Early Launch Anti-Malware (ELAM): What it is?

Early Launch Anti-Malware (ELAM)

What it is

Early Launch Anti-Malware (ELAM) is a Windows feature that lets your security software start first during boot. By loading a tiny anti-malware driver before most other drivers, ELAM can block boot-time threats (like rootkits) before they take hold.

Why it matters

Boot-level malware hides under the OS and can dodge normal scans. ELAM flips the script: your defender wakes up first, checks what’s trying to start, and stops known-bad drivers from ever loading.

How it works 

  • Early start: an ELAM driver is loaded at the very beginning of boot.

  • Classify drivers: when other drivers try to load, ELAM tags them (good/bad/unknown).

  • Block or allow: known-bad gets blocked; known-good loads; unknown can be allowed with caution or policies.

What you might notice

  • A one-time boot warning if a suspicious driver was blocked.

  • Cleaner restarts after removing stubborn infections that used to come back.

Quick check on Windows

  • ELAM is built into modern Windows and works with compatible security products.

  • Keep your security app updated and Secure Boot enabled in firmware/BIOS for the best protection.


    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • Fileless Malware

        What it is Fileless malware runs from memory instead of dropping obvious files on your disk. It often abuses built-in tools (like PowerShell or WMI) and trusted apps, making it harder for traditional antivirus to spot. How it works You visit a ...

      • Crypto Malware (Cryptojacking)

        What it is Cryptojacking is sneaky malware that hijacks your CPU/GPU to mine cryptocurrency for someone else. You pay the price—slowdowns, heat, battery drain—while the attacker collects the coins. What you may notice Fans roaring and the device runs ...