neacsafe64.sys
NeacProtect (NetEase anti-cheat) kernel driver
neacsafe64.sys is the kernel-mode driver for NetEase's in-house anti-cheat, branded NeacProtect (also seen as NetEase Game Security). It loads while a protected NetEase game is running and reaches into kernel-visible state a user-mode anti-cheat cannot see. The titles most players encounter it through are Marvel RivalsGameMarvel RivalsOpen plate → and Naraka: BladepointGameNaraka: BladepointOpen plate →, both curated in this guide's processes and games sections.
It is on the public blocklist because of CVE-2025-45737, an improper-access-control flaw disclosed in 2025: by sending crafted commands to the driver, a local user could escalate to SYSTEM and run code in kernel space. NetEase fixed it in driver version 1.0.0.8. The lesson is the same one the Genshin driver (mhyprot2.sysDrivermhyprot2.sysGenshin Impact anti-cheat kernel driverOpen plate →) taught a cycle earlier: a shipped kernel anti-cheat is itself a kernel-level attack surface, so a flaw in it becomes a local privilege-escalation primitive for the whole machine, not just the game it protects.
A persistent point of confusion is worth settling. NeacProtect is NetEase's product and is a different driver, from a different vendor, than Tencent's Anti-Cheat Expert (ACE, catalogued as ace-base.sysDriverace-base.sysAnti-Cheat Expert (ACE) base kernel driverOpen plate →), even though both are kernel anti-cheats from large Chinese publishers with similarly framed names. NeacProtect has also historically conflicted with Windows memory-integrity protection (Core Isolation / HVCI), which some players had to disable for a protected game to launch.
If you have a current NetEase title installed and patched, the driver is expected while you play. Keep the game updated so the driver is past the CVE-2025-45737 fix (version 1.0.0.8 or later). If you find NeacProtect components after uninstalling every NetEase game you play, the kernel service may persist; check Windows services and remove it if you no longer need it.
neacsafe64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “neacsafe64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/neacsafe64-sys
