Why doesn't F-Secure have an Early Launch Antimalware driver?


Quoted from https://msdn.microsoft.com/en-us/windows/compatibility/early-launch-antimalware

"As antimalware (AM) software has become better and better at detecting runtime malware, attackers are also becoming better at creating rootkits that can hide from detection. Detecting malware that starts early in the boot cycle is a challenge that most AM vendors address diligently. Typically, they create system hacks that are not supported by the host operating system and can actually result in placing the computer in an unstable state. Up to this point, Windows has not provided a good way for AM to detect and resolve these early boot threats.

Windows 8 introduces a new feature called Secure Boot, which protects the Windows boot configuration and components, and loads an Early Launch Anti-malware (ELAM) driver. This driver starts before other boot-start drivers and enables the evaluation of those drivers and helps the Windows kernel decide whether they should be initialized."


You can check if an antivirus supports Early Launch Anti-malware by checking "C:\Windows\ELAMBKUP" for a driver except "WdBoot.sys" which belongs to Windows Defender. F-Secure does not have a such driver. I wonder why? Wouldn't it improve the rootkit protection?



This discussion has been closed.
Pricing & Product Info