alt Hacker NewsFor this theoretical feature Windows would do it automatically for apps that would opt in.
For debugging you would either not have this feature or enabled, or you would build a custom build that included a debugger in the secure environment. If you needed to connect to production servers you could whitelist your account to be ignored by the anticheat since your server would know you are not playing with an official build.
If it's a simple flag in the executable file header, what stops a cheat program setting the same flag and getting into the sandbox?
Or a cheat program combining itself with the game executable, and setting the flag so other processes can't interrogate whether it contains a cheat.