Stop Windows 8 To Boot With Malware Infected Drivers At Boot Time

Windows 8 is no doubt more secure than windows 7 as it comes with features like Secure Boot which actually prevents rootkit or malware infection. There is another less known feature of windows 8 which can actually stop windows 8 to load the malware infected drivers at the boot time in case there are any bad drivers which may cause harm to computer.

This new feature is called Early Launch Anti-Malware (ELAM) technology in Windows 8 which is by default disabled but can be easily enabled through group policy settings, this policy settings can be really useful for system administrator and super users of windows. As per this new technology it will make windows 8 to load the Early Launch Anti Malware software to start before all other third-party components. ELAM drivers are initialized first and allowed to control the initialization of boot drivers, potentially not initializing unknown boot drivers.

The Early Launch Antimalware boot-start driver has four different settings mode.

  1. Good: The driver has been signed and has not been tampered with.
  2. Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.
  3. Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.
  4. Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.

Enable EALM Feature In Windows 8

If you suspect that the windows 8 on your computer might be infected by a malware driver which can seriously impact the performance of your computer and may also steal user data and make important files corrupt, you can simply enable this in built feature in windows 8 so that windows does not load the infected malware driver at the time of boot.

You will need to do this via Group Policy Editor, Press Windows + R to open run prompt and type gpedit.msc and press Enter or click Ok

Once the group policy editor is opened, go to Computer Configuration > Administrative Templates >  System > Early Launch Malware >  Boot-Start Driver Initialization Policy as shown in the image below.

Early Launch Anti Malware

Now you should check the Enabled check box and then Select the state – Good, unknown and bad but critical drivers so that windows loads all the good drivers which passed the validation test, all unknown which are not marked either bad or good but these drivers does not have malware and bad drivers as well which are either marked as malware but are required for windows 8 to boot.

Some Malware Removal Guides

In case you already know that your computer is infected with a malware you can follow our guides on malware which can really help you to get rid of any type of malware infection on your computer.

You can also try Microsoft Official malicious software removal tool which removes malicious software from an already-infected computer. Antivirus products block malicious software from running on a computer and removes only specific prevalent malicious software. Specific prevalent malicious software is a small subset of all the malicious software that exists today which are identified by microsoft as super dangerous.

[ Via ]

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.