Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options
|Article:HOWTO81106|||||Created: 2012-10-24|||||Updated: 2013-01-30|||||Article URL http://www.symantec.com/docs/HOWTO81106|
Symantec Endpoint Protection provides an ELAM driver that works with the Microsoft ELAM driver to provide protection for the computers in your network when they start up. The settings are supported on Microsoft Windows 8.
The Symantec Endpoint Protection ELAM driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.
You cannot create exceptions for individual ELAM detections; however, you can create a global exception to log all bad drivers as unknown. By default, unknown drivers are allowed to load.
For some ELAM detections that require remediation, you might be required to run Power Eraser. Power Eraser is part of the Symantec Help tool.
Auto-Protect scans any driver that loads.
To adjust the Symantec Endpoint Protection ELAM options
In the Symantec Endpoint Protection Manager console, on the Policies tab, open a Virus and Spyware Protection policy.
Under Protection Technologies, select Early Launch Anti-Malware Driver.
Check or uncheck Enable Symantec early launch anti-malware.
The Windows ELAM driver must be enabled for this option to be enabled. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information.
If you want to log the detections only, under Detection Settings, select Log the detection as unknown so that Windows allows the driver to load.
Article URL http://www.symantec.com/docs/HOWTO81106