AACGUARD changelog

Split AACGUARD into a proper client–server architecture with a new ASP.NET Core API on your Debian host, moved all scan writes from the desktop into a central MySQL backend, and wired the Windows client to submit scans over HTTP so users never touch the database directly while you keep full control and observability on the server.

• Upgraded scan flow – Cleaned up how scans run and finish so every session now produces a consistent status, score and detection count without changing how players use the app.[web:7]
• Richer evidence per scan – Standardized what AACGUARD records (game process, exit state, browser checks, operations JSON and detailed logs) so each scan has clearer, more useful history behind it.[web:7]
• Advanced cheat detection logic – Refined and extended existing detection code to better catch loaders, injected modules and suspicious behaviour patterns while staying focused on cheats instead of harmless background apps.[web:7]
• Secure API-backed saving – Moved all database writes behind a dedicated ASP.NET API, removing direct DB access from the client and making stored scans harder to spoof or tamper with.[web:7]
• More robust error handling – Improved how the app reacts when saves fail or the backend is unreachable, showing clearer messages instead of low-level database errors.[web:7]

Refined the desktop UI with a new footer, legal copy and upgrade controls, added a server-backed self-integrity gate, enforced admin-only startup, and introduced a detailed post-scan summary so every run ends with a clear, auditable report.

• Server‑driven integrity JSON – New IntegrityHelper downloads aac_hash.json, computes the running EXE’s SHA‑256, and only considers the client valid when it matches the hash configured on the AACGUARD backend.
• Integrity‑gated DB writes – SaveScanToDatabase now calls VerifySelfIntegrity() before version checks or inserts, aborting scans with a clear “executable modified or corrupted” message instead of silently proceeding.
• Admin‑only startup gate – The WPF App class checks for elevation on OnStartup and shuts down immediately with guidance if AACGUARD is launched without Administrator rights.
• End‑of‑scan popup report – After a successful transaction commit, the client now shows a detailed MessageBox summarizing player info, final status, total checks, detections, score, and every OperationResult entry.
• Cfg file listing in summary – The new report also lists all captured cfg files per scan and marks userdata configs, making it easier to connect suspicious cfg evidence with concrete file names on the client side.
• Legal-aware footer – The main window now includes a compact footer with inline links to Terms, Privacy Policy and the EULA, keeping legal context visible without cluttering the primary scan surface.
• Quick access links – Dedicated buttons for the AACGUARD website, upgrade/download page and official Discord are exposed directly in the UI, so users can update, read docs or get support without hunting for URLs.

Tightened AmCache/ShimCache, AppData and shortcut heuristics to focus on real cheat loaders and cfg evidence while aggressively suppressing noisy system/runtime artifacts.

• AmCache focus – Amcache scanning now extracts the filename and only flags hits when it matches exact cheat or loader names, ignoring generic paths and benign Java/OpenJDK entries.
• ShimCache focus – ShimCache/AppCompatCache parsing was aligned with AmCache: filenames are matched against the same cheat/injector lists and are skipped entirely if they fall under whitelisted paths.
• AppData hardening – The AppData walker normalizes paths before whitelist checks and adds specific rules for Autodesk Inventor/ODIS temp DLLs, dramatically reducing “Suspicious file in AppData” noise.
• Shortcut sanity – Shortcut scanning now works on the base .lnk name with the central cheat-name matcher instead of raw substrings, so legit apps like Shotcut no longer trigger weak detections.
• Cfg evidence – The cfg inspector reports all matching cheat, search, and HVH keywords per file instead of stopping at the first hit, giving admins a fuller picture of how a config was tuned.
• Scoring hygiene – Internal scoring and whitelist use were refactored so system DLLs, game launchers, Java runtimes and other known-safe components stop inflating scores or flipping scans to CHEAT DETECTED on their own.

Extended the admin panel with deep CS:GO cfg inspection, safer IP masking for screenshots/logs, and a per-user scan history view to make manual triage much faster.

• CFG browser – Scan view now lists all collected CS:GO cfg files split into default and unknown/non-default sets, mirroring the client-side classification.
• Popup viewer – Each cfg entry has a View action that opens a Tailwind-styled modal and shows the stored cfg content directly from the database without leaving the scan page.
• Safe transport – A dedicated cfg_view.php endpoint returns only cfgs that belong to the current scan/user, preventing arbitrary path access and keeping cfg content scoped to legitimate records.
• IP masking – Public IP masking logic was updated to a custom per-octet pattern (e.g. 11.11.11.11 → 1*.*1.11.1*) that is stable for admins but hides enough detail for sharing screenshots/logs externally.
• Consistency – The same masked IP format is now surfaced in the admin scan view, so operators always see exactly what the client reported without exposing the full address.
• User history – The bottom of the scan page now shows a compact table of other scans for the same user (time, status, score, detections, game process), with the current scan highlighted.
• Fast navigation – Each historical entry links back into scan_view.php, making it trivial to hop between suspicious scans for the same account during investigations.
• Admin UX – Layout widths were slightly relaxed and tables made horizontally scrollable so cfg paths and process names remain readable even on narrower screens.

Refined how AACGUARD interacts with Windows forensic artifacts, especially AmCache, to improve robustness on locked systems while keeping detection logic unchanged.

• Improved – AmCache scanner now always works on a temporary copy and never touches the live hive directly, reducing the chance of unnecessary file locking and access conflicts.
• Hardened – Added a dedicated TryReadAmcacheHive helper that uses maximal safe sharing flags and gracefully handles the “file in use by another process” condition instead of crashing the scan.
• Resilient – When AmCache is exclusively locked by the OS, AACGUARD now reports a clear, non-fatal warning and continues the rest of the scan instead of treating it as a hard failure.
• Future-ready – Internals refactored so a Volume Shadow Copy (VSS)-based reader can be plugged in later without changing the detection rules or UI text for AmCache.
• Safety – Confirmed that AmCache access is performed via standard read-only file I/O patterns commonly used by DFIR tools, avoiding invasive kernel tricks that could resemble cheat behavior to third-party anti-cheats.
• Versioning – Added real versioning compatibility!
• Limits – Daily per-user scan cap is enforced more cleanly, with a clear client-side message when the 5 scans/day limit is reached instead of a silent failure.
• UI polish – Admin panel scan view shows masked IP and additional environment details (browsers used, game exit status) for quicker manual triage.

Focused on detection reliability, exact-name matching, and consistent scoring across all forensic modules.

• New – Exact-name scoring system (ExactNames) for known cheats; matching names now add +1000 to the score and instantly trigger CHEAT DETECTED.
• Expanded – Exact-name logic wired into Prefetch, BAM, MUICache, CS:GO/CS2 folders, Downloads, Desktop, Recycle Bin, USB traces, Amcache, Shimcache, and RunKeys.
• Updated – Processes and modules scanner so both process names and loaded modules participate in exact-name and fuzzy detection rules.
• Improved – Browser history engine with better multi-profile support for Chromium/Firefox-based browsers and clearer separation between cheat sites and cheat-search queries.
• Tuned – Centralized verdict rule around Score >= 999 for hard CHEAT DETECTED, while keeping weaker signals in SUSPICIOUS.
• Stability – Hardened error handling for locked/denied files so scans complete even when some locations are inaccessible.

First version that connects the Windows client to the live AACGUARD web panel with real-time stats.

• Added – Dashboard stats: total scans, unique players, total flags, last 24h detections, and last scan timestamp from the scans table.
• Added – Detected-players listing with verdicts and basic scan metadata for server admins.
• Improved – Logging format so each scan is consistently tied to Steam ID and verdict on the panel.
• Fixed – Client startup issues on some Windows 10 setups where scans could fail silently.
• UI – Landing page hero now shows live stats and last 24h detections instead of placeholder numbers.

First public Windows client and PHP/MySQL panel release for community testing.

• Added – User-mode Windows client designed to be VAC-safe.
• Added – Core forensic checks for CS:GO / CS2 (configs, game directories, basic file traces, processes).
• Added – Score-based verdict system with CLEAN, SUSPICIOUS, and CHEAT DETECTED outcomes.
• Added – PHP/MySQL backend storing scans with Steam ID, scan time, and verdict.
• UI – First AACGUARD landing page with download CTA and “how it works” explanation.