Originally Posted by
IEvol
Easiest and most simple way to explain it (this is very broken down), imagine each file or cheat having it's own serial number (signature), every executable having a different one. Now VAC finds them serial numbers and adds them to a blacklist, when VAC is running it checks the running processes serial numbers and if it's a match then you get a ban.
VAC also has a few other detection methods and is smarter than most people believe, even though compared to EAC/BE it's ineffective. If you have a private cheat most of the time you'll be fine and to be honest you can evade VAC most of the time if you just virtualize the cheat you have (if done correctly).