In Windows 8 or later, Microsoft has implemented Early Launch Anti-Malware (ELAM) protection which makes integrity checks boot-start drivers when your system loads. In other words, ELAM is nothing but a kernel based driver which is launches itself before any other driver/software. The main purpose of ELAM is to scan all the drivers launched after it and develop a report with Good, Bad, Bad but required for boot, Unknown markings. Windows will reject only Bad drivers/software and load everything else, by default. Some of the available anti-virus in the market supports ELAM and this in-built feature can works in conjugation with them.
Sometimes, if a crucial driver that is required to boot Windows properly is marked as Bad instead of Bad but required for boot (false positive), your system will not fail to start. To deal with this problem, Microsoft implemented an option to disable ELAM temporarily under Advanced Recovery Options. With the help of that option, we can easily deactivate ELAM and if Windows loads properly after that, we can use other techniques such as updating the drivers/software to get rid of false positive from ELAM.
The steps mentioned below will help you deactivate ELAM. If the issue of false positive continues, you can configure ELAM to load only specific type of drivers using registry manipulation.
How To Configure/Disable Early Launch Anti-Malware Protection In Windows 10
Part 1 – Disable Early Launch Anti-Malware Protection
1. Navigate Settings app -> Update and security -> Recovery. In the corresponding right pane of Recovery screen shown below, click on Restart now under Advanced startup.
You’ll immediately see that the system is restarting to boot into recovery mode.
2. Next, under Choose an option screen, click Troubleshoot option:
3. Then pick Advanced options under Troubleshoot screen:
4. So you’ve now boot into Advanced Startup Options. Click on Startup Settings entry here:
5. Moving on, in the Startup Settings screen, you need to click Restart so that you can change Windows Startup behavior:
6. Lastly, you need to press F8 to disable early-launch anti-malware protection. In case, you’re using Windows 10 on a virtual machine via software such as Oracle VirtualBox, instead of F8, press number key 8.
This should restart Windows 10 and launch it with ELAM protection disabled. On another reboot, Windows will automatically enable ELAM (default stage). If you want to configure ELAM specifically, go ahead with steps mentioned in Part 2.
Part 2 – Configure Early Launch Anti-Malware Protection
Registry Disclaimer: The further steps will involve registry manipulation. Making mistakes while manipulating registry could affect your system adversely. So be careful while editing registry entries and create a System Restore point first.
1. Press + R and put regedit in Run dialog box to open Registry Editor (if you’re not familiar with Registry Editor, then click here). Click OK.
2. In the Registry Editor window, navigate to following registry key:
3. In the left pane, right click on Policies registry key and select New > Key. Name the newly created sub-key as EarlyLaunch. Click EarlyLaunch and in the corresponding right pane, right click and select New > DWORD Value. Name the newly created string as DriverLoadPolicy. Right click on the string and select Modify.
4. You can set the Value data with any one of these values as per your requirement:
|3||Load Good, Unknown and Bad but critical drivers (default)|
|1||Load Good and Unknown drivers|
|8||Load only Good drivers|
|7||Load all drivers|
After inputting the value, click OK. Close Registry Editor and reboot to make changes effective.
Hope you find the article useful!