Windows 10 comes with a special Early Launch Anti-malware (ELAM) driver for better security and protection. Let's see what this driver does, and how and why you might want to disable it.
The Early Launch Anti-malware (ELAM) driver is a special driver shipped with Windows 10 out-of-the-box. It is enabled by default and serves to protect the operating system against threats at early boot. This is the first boot-start driver Windows 10 starts. It checks other boot-start drivers and enables the evaluation of those drivers. This allows the operating system to decide whether a particular driver should be initialized or whether it should be classified as malware.
This technique is effective against rootkits, which can hide from security software using special drivers they install.
The feature is very useful. However, if a required driver is flagged because of a false positive, it won't be loaded by the operating system. Depending on the driver, sometimes Windows 10 is not able to start without it. In another case, a malware driver can prevent the operating system from booting intentionally, and the only way to resolve the issue is temporarily disabling the Early Launch Anti-Malware protection. This will allow you to update the problematic driver or remove it.
To Disable Early Launch Anti-Malware Protection in Windows 10, do the following.
Before you proceed, ensure that you are signed in as an administrator.
- Open Advanced Startup Options.
- Click the Troubleshoot item.
- Click Advanced Options on the next screen.
- Click Startup Settings.
- Click the Restart button.
- After reboot, you will see the Startup settings screen:
To disable early-launch anti-malware protection, press the F8 key on your keyboard. Alternatively, you can press the 8 key.
That's it. Windows 10 will then restart without early-launch anti-malware protection enabled. It will be re-enabled automatically once you restart your PC again.
Note: This trick also works in Windows 8.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
To install a problematic driver, you could also press F7 / 7 (“Disable driver signature enforcement”); this will also be re-enabled automatically with the next reboot.
Am I right ?
Indeed, you are right.
You can also disable this using BCDEDIT.exe within Windows elevated command prompt.
bcdedit /set {current} disableelamdrivers yes
Thanks!