Most of these hacks don’t modify the fivem installation
Sounds like a bad solution as every fivem patch could lead to false positives if you forget to update (+ canary/prod differences)
Probably works the same as all of those sold anticheat by just listening to their own events send, check out How To Create an Anti-Cheat - List of Vulnerable and Abused Events (Updated January 2020)
You might notice events like “antilynx8:anticheat” which are send by some menus and their anticheat basically just listens for that