Author Topic: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast? (Read 4145 times)

REDACTED · « **on:** August 22, 2014, 04:22:50 AM »

Hi,
Does the latest version of Avast! 2014 free for Windows 8.1 support Early Launch Anti-Malware (ELAM) ?

Quote

Early Launch AntiMalware (ELAM) capability that enables the antimalware software to start before any third party software.

http://technet.microsoft.com/en-gb/windows/jj983723.aspx

Also, I have a few other questions:
Do I need to get the Avast! software from the Windows Store app, or can i just get it from the Avast! site or the link in the forum?
Does Avast! take care of replacing both the Anti-virus and Anti-spyware elements of Defender?
Does it matter whether i have UEFI or Legacy BIOS?

Many Thanks

Eddy · « **Reply #1 on:** August 22, 2014, 03:14:16 PM »

Quote

Do I need to get the Avast! software from the Windows Store app, or can i just get it from the Avast! site or the link in the forum?

Doesn't matter, you will always get the latest version. If you want to use/try a beta release, you will need to get it from the link on this webboard.

Quote

Does Avast! take care of replacing both the Anti-virus and Anti-spyware elements of Defender?

Yes it does, and depending on the version it can even do more. http://www.avast.com/nl-nl/compare-antivirus

Quote

Does it matter whether i have UEFI or Legacy BIOS?

That doesn't matter. avast will work with both.

Quote

Does the latest version of Avast! 2014 free for Windows 8.1 support Early Launch Anti-Malware (ELAM) ?

Doesn't matter if you have the free or a paid version. All versions are using the same VPS. As long as the signature of the malware is in the vps, avast will be able to detect it.

REDACTED · « **Reply #2 on:** August 22, 2014, 05:45:48 PM »

Thank you for your helpful answer.

My apologies for the confusion:-

Quote from: Eddy on August 22, 2014, 03:14:16 PM

Quote
Does the latest version of Avast! 2014 free for Windows 8.1 support Early Launch Anti-Malware (ELAM) ?
Doesn't matter if you have the free or a paid version. All versions are using the same VPS. As long as the signature of the malware is in the vps, avast will be able to detect it.

By 'Early Launch Anti-Malware' I meant:-

Quote from: Technet: Windows 8 Security Overview

... Windows 8’s ELAM feature, which makes it capable of detecting rootkits that infect non-Microsoft drivers.

http://technet.microsoft.com/en-us/library/dn283963.aspx#BKMK_Desktop

Quote from: Technet: Securing the Windows 8 Boot Process

ELAM can load a Microsoft or non-Microsoft antimalware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn’t started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: Examine every boot driver and determine whether it is on the list of trusted drivers. If it’s not trusted, Windows won’t load it.

An ELAM driver isn’t a full-featured antimalware solution; that loads later in the boot process. Windows Defender (included with Windows 8 ) supports ELAM, as does Microsoft System Center 2012 Endpoint Protection and several non-Microsoft antimalware apps.

http://technet.microsoft.com/en-gb/windows/dn168167.aspx

I've seen sites say things like "Early-Launch Anti-Malware (ELAM) System Support" about an Anti-virus product, and at the end of the Technet quote it says "and several non-Microsoft antimalware apps". Is Avast! one of those programs?

Does Avast! support Early Launch Anti-Malware?

Many Thanks

A. User · « **Reply #3 on:** September 14, 2016, 02:34:32 PM »

Since it's now Avast 12 and Windows 10 Anniversary update, does Avast now support Early Launch Antimalware to catch rootkits that start before the AV itself by preventing this from happening? I can't find the required driver in the dedicated ELAMBKUP folder. AVG has a such driver names avgboota.sys when installed.

mchain · « **Reply #4 on:** September 14, 2016, 09:45:47 PM »

A timed scan for rootkits runs eight minutes in after a cold start or reboot. Check for that.

A. User · « **Reply #5 on:** September 15, 2016, 08:45:24 PM »

Quote from: mchain on September 14, 2016, 09:45:47 PM

A timed scan for rootkits runs eight minutes in after a cold start or reboot. Check for that.

Do you know what Early Launch Anti-malware is? This is not an on-demand scan it is a technology.

A. User · « **Reply #6 on:** September 17, 2016, 09:59:39 PM »

How can i find about that scan? Sure it is an on demand scan that will scan the locations known for installing malware, but ELAM is designed as a way to check drivers before they load. Without ELAM Avast is prone just as any other AV product that doesn't use ELAM. Once the rootkits load they are able to avoid even specialized on demand scans which target the specific locations known for rootkit infections. Boot time scan will find them, but ELAM is a real time scan while the boot time is an on demand.

Author Topic: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast? (Read 4145 times)

REDACTED

Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast?

Eddy

Re: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast?

REDACTED

Re: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast?

A. User

Re: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast?

mchain

Re: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast?

A. User

Re: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast?

A. User

Re: Windows 8.1 and Avast. Is Early Launch Anti-Malware (ELAM) in Latest Avast?