Not really, they can just use ScriptContext to determine how long can basescripts run without yielding and disable basescripts entirely by setting ScriptsDisabled to true then start disabling scripts one by one.
You would need one on the server and the client.
The server can access all players localscripts. This means you can get all players and check for their antiexploit, should it not have one or its disabled, then ban the player.
Under no circumstance should your anti-exploit be offline. The local script on the player can check the players inputs and speeds and fire the server if anything wrong. The server will ensure that all players have their anti-exploit and that they are sane.
They cannot disable server scripts. This means that if they tamper with their local anti, they get banned.
1 Like
You would need remote events to check if their anti exploits are enabled or not because property changes of a script (local or server, it does not matter) doesnât replicate to server if itâs done on client (this also includes the Disabled property), and if you use remote events they can surely find a way to fake the responses by reading the code inside the anti exploit localscripts and running a code that can respond like an anti exploit would based on the code they decompiled from an anti exploit.
Unless you somehow manage to find a way to create a check that only the actual anti exploit localscript can respond to properly, your idea will not work.
Also no, server can not access all the localscripts. It canât access the ones inside Player.PlayerScripts because those ones donât replicate.