I've been looking for info about antiviruses and their support for ELAM on Windows 8. There is not much info about it on web and on this forum also. So I decided to start a new thread. Here is some info about ELAM for those who don't know about it: http://msdn.microsoft.com/en-us/library/windows/desktop/hh848061(v=vs.85).aspx I was looking which AVs support it and could only find these: Kaspersky: http://www.kaspersky.com/windows-8 Symantec: http://www.symantec.com/business/support/index?page=content&id=HOWTO81107 Bitdefender: http://www.bitdefender.com/solutions/windows-8-security.html McAfee: https://kc.mcafee.com/corporate/index?page=content&id=KB65784 TrendMicro: http://esupport.trendmicro.com/solution/en-US/1095123.aspx AVG: Google search found some mentions of their ELAM driver. For others I didn't find any reference to ELAM support. Any additional information about AVs supporting it and your experience with it would be greatly appreciated.
When I've checked Microsoft's ELAM driver requirements, I found out that one requirement is: So I decided to do a little test with AVs and check which AVs store driver in c:\Windows\ELAMBKUP\ I conducted my test in VirtualBox with Windows 8.1 x64 guest system. System has all updates installed. I downloaded latest versions of different AVs and installed them using default settings. After installation I rebooted VM and checked if there was an AV driver in C:\Windows\ELAMBKUP\ I don't know if this is correct way to check ELAM support but here are my results: Regards
Thank you @rugk . Testing took me 6 hours but it was interesting to see how different AVs install and behave during and right after install
Heh love how each vendor chose to use a version of elam to name the driver, while AVG names it to avgboota. Btw it seems that CIS 7.0.317799.4142 doesn't have the backup driver in my computer, maybe you would like to add it to the table.
This is a snippet from avast! Blog which is not online anymore in the old form. If avast! 7 already had ELAM support, avast! 2015 should have it as well... EDIT: Actually i found it here: http://press.avast.com/avast-software-the-new-avast-7-free-antivirus-is-here
@RejZoR I rechecked Avast and couldn't find ELAM driver in C:\Windows\ELAMBKUP\. In Microsoft's ELAM Prerequisites we can read: I checked all other ELAM drivers that I've collected and all of them were signed by "Microsoft Windows Early Launch Anti-malware Publisher". After Avast installation I couldn't find a driver signed by this publisher. All Avast drivers were signed by Avast itself. IDK, they might integrate ELAM driver without following Microsoft's design guide?
Its not possible for Avast to do that. The reason why it needs to be signed by Microsoft is because the OS will only launch Microsoft files first before anything else, so if its not signed by Microsoft, it cannot enjoy being launched early. If you can't find drivers from avast signed by Microsoft, it means Avast is not using ELAM.
Thank you for clarification. If this is how OS will boot then I guess Avast is not using ELAM driver. It makes sense also, otherwise everyone could release ELAM driver - even bad guys, who would sign it with stolen certificates.
I was wondering if my current system would support ELAM but it's a Windows 7 system updated to Tech Preview and my hardware doesn't support UEFI (Unified Extensible Firmware Interface) "Secure Boot" so unfortunately not. No UEFI no ELAM.
I imagine anyone on 8 or 10 would have that driver? I have the Wdboot.sys driver and only have WD set for manual scans.
The default Win 10 ELAM driver is wdboot.sys. It is use by Windows Defender. Most third party AV software will disable Windows Defender as part of their installation processes. When that occurs, the wdboot.sys driver will no longer load.
They wanted my credit card to test it so I didn't bother with it. Since they've had ELAM driver in previous test I made in 2017, they most likely have it now also. EDIT: other AVs I've had trouble obtaining trial/install/register... are: Sophos, K7, Webroot, Comodo.
