Adjusting the Symantec Endpoint Protection Small Business Edition early launch anti-malware (ELAM) options

Article:HOWTO81453  |  Created: 2012-10-25  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO81453
Article Type
How To


Subject


Adjusting the Symantec Endpoint Protection Small Business Edition early launch anti-malware (ELAM) options

Symantec Endpoint Protection Small Business Edition provides an ELAM driver that works with the Microsoft ELAM driver to provide protection for the computers in your network when they start up. The settings are supported on Microsoft Windows 8 and Windows Server 2012.

The Symantec Endpoint Protection Small Business Edition ELAM driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection Small Business Edition driver then passes the information to Windows to decide to allow or block the detected driver.

You cannot create exceptions for individual ELAM detections; however, you can create a global exception to log all bad drivers as unknown. By default, unknown drivers are allowed to load.

For some ELAM detections that require remediation, you might be required to run Power Eraser. Power Eraser is part of the Symantec Help tool.

Note:

Auto-Protect scans any driver that loads.

To adjust the Symantec Endpoint Protection Small Business Edition ELAM options

  1. In the Symantec Endpoint Protection Manager console, on the Policies tab, open a Virus and Spyware Protection policy.

  2. Under Protection Technologies, select Early Launch Anti-Malware Driver.

  3. Check or uncheck Enable Symantec early launch anti-malware.

    The Windows ELAM driver must be enabled for this option to be enabled. You use the Windows Group Policy editor or the registry editor to view and modify the Windows ELAM settings. See your Windows documentation for more information.

  4. If you want to log the detections only, under Detection Settings, select Log the detection as unknown so that Windows allows the driver to load.

  5. Click OK.

See Managing early launch anti-malware (ELAM) detections

See Troubleshooting computer issues with the Symantec Help support tool


Legacy ID



v71631013_v81626097


Article URL http://www.symantec.com/docs/HOWTO81453


Terms of use for this information are found in Legal Notices