Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

ELAM

Created: 02 Dec 2012 • Updated: 02 Dec 2012 | 4 comments
This issue has been solved. See solution.

Are there details of what it is/how it works? support?

thanks

Comments 4 CommentsJump to latest comment

.Brian's picture

Only supports Windows 8 as Win8 comes with a new feature called secure boot

http://www.howtogeek.com/116569/htg-explains-how-w...

Windows 8 Early Launch Anti-Malware (ELAM) support provides a Microsoft-supported way for anti-malware software to start before all other third-party components. In addition, vendors can now control the launching of third-party drivers, depending on trust levels. If a driver is not trusted, it can be removed from the boot sequence. ELAM support makes more efficient rootkit detection possible.
 

Managing early launch anti-malware (ELAM) detections

 
http://www.symantec.com/business/support/index?page=content&id=HOWTO81107
 

Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

 
http://www.symantec.com/business/support/index?page=content&id=HOWTO81106
 

What's new in Symantec Endpoint Protection 12.1.2

 
http://www.symantec.com/business/support/index?page=content&id=HOWTO81091

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
pete_4u2002's picture

its Microsoft feature in Windows 8

check this link

http://msdn.microsoft.com/en-us/library/windows/desktop/hh848061(v=vs.85).aspx

As antimalware (AM) software has become better and better at detecting runtime malware, attackers are also becoming better at creating rootkits that can hide from detection. Detecting malware that starts early in the boot cycle is a challenge that most AM vendors address diligently. Typically, they create system hacks that are not supported by the host operating system and can actually result in placing the computer in an unstable state. Up to this point, Windows has not provided a good way for AM to detect and resolve these early boot threats.

Windows 8 introduces a new feature called Secure Boot, which protects the Windows boot configuration and components, and loads an Early Launch Anti-malware (ELAM) driver. This driver starts before other boot-start drivers and enables the evaluation of those drivers and helps the Windows kernel decide whether they should be initialized.

As far SEP is considered, SEP 12 Ru 2 supports windows 8 and above link from Brian should help.

W007's picture

HI,

Windows 8 Early Launch Anti-Malware (ELAM) support provides a Microsoft-supported way for anti-malware software to start before all other third-party components. In addition, vendors can now control the launching of third-party drivers, depending on trust levels. If a driver is not trusted, it can be removed from the boot sequence. ELAM support makes more efficient rootkit detection possible

Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

http://www.symantec.com/business/support/index?page=content&id=HOWTO81106

Managing early launch anti-malware (ELAM) detections

http://www.symantec.com/business/support/index?page=content&id=HOWTO81107

What's new in Symantec Endpoint Protection Small Business Edition 12.1.2

 

http://www.symantec.com/business/support/index?page=content&id=HOWTO81450

http://msdn.microsoft.com/en-us/library/windows/hardware/br259096.aspx

Early launch antimalware (Windows)

http://msdn.microsoft.com/en-us/library/windows/desktop/hh848061(v=vs.85).aspx

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mick2009's picture

"Thumbs up" to the advice, above!

This MS training session is quite good, for any admin who would like to know more:

Windows 8: Malware Resistant by Design
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA309

 

 

With thanks and best regards,

Mick