Endpoint Protection

 View Only
  • 1.  ELAM

    Posted Dec 02, 2012 08:54 AM

    Are there details of what it is/how it works? support?

    thanks



  • 2.  RE: ELAM
    Best Answer

    Posted Dec 02, 2012 08:59 AM

    Only supports Windows 8 as Win8 comes with a new feature called secure boot

    http://www.howtogeek.com/116569/htg-explains-how-windows-8s-secure-boot-feature-works-what-it-means-for-linux/

    Windows 8 Early Launch Anti-Malware (ELAM) support provides a Microsoft-supported way for anti-malware software to start before all other third-party components. In addition, vendors can now control the launching of third-party drivers, depending on trust levels. If a driver is not trusted, it can be removed from the boot sequence. ELAM support makes more efficient rootkit detection possible.
     

    Managing early launch anti-malware (ELAM) detections

     
    http://www.symantec.com/business/support/index?page=content&id=HOWTO81107
     

    Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

     
    http://www.symantec.com/business/support/index?page=content&id=HOWTO81106
     

    What's new in Symantec Endpoint Protection 12.1.2

     
    http://www.symantec.com/business/support/index?page=content&id=HOWTO81091

     



  • 3.  RE: ELAM

    Broadcom Employee
    Posted Dec 02, 2012 09:23 AM

    its Microsoft feature in Windows 8

    check this link

    http://msdn.microsoft.com/en-us/library/windows/desktop/hh848061(v=vs.85).aspx

    As antimalware (AM) software has become better and better at detecting runtime malware, attackers are also becoming better at creating rootkits that can hide from detection. Detecting malware that starts early in the boot cycle is a challenge that most AM vendors address diligently. Typically, they create system hacks that are not supported by the host operating system and can actually result in placing the computer in an unstable state. Up to this point, Windows has not provided a good way for AM to detect and resolve these early boot threats.

    Windows 8 introduces a new feature called Secure Boot, which protects the Windows boot configuration and components, and loads an Early Launch Anti-malware (ELAM) driver. This driver starts before other boot-start drivers and enables the evaluation of those drivers and helps the Windows kernel decide whether they should be initialized.

    As far SEP is considered, SEP 12 Ru 2 supports windows 8 and above link from Brian should help.



  • 4.  RE: ELAM

    Posted Dec 02, 2012 09:40 AM

    HI,

    Windows 8 Early Launch Anti-Malware (ELAM) support provides a Microsoft-supported way for anti-malware software to start before all other third-party components. In addition, vendors can now control the launching of third-party drivers, depending on trust levels. If a driver is not trusted, it can be removed from the boot sequence. ELAM support makes more efficient rootkit detection possible

    Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81106

    Managing early launch anti-malware (ELAM) detections

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81107

    What's new in Symantec Endpoint Protection Small Business Edition 12.1.2

     

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81450

    http://msdn.microsoft.com/en-us/library/windows/hardware/br259096.aspx

    Early launch antimalware (Windows)

    http://msdn.microsoft.com/en-us/library/windows/desktop/hh848061(v=vs.85).aspx



  • 5.  RE: ELAM

    Posted Dec 03, 2012 04:43 AM

    "Thumbs up" to the advice, above!

    This MS training session is quite good, for any admin who would like to know more:

    Windows 8: Malware Resistant by Design
    http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA309