@incapaz is right with this one, if you are targeting one form of DEX being a Gui they will simply do it another way.
You would be better off addressing the ability to change workspace rather than the means. At the end of the day if your scripts are secure it wont matter if they can see what’s in the workspace.
All of which should be done on the server side of things.
A few things to help you secure your scripts if you haven't already.
Detect where a module is running from, if a module is running on the client then ban them on the spot.
Use pcalls on remote events, this way if they cause certain errors or fire it with nothing you know they are exploiting.
Put player inputs into values that are read by the server to take the client out of the equation with most scripts.