Early launch anti-malware also known as ELAM, is a kind of cybersecurity tool set up to protect systems during the boot-up phase before any other software begins its startup process. This feature is in place to block malware like rootkits hiding in that vulnerable phase when antimalware software is yet to launch.
ELAM starts its process just as an essential driver before all the non-essential drivers and software. This way, it can assess the integrity of every service and driver as they are loaded into memory one at a time. If the ELAM detects any malicious drivers, it will prevent it from loading and can prevent any further damage.
Origins of early launch anti-malware
ELAM was first introduced by tech giant Microsoft when they released Windows 8 as an additional feature in the proposed enhanced security measures. It became a necessity to include such a feature since more malware had begun targeting systems at their most vulnerable — during the boot phase.
Thanks to this feature, malware such as rootkits can’t wreak havoc anymore. ELAM is now a core part of the Windows Defender, and you can find it in other antimalware software.
