In Windows 8 or later, Microsoft has implemented Early Launch Anti-Malware (ELAM) protection which makes integrity checks boot-start drivers when your system loads. In other words, ELAM is nothing but a kernel based driver which is launches itself before any other driver/software. The main purpose of ELAM is to scan all the drivers launched after it and develop a report with Good, Bad, Bad but required for boot, Unknown markings. Windows will reject only Bad drivers/software and load everything else, by default. Some of the available anti-virus in the market supports ELAM and this in-built feature can works in conjugation with them.

Sometimes, if a crucial driver that is required to boot Windows properly is marked as Bad instead of Bad but required for boot (false positive), your system will not fail to start. To deal with this problem, Microsoft implemented an option to disable ELAM temporarily under Advanced Recovery Options. With the help of that option, we can easily deactivate ELAM and if Windows loads properly after that, we can use other techniques such as updating the drivers/software to get rid of false positive from ELAM.

The steps mentioned below will help you deactivate ELAM. If the issue of false positive continues, you can configure ELAM to load only specific type of drivers using registry manipulation.

How To Configure/Disable Early Launch Anti-Malware Protection In Windows 10

Part 1 – Disable Early Launch Anti-Malware Protection

1. Navigate Settings app ->  Update and security -> Recovery. In the corresponding right pane of Recovery screen shown below, click on Restart now under Advanced startup.

How To Disable Early Launch Anti-Malware Protection In Windows 10

You’ll immediately see that the system is restarting to boot into recovery mode.

How To Disable Early Launch Anti-Malware Protection In Windows 10

2. Next, under Choose an option screen, click Troubleshoot option:

How To Disable Early Launch Anti-Malware Protection In Windows 10

3. Then pick Advanced options under Troubleshoot screen:

How To Disable Early Launch Anti-Malware Protection In Windows 10

4. So you’ve now boot into Advanced Startup Options. Click on Startup Settings entry here:

How To Disable Early Launch Anti-Malware Protection In Windows 10

5. Moving on, in the Startup Settings screen, you need to click Restart so that you can change Windows Startup behavior:

How To Disable Early Launch Anti-Malware Protection In Windows 10

6. Lastly, you need to press F8 to disable early-launch anti-malware protection. In case, you’re using Windows 10 on a virtual machine via software such as Oracle VirtualBox, instead of F8, press number key 8.

How To Disable Early Launch Anti-Malware Protection In Windows 10

This should restart Windows 10 and launch it with ELAM protection disabled. On another reboot, Windows will automatically enable ELAM (default stage). If you want to configure ELAM specifically, go ahead with steps mentioned in Part 2.

Part 2 – Configure Early Launch Anti-Malware Protection

Registry Disclaimer: The further steps will involve registry manipulation. Making mistakes while manipulating registry could affect your system adversely. So be careful while editing registry entries and create a System Restore point first.

1. Press W8K + R and put regedit in Run dialog box to open Registry Editor (if you’re not familiar with Registry Editor, then click here). Click OK.

Windows 10 Registry Editor

2. In the Registry Editor window, navigate to following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies

How To Disable Early Launch Anti-Malware Protection In Windows 10

3. In the left pane, right click on Policies registry key and select New > Key. Name the newly created sub-key as EarlyLaunch. Click EarlyLaunch and in the corresponding right pane, right click and select New > DWORD Value. Name the newly created string as DriverLoadPolicy. Right click on the string and select Modify.

How To Disable Early Launch Anti-Malware Protection In Windows 10

4. You can set the Value data with any one of these values as per your requirement:

Value data Effect
3 Load Good, Unknown and Bad but critical drivers (default)
1 Load Good and Unknown drivers
8 Load only Good drivers
7 Load all drivers

After inputting the value, click OK. Close Registry Editor and reboot to make changes effective.

FYI: This registry manipulation is equivalent to enabling Boot-start Driver Initialization Policy under Computer Configuration > Administrative Templates > System > Early Launch Antimalware.

Hope you find the article useful!

3 Comments

Add your comment

  • Funky

    Boot actions happened before Win read registry so this is not a solution

  • Jean

    Thanks so much!
    I had to use these setting to get my PC started and I got the BSOD.

    But now – I cannot turn the Kaspersky back on – how to I turn this back on?

    Thanks in advance!

  • Kapil Arya

    ^^ Ask for KasperSky support, in case if you’ve the error code/message while turning it on.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *