← All games
Kernel anti-cheat, loads with game
2eb2·b785·2bb2
Game

Genshin Impact

Engine
Platforms
PC (HoYoPlay), Epic Games Store, PlayStation, iOS, Android, Xbox
What this game is

Genshin Impact is HoYoversePublisherHoYoverse / miHoYomiHoYo (mainland China), publishing internationally as HoYoverse via Cognosphere, makes Genshin Impact and Honkai. Its kernel anti-cheat driver mhyprot2.sys became a landmark security case after ransomware crews abused the signed driver to disable antivirus.3 games in this family →'s free-to-play open-world action RPG, released globally on September 28, 2020 and built on Unity. It is developed by miHoYo (mainland China) and published internationally by Cognosphere under the HoYoverse brand. It runs on its own PC launcher and the Epic Games Store, plus PlayStation, mobile, and (since 2024) Xbox, and has been one of the highest-grossing games in the world since launch.

What a thoughtful gamer should know

If Genshin Impact is installed, expect mhyprot2.sysDrivermhyprot2.sysGenshin Impact anti-cheat kernel driverOpen plate → at the kernel level while you play. Because the driver is signed and loads independently of the game, its presence is exactly the kind of thing this guide exists to make legible: open the mhyprot2.sys plate to see why a signed driver still matters. If you uninstall Genshin, confirm the anti-cheat service is gone rather than assuming it.

What installing this does to your system
kernel · with gameLoads a kernel-level driver while the game runs, then unloads it when you quit.

Genshin Impact installs miHoYo's kernel-mode anti-cheat, whose Windows driver is mhyprot2.sys (catalogued in this guide's drivers section). The driver runs at the kernel level, with the deep access that implies. Two facts make it notable. At the 2020 launch the anti-cheat kept running after the game was closed, and even after it was uninstalled; following backlash, miHoYo changed it to run only while the game runs. And the driver is signed and independent of the game, which is exactly what made it dangerous beyond Genshin. The game executables are GenshinImpact.exe (international) and YuanShen.exe (the Chinese client).

Publisher track record

mhyprot2.sys is one of the clearest real-world cases of why a signed kernel driver is not a safe kernel driver. In 2022, ransomware operators used it as a bring-your-own-vulnerable-driver tool: they dropped the legitimately-signed Genshin anti-cheat driver onto target machines, loaded it, and from kernel mode disabled antivirus before deploying ransomware. Genshin Impact did not need to be installed for the abuse to work, and the certificate had not been revoked. Trend Micro published the analysis in August 2022, and BleepingComputer and The Hacker News covered it. As context, miHoYo is a Chinese publisher, part of the broader data-handling conversation around the title, though no specific player-data breach is part of that record.

Driver companions

Kernel drivers this game ships with, catalogued in the Field Guide: mhyprot2.sys.

Process companions

User-mode processes this game ships with, catalogued in the Field Guide: genshinimpact.exe, yuanshen.exe.

What this means, plainly
Vera describes, the reader decides. Every plate in this section documents the trust ask a game is making of your system. Vera does not pick a side on whether that ask is acceptable. The decision is yours; the plate is here so you can make it with eyes open.
Source

Catalogued by Vera. Trust-architecture details cite the publisher's own anti-cheat documentation and named public reporting from mainstream gaming press (Ars Technica, PC Gamer, Eurogamer, BleepingComputer, and others).

Cite this entry

Vera Project. “Genshin Impact.” Vera Field Guide (Game). The Vera Project. https://www.veraproject.xyz/field-guide/games/genshin-impact