase false-positive wave banned legitimate cross-platform players whose NeacSafe load under Wine / Proton produced anomalous behavior. NetEase publicly apologized and reversed the bans. Even with the Jan 2025 fix, Marvel Rivals is genuinely harder for non-Windows players to use safely. Raw Rivals is Windows-only for this reason — we don't support Proton-based usage.
The buyer implication
A Marvel Rivals cheat tuned for NeacSafe's actual driver behavior (VMProtect-handled, no-heartbeat, no DriverUnload) has long detection windows. A cheat marketing "EAC bypass" is using the wrong techniques and gets caught faster. The first vendor diagnostic when evaluating a Marvel Rivals cheat in 2026 is whether they name NeacSafe specifically and describe their bypass in terms of the actual driver behavior.
Pair this with
The Marvel Rivals Cheats Complete 2026 Guide covers the NeacSafe correction in depth. For the cross-NetEase HWID implications see Marvel Rivals HWID spoofer + cross-NetEase ban. For the in-house product specifically tuned for NeacSafe see Raw Rivals.
Related Pages
Sources
- Bypassing Marvel Rivals NetEase Anti-Cheat — 0x90.sh security research
- Marvel Rivals beta name-and-shame announcement — NetEase / Marvel Rivals
- If It Looks Like a Rootkit — ACM peer-reviewed
Related Questions
The best Marvel Rivals cheat in 2026 is a software external cheat tuned specifically for NeacSafe (NetEase's kernel anti-cheat, NOT EAC as every competitor blog wrongly claims). Required features: role-aware aim assist (Duelist / Vanguard / Strategist), Ultimate Charge tracker, per-hero projectile prediction, and a bundled HWID spoofer covering the 16+ identifiers NeacSafe reads. Cross-NetEase ban risk means one detection takes out Naraka, Identity V, and Once Human on the same hardware.
On March 5-6, 2026, NetEase introduced a permanent-ban policy targeting Marvel Rivals players who take payment from third-party bounty sites to throw matches against streamers. The crackdown also lowered reporting thresholds for AFK and throw behaviors, expanding NetEase's behavioral pipeline. This affects players paid to lose — not players using third-party software to win. Cheat use cases are not in scope; intentional match sabotage is.
Yes. NetEase runs a centralized hardware-fingerprint service across its game lineup. A NeacSafe ban in Marvel Rivals propagates to Naraka: Bladepoint, Identity V, Once Human, and any other NetEase title using NeacSafe — all on the same hardware. This is the single most under-discussed Marvel Rivals risk in 2026. The only practical defense is a current HWID spoofer covering NeacSafe's 16+ readable identifiers before every session.
