Detections

Some detections and frequently asked questions

1) KeyAuth

- Keyauth is a well-know API that provides authentication and security for users who log in. It is aften used by bypassers, cheaters and spoofer.

2) BAM

- BAM takes care of logging recently executed .exe files. Another similar category is Prefetch which the responsible service calls SysMain. Blocking any of these is not recommended, especially BAM. Considered a bypass technique.

3) Lsass and Dnscache

- Lsass and Dnscache keep track of recently connected http and https connections. Very frequent interactions with API appear.

4) Suspetion Files

- Suspetion category contains several suspicious activity techniques. Be vigilant and manually check each .exe found in this category.

5) Unsigned Files

- Cheats, bypasses and spoofers do not have a digital signature or valid signature. You can check in the file properties that it does not have the Unsigned Files Category.

- Because of this, Napse can check recently executed files without a digital signature, or if it does have one, it also checks whether it is valid.

- Many cheats and bypasses are detected in this category as well as in Suspetion. Manually check each detection.

6) Recycle Bin

- Napse will detect if something has been inserted or deleted from the trash with its timestamps.

7) Stopped Services

- In many cases, Napse will identify ISOs of modified Windows systems or abnormalities in the system.

- One of the most basic things that occur due to optimization and obvious reasons for deviation is to pause services from running.

- The main and most important ones that should not be paused are DPS and Sysmain. When you pause these services, you prevent them from generating traces in parts of the system. It is up to you whether you should ban them or not.

To check if a process is stopped, open cmd and type: sc query SysMain sc query BAM

8) PcaClient

- Pcaclient shows the last 9 recently opened executables

Others Detections

- Here I have only included some basic detections for you to know. But our scanner detects several other more advanced and complex detections that depend on greater knowledge to diagnose whether the user is cheating or not.

PreviousCustom-strings NextOthers Tools

Last updated 4 months ago

Detections

Some detections and frequently asked questions

1) KeyAuth

- Keyauth is a well-know API that provides authentication and security for users who log in. It is aften used by bypassers, cheaters and spoofer.

2) BAM

3) Lsass and Dnscache

- Lsass and Dnscache keep track of recently connected http and https connections. Very frequent interactions with API appear.

4) Suspetion Files

- Suspetion category contains several suspicious activity techniques. Be vigilant and manually check each .exe found in this category.

5) Unsigned Files

- Cheats, bypasses and spoofers do not have a digital signature or valid signature. You can check in the file properties that it does not have the Unsigned Files Category.

- Because of this, Napse can check recently executed files without a digital signature, or if it does have one, it also checks whether it is valid.

- Many cheats and bypasses are detected in this category as well as in Suspetion. Manually check each detection.

6) Recycle Bin

- Napse will detect if something has been inserted or deleted from the trash with its timestamps.

7) Stopped Services

- In many cases, Napse will identify ISOs of modified Windows systems or abnormalities in the system.

- One of the most basic things that occur due to optimization and obvious reasons for deviation is to pause services from running.

To check if a process is stopped, open cmd and type: sc query SysMain sc query BAM

8) PcaClient

- Pcaclient shows the last 9 recently opened executables

Others Detections

PreviousCustom-strings NextOthers Tools

Last updated 4 months ago