← All drivers
vulnerable
Driver

bedaisy.sys

BattlEye kernel-mode minifilter driver

From BattlEye Innovations GmbH
Part of the BattlEye family
Status
On a known-vulnerable list
Known variants
1 distinct hashes
Field notes

bedaisy.sys is the kernel half of BattlEye, the anti-cheat from BattlEye Innovations GmbH (Reutlingen, Germany). It is the kernel companion to the user-mode siblings already curated in the Field Guide: BEService.exe (the Windows service that brokers between the kernel and BattlEye's servers) and BEClient.exe (the per-game client component).

The driver is dropped and loaded on demand as a minifilter when a protected game launches, and unloaded again when the game closes. You will only see it on the system while a BattlEye-protected title is actually running. Games covered include Rainbow Six SiegeGameRainbow Six SiegeOpen plate →, PUBG: BattlegroundsGamePUBG: BattlegroundsOpen plate →, Escape from TarkovGameEscape from TarkovOpen plate →, DayZ, ARMA, Squad, War Thunder, Dune: Awakening, and many others.

No CVE has been assigned as of this writing. The driver is on the public LOLDrivers list under a SHA-256 first reported in April 2023, catalogued for the kernel access surface a load-on-demand anti-cheat minifilter requires.

If you see bedaisy.sys on your system without a corresponding BattlEye-protected game running, or if it persists after every BattlEye game is closed, that is the signal worth looking at, not the file itself. The driver is signed by BattlEye Innovations directly; updates flow with whichever game launcher manages your BattlEye install.

What the record shows

bedaisy.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.

What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “bedaisy.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/bedaisy-sys