Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

Article:HOWTO81106  |  Created: 2012-10-24  |  Updated: 2014-09-21  |  Article URL
Article Type
How To


Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

Symantec Endpoint Protection provides an ELAM driver that works with the Microsoft ELAM driver to provide protection for the computers in your network when they start up. The settings are supported on Microsoft Windows 8 and Windows Server 2012.

The Symantec Endpoint Protection ELAM driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.

You cannot create exceptions for individual ELAM detections; however, you can create a global exception to log all bad drivers as unknown. By default, unknown drivers are allowed to load.

For some ELAM detections that require remediation, you might be required to run Power Eraser. Power Eraser is part of the Symantec Help tool.


Auto-Protect scans any driver that loads.

To adjust the Symantec Endpoint Protection ELAM options

  1. In the Symantec Endpoint Protection Manager console, on the Policies tab, open a Virus and Spyware Protection policy.

  2. Under Protection Technologies, select Early Launch Anti-Malware Driver.

  3. Check or uncheck Enable Symantec early launch anti-malware.

    The Windows ELAM driver must be enabled for this option to be enabled. You use the Windows Group Policy editor or the registry editor to view and modify the Windows ELAM settings. See your Windows documentation for more information.

  4. If you want to log the detections only, under Detection Settings, select Log the detection as unknown so that Windows allows the driver to load.

  5. Click OK.

See Managing early launch anti-malware (ELAM) detections

See Troubleshooting computer issues with the Symantec Help support tool

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices