Antimalware software applications have become advanced and efficient, but they are still unable to detect a plethora of malware attacks. This is when the hackers inject rootkits, that prevent the malware from getting detected. One of the most challenging situations is when the malware launches at the boot cycle. This malware incorporates certain system hacks, that eventually takes the PC to an unstable state. Windows operating system has not yet been able to provide a proper, reliable solution of detecting early boot malwares.
However, Windows 10 has an in-built feature called Secure boot. The function of the secure boot is to launch an ELAM driver (Early Launch Anti-Malware) and protect boot configuration and components. The ELAM launches before any boot-start drivers initiate. The ELAM driver analyzes and evaluates those drivers and enable the Windows Kernel decide if the drivers should be launched.
Now coming to the Boot-Start Driver Initialization Policy, this policy setting is a part of Windows Group Policy Editors. This policy setting determines if a boot start driver should be initialized. The performance of the boot start drivers is evaluated by ELAM driver and classified into certain categories.
The categories are written below:
- Good -It means the driver looks safe and has been signed.
- Bad – It means the driver is identified as malware. It is recommended that you do not allow known bad drivers to be initialized.
- Bad, but required for boot – The driver has been identified as malware, but the needs this driver in order to start.
- Unknown – This driver has not been marked as malware by the malware detection application. Thus, not classified by the Early Launch Antimalware boot-start driver.
In this article, you will know the process of enabling early launch antimalware boot driver initialization policy.
Steps To Configure Early Launch Anti-Malware Boot-Start Driver Initialization Policy in Windows 10
- Press Windows+R to launch the Run window. Type gpedit.msc and hit Enter to launch the Local group policy editor (not applicable for Home edition of Windows).
- Now, navigate to the following location from the left pane Computer Configuration\Administrative Templates\System\Early Launch Antimalware
- Go to the right pane, and find out Early Launch Antimalware in Local Group Policy Editor. Double click on Boot-Start Driver Initialization Policy policy to edit it.
- If you want to Enable and Configure Boot-Start Driver Initialization Policy, then check the radio button beside Enabled. Under Options, select any one of the following options: Good only, Good and unknown, Good, unknown and bad but critical, All.
- If you want to disable, click on the radio button beside Disabled.
- That’s all. Restart the computer to see the changes.
