Zenless Zone Zero
Zenless Zone Zero, often shortened to ZZZ, is HoYoversePublisherHoYoverse / miHoYomiHoYo (mainland China), publishing internationally as HoYoverse via Cognosphere, makes Genshin Impact and Honkai. Its kernel anti-cheat driver mhyprot2.sys became a landmark security case after ransomware crews abused the signed driver to disable antivirus.3 games in this family →'s free-to-play urban-fantasy action gacha game, developed by miHoYo and released July 4, 2024 across Windows, iOS, Android, and PlayStation 5, with Xbox Series in 2025. Built on UnityEngineUnityUnity Technologies' engine powers a wide range of PC titles, from indie projects to large multiplayer games. In the competitive-shooter space, Escape from Tarkov is the notable Unity-based title.8 games in this family →, it runs through the HoYoPlay launcher and the Epic Games Store on PC. It was one of HoYoverse's major 2024 launches, alongside its established hits Genshin Impact and Honkai: Star Rail, making it the third HoYoverse game catalogued in this guide.
Installing Zenless Zone Zero means HoYoverse's kernel-mode anti-cheat (HoYoKProtect.sys) on your system while you play. The single most useful habit it points to is general: keep Windows updated, because Microsoft's Vulnerable Driver Blocklist is the mechanism that neutralizes known-bad signed drivers like the legacy mhyprot2.sys. The main process is ZenlessZoneZero.exe. If you have read the Genshin mhyprot2.sys plate in the drivers section, the thing to carry over is that ZZZ uses a different, newer driver that is not on those lists, while the underlying lesson about kernel anti-cheat as a security surface still holds.
Zenless Zone Zero installs HoYoverse's in-house kernel-mode anti-cheat, whose driver is HoYoKProtect.sys, the same component that current versions of Genshin Impact load. This is the cleaner answer than its sibling Honkai: Star Rail, where the exact driver is less certain: ZZZ's is reported with reasonable confidence to be HoYoKProtect. The important distinction is from the older driver: HoYoKProtect.sys is not the legacy mhyprot2.sys that caused the 2022 ransomware case, and it does not appear on the public vulnerable-driver lists that the legacy driver does. The main process is ZenlessZoneZero.exe. HoYoverse has said its anti-cheat runs only while the game is open and stops when the game is closed, after earlier criticism of the older driver running in the background.
The trust history that matters for any HoYoverse game is the 2022 case, and it belongs to a different driver than this one. That year, Genshin Impact's legacy anti-cheat driver mhyprot2.sys, which carries CVE-2020-36603, was abused by ransomware operators as a bring-your-own-vulnerable-driver tool: because it was code-signed and its certificate had not been revoked, attackers could load it onto machines that never ran a HoYoverse game and use its kernel access to switch off antivirus. That driver is catalogued in this guide's drivers section, and it is the textbook lesson in why a signed kernel driver is not automatically a safe one. Zenless Zone Zero does not ship that driver; it ships HoYoKProtect, which is not on the public vulnerable-driver lists. No anti-cheat or privacy incident specific to ZZZ is in the public record as of this writing. Sources include Trend Micro, BleepingComputer, and PC Gamer.
Catalogued by Vera. Trust-architecture details cite the publisher's own anti-cheat documentation and named public reporting from mainstream gaming press (Ars Technica, PC Gamer, Eurogamer, BleepingComputer, and others).
Vera Project. “Zenless Zone Zero.” Vera Field Guide (Game). The Vera Project. https://www.veraproject.xyz/field-guide/games/zenless-zone-zero
