How To Disable Early Launch Anti-Malware Protection

What is Early Launch Anti-Malware Protection?

Early Launch Anti-Malware (ELAM) protection is a security feature in Windows operating systems that helps to safeguard your computer during the boot process. It is designed to load and start only known and trusted anti-malware drivers before any other third-party driver or software. By doing so, ELAM ensures that your system is protected from malicious software that may attempt to exploit vulnerabilities during the boot process.

During the boot process, Windows loads various drivers and services to ensure the proper functioning of your computer. However, this also presents an opportunity for malware to inject itself into the system and gain control before any security measures are in place. ELAM acts as an additional layer of defense, verifying the authenticity and integrity of anti-malware drivers before allowing them to load, thereby preventing malware from taking advantage of system vulnerabilities.

This security feature is especially crucial in protecting against rootkits, which are sophisticated types of malware that can covertly gain control over your system by tampering with the normal operation of the operating system. ELAM ensures that only trusted anti-malware drivers are loaded at boot time, making it significantly more challenging for rootkits to infiltrate and compromise your system.

ELAM is integrated with Windows Defender, the built-in antivirus program in Windows. When you have an active antivirus solution installed, ELAM works in conjunction with it to provide enhanced protection from malware during the boot process.

While Early Launch Anti-Malware Protection is a valuable security feature, there may be situations where you need to disable it temporarily. If you encounter compatibility issues with certain drivers or software during boot, you may have to turn off ELAM. In the following sections, we’ll explore different methods to disable ELAM and regain control over your system’s boot process.

Reasons to Disable Early Launch Anti-Malware Protection

While Early Launch Anti-Malware (ELAM) protection is an important security feature in Windows, there may be valid reasons to temporarily disable it. Here are a few scenarios where disabling ELAM can be necessary:

1. Compatibility Issues: Some third-party drivers or software may not be compatible with ELAM, causing conflicts during the boot process. This can lead to system instability or prevent your computer from starting up properly. In such cases, disabling ELAM can help in identifying and resolving compatibility issues.
2. Troubleshooting Boot Problems: If you are experiencing boot-related problems, such as frequent crashes, system freezing, or extended boot times, disabling ELAM can be a useful troubleshooting step. By disabling ELAM, you can determine whether the issue is related to the security feature or if there are other underlying causes.
3. Software Development and Testing: If you are a software developer or tester, you may need to disable ELAM to perform certain debugging tasks or test the behavior of specific drivers during boot. Disabling ELAM temporarily allows you to gain more control over the boot process and diagnose any issues more effectively.
4. Third-Party Security Software: In some cases, third-party security software may conflict with ELAM, causing performance issues or preventing the proper functioning of both the antivirus program and ELAM. Disabling ELAM can help in resolving such conflicts and ensure the smooth operation of your security software.
5. Performing Advanced System Configurations: If you need to make advanced system configurations that require modifying driver settings or loading specific drivers during boot, disabling ELAM allows you to make these changes without any hindrance. This is particularly useful for power users or IT professionals who need fine-grained control over their system’s boot process.

Remember that disabling ELAM should be done with caution and only when necessary. It is always recommended to have a reliable antivirus solution installed and active to provide continuous protection against malware. Temporarily disabling ELAM should only be considered as a troubleshooting step or for specific use cases, and the security feature should be re-enabled once the purpose is fulfilled.

Backup Your System Before Disabling Early Launch Anti-Malware Protection

Before proceeding with any modifications that involve disabling Early Launch Anti-Malware (ELAM) protection, it is crucial to create a backup of your system. A system backup serves as a fail-safe, allowing you to restore your computer to a previously working state in case any issues arise during or after disabling ELAM.

There are several methods to create a system backup, including using built-in Windows features or using third-party backup software. Here are a few options to consider:

1. Windows Backup and Restore: Windows 10 provides a built-in backup feature called “Backup and Restore.” You can access it by searching for “Backup settings” in the Start menu. This feature allows you to create a system image or backup your important files and folders. Make sure to follow the instructions carefully to ensure the backup is created successfully.
2. Third-Party Backup Software: There are numerous third-party backup solutions available that offer more advanced features and flexibility. Examples include Acronis True Image, Macrium Reflect, and EaseUS Todo Backup. These software options often provide additional features like incremental backups, scheduled backups, and easy restoration options.
3. Cloud-Based Backup Services: Another option is to take advantage of cloud-based backup services like Dropbox, Google Drive, or Microsoft OneDrive. These services offer automated file backup and storage in the cloud, providing an extra layer of protection for your important data. While they may not offer complete system backups, they are an excellent choice for backing up your essential files and documents.

Remember to select the appropriate destination for your backup, whether it’s an external hard drive, network storage, or cloud service. Ensure that there is sufficient storage space to accommodate your backup files.

By creating a system backup before disabling ELAM, you can have peace of mind knowing that you can revert any changes and restore your system to a stable state if something goes wrong. Remember, prevention is better than cure, and taking the time to create a backup is a crucial step in ensuring the safety of your data and system.

Method 1: Disable Early Launch Anti-Malware Protection via Group Policy Editor

The Group Policy Editor is a powerful tool in Windows that allows you to configure advanced settings for your computer. You can use this method to disable Early Launch Anti-Malware (ELAM) protection by following these steps:

1. Open the Group Policy Editor by pressing Windows Key + R to open the Run dialog. Type gpedit.msc and hit Enter.
2. In the Group Policy Editor window, navigate to Computer Configuration > Administrative Templates > System > Early Launch Antimalware.
3. Double-click on the Do not enable Early Launch Antimalware policy on the right-hand side.
4. Select the Enabled option to disable ELAM. Click on Apply and then OK to save the changes.
5. Close the Group Policy Editor.
6. Restart your computer for the changes to take effect. ELAM will be disabled during the next boot.

It’s important to note that the Group Policy Editor is only available in Windows 10 Pro, Enterprise, and Education editions. If you are using a different version of Windows, you can try other methods mentioned in this article.

Disabling ELAM using the Group Policy Editor allows you to modify the setting at a system-wide level. This means that ELAM will be disabled for all users on your computer.

To re-enable ELAM in the future, follow the same steps but select the Not Configured option in the policy settings, or disable the policy entirely.

Remember to exercise caution while making changes in the Group Policy Editor, as modifying the wrong settings can have unintended consequences. Always double-check your changes and ensure that you understand the impact of any modifications you make.

Method 2: Disable Early Launch Anti-Malware Protection via Command Prompt

If you prefer using the Command Prompt, you can disable Early Launch Anti-Malware (ELAM) protection using a few simple commands. Follow the steps below:

1. Press the Windows Key to open the Start menu. Type Command Prompt.
2. Right-click on the Command Prompt result and select Run as administrator to open an elevated Command Prompt.
3. In the Command Prompt window, type the following command and press Enter:

   
       bcdedit /set {default} bootstatuspolicy ignoreallfailures
       

4. After executing the command, you should see a message confirming the operation was successful.
5. Close the Command Prompt window.
6. Restart your computer. ELAM will be disabled during the next boot.

By running the above command, you are modifying the boot status policy settings to ignore all failures, including ELAM. This effectively disables the Early Launch Anti-Malware protection feature for your system.

If you need to re-enable ELAM in the future, open an elevated Command Prompt and run the following command:

bcdedit /set {default} bootstatuspolicy displayallfailures

Executing this command will restore the default boot status policy, which includes enabling ELAM protection.

It’s important to note that using the Command Prompt requires administrative privileges. Make sure to run the Command Prompt as an administrator to execute the commands successfully.

Disabling ELAM via the Command Prompt gives you a quick and straightforward method to turn off the protection feature. Just make sure to exercise caution and enter the commands accurately to avoid unintended consequences.

Method 3: Disable Early Launch Anti-Malware Protection via Registry Editor

If you prefer modifying settings through the Registry Editor, you can disable Early Launch Anti-Malware (ELAM) protection using the following steps:

1. Press Windows Key + R to open the Run dialog. Type regedit and hit Enter to open the Registry Editor.
2. In the Registry Editor window, navigate to the following path:

   
       HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
       

3. In the right-hand pane, you will see a value called BootExecute. Double-click on it to open the Edit dialog.
4. In the Value data field, remove any entry that starts with earlylaunch. Make sure not to delete any other entries.
5. Click OK to save the changes and close the Edit dialog.
6. Close the Registry Editor.
7. Restart your computer to apply the changes. ELAM will be disabled during the next boot.

By removing the earlylaunch entry from the BootExecute value, you are effectively disabling ELAM protection for your system.

If you later wish to re-enable ELAM, you can go back to the same Registry location and add the earlylaunch entry back into the BootExecute value.

When working with the Registry Editor, it’s important to exercise caution as any incorrect changes can cause system instability or other issues. Make sure to follow the instructions precisely and only modify the intended values.

Disabling ELAM via the Registry Editor provides a direct method for advanced users who are comfortable working with the Windows Registry. However, it’s advisable to create a system backup or a Registry backup before making any changes and proceed with caution.

Method 4: Disable Early Launch Anti-Malware Protection via Startup Settings

An alternate method to disable Early Launch Anti-Malware (ELAM) protection is by accessing the Startup Settings of your computer. Here’s how you can do it:

1. Restart your computer. As it boots up, press and hold the Shift key. Keep holding it until the Advanced Startup Options screen appears.
2. In the Advanced Startup Options screen, select Troubleshoot.
3. Choose Advanced options.
4. Next, select Startup Settings.
5. Click on the Restart button to reboot your computer.
6. After the restart, a list of startup settings will be displayed. Press the corresponding number key or function key for Disable early launch anti-malware protection.
7. Your computer will restart once again, with ELAM disabled during the boot process.

By accessing the Startup Settings and choosing to disable early launch anti-malware protection, you can temporarily turn off ELAM for troubleshooting purposes or to resolve any compatibility issues you may be experiencing.

It’s important to note that disabling ELAM via the Startup Settings is temporary and only applies to the current boot session. Once you restart your computer without accessing the Startup Settings, ELAM will be enabled again.

If you want to re-enable ELAM, simply restart your computer and let it boot up without accessing the Startup Settings.

The Startup Settings method is an easy and straightforward way to disable ELAM temporarily without making any permanent changes to your system. It gives you the flexibility to troubleshoot and resolve any issues you may encounter during the boot process.

Method 5: Disable Early Launch Anti-Malware Protection via Windows Defender Security Center

If you prefer using a graphical interface, you can disable Early Launch Anti-Malware (ELAM) protection through the Windows Defender Security Center. Follow these steps to disable ELAM using this method:

1. Open the Windows Defender Security Center by clicking on the Start menu and searching for it.
2. In the Windows Defender Security Center window, click on Virus & threat protection.
3. Under the Virus & threat protection settings section, click on Manage settings.
4. Scroll down to the Core isolation section and click on Core isolation details.
5. Toggle the switch next to Memory integrity to the Off position.
6. You will receive a warning that disabling memory integrity can make your computer more vulnerable to attacks. Click on Yes to continue.
7. Close the Windows Defender Security Center.
8. Restart your computer to apply the changes. ELAM will be disabled during the next boot.

By turning off the Memory integrity feature in Windows Defender Security Center, you are effectively disabling ELAM protection for your system. This method is most suitable if you already have Windows Defender as your primary antivirus solution.

If you decide to re-enable ELAM in the future, follow the same steps but toggle the switch for Memory integrity back to the On position.

Remember that turning off the Memory integrity feature will lower the security level of your system. It is essential to have another reliable antivirus solution installed and active to provide continuous protection against malware.

Disabling ELAM via the Windows Defender Security Center is a user-friendly and accessible method for those who prefer a graphical interface. It allows you to conveniently enable or disable ELAM without the need for advanced technical knowledge.

Re-enable Early Launch Anti-Malware Protection

If you have temporarily disabled Early Launch Anti-Malware (ELAM) protection using any of the methods mentioned earlier and want to re-enable it to enhance the security of your system during the boot process, follow these steps:

1. Method 1: Group Policy Editor: Open the Group Policy Editor using the gpedit.msc command, navigate to the Do not enable Early Launch Antimalware policy, and set it to Not Configured or disable the policy entirely.
2. Method 2: Command Prompt: Open an elevated Command Prompt and run the following command:

   
       bcdedit /set {default} bootstatuspolicy displayallfailures
       

3. Method 3: Registry Editor: Open the Registry Editor with regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute, and add back the earlylaunch entry to the BootExecute value.
4. Method 4: Startup Settings: Restart your computer without accessing the Startup Settings; ELAM will be re-enabled by default.
5. Method 5: Windows Defender Security Center: Open the Windows Defender Security Center, go to Virus & threat protection settings, under Core isolation, toggle the switch for Memory integrity back to the On position.

These steps will restore the Early Launch Anti-Malware protection feature to its default enabled state. It is important to re-enable ELAM to ensure the optimal security of your computer during the boot process.

Always remember that Early Launch Anti-Malware protection plays a crucial role in safeguarding your system against malware and rootkits during startup. Disabling it should only be done temporarily and for specific use cases. Keeping ELAM enabled provides an additional layer of defense against malicious software attempting to exploit system vulnerabilities.

By following the appropriate method outlined above, you can easily re-enable ELAM and enjoy the enhanced security it provides during the boot process.