How to disable Early Launch Anti-Malware Protection

  • December 26, 2012
  • Read 57,126 times
 

A increasingly popular technique for rootkits is to install malicious drivers that start very early in the boot process. Malware launching in this manner makes it very hard to detect or remove infections without using specialized tools and techniques. To combat this, Microsoft has added a new feature to Windows 8 called Early Launch Anti-Malware Protection. This feature allows certified antivirus programs that support early launch to load their own driver before almost all Windows boot drivers. This antivirus driver will then scan each and every boot driver that attempts to load and depending on how early launch is configured and whether the driver was detected as malware, will block it from loading. If these malware boot-start drivers are unable to load, then the rest of the malware infection does not become activated and it is much easier for your antivirus software to remove the infection.

If a driver is classified as malware by Early Launch Anti-Malware Protection because it is malicious or because of a false positive, the driver may not be allowed to load. If this is a necessary driver for Windows to start properly, then we could have a problem where Windows is unable to boot up properly. To protect Windows from a situation like this, Microsoft added a method for you to disable Early Launch Anti-Malware Protection during a boot so that you can resolve your issues by either updating your virus detections or removing the problematic malware driver. Then the next time you reboot your computer, Early Launch Anti-Malware Protection will automatically start again and continue protecting your computer.

This tutorial will walk you through disabling the Early Launch Anti-Malware Protection so that you can resolve any issues that may be causing Windows to not start properly. To do this please follow these steps to access the Startup Settings screen.

Please type Advanced on the Windows 8 Start Screen. When the search results appear click on the Settings category as shown in the image below.

 

Advanced start screen search

 

Now click on the option labeled Advanced startup options and you will be brought to the General PC Settings screen. Scroll down to the bottom until you see an option labeled Advanced startup. Click on the Restart now button and Windows 8 will restart your computer and go directly into the Advanced Startup options menu.

 

Advanced startup options menu

 

Now click on the Troubleshoot button and then the Advanced options button. You will now be at the Advanced options screen where you should click on the Startup settings option.

 

Startup settings option

 

At the Startup Settings screen, click on the Restart button. Your computer will be restarted and brought into the Startup Settings menu as shown below.

 

Startup Setting options

 

Now press the number 8 on your keyboard. This will launch Windows, but with the early launch anti-malware protection disabled. You can now login to Windows and update your virus definitions or perform further scans for malicious programs that may be causing Windows to not start properly. The next time you reboot, Early Launch Anti-Malware Protection will be enabled again automatically.

If you have any questions regarding this process, please feel free to ask us in the Windows 8 Forum.

Users who read this also read:

  • How to configure Early Launch Anti-Malware Protection in Windows 8 Image
    How to configure Early Launch Anti-Malware Protection in Windows 8

    As malware continues to evolve, more computer infections are starting to use boot drivers to load rootkits and other types of malware early in the boot process. This makes detecting and removing these types of infections much more difficult. Windows 8 includes a very important security feature called Early Launch Antimalware that allows antivirus programs to scan boot drivers for viruses before ...

  • How to disable the lock screen after waking in Windows 8 Image
    How to disable the lock screen after waking in Windows 8

    When you wake up Windows 8 after it has gone to sleep, you will be presented with the lock screen. You will then have to enter your password to start using Windows 8 again. For those who feel that their computer is in a secure environment, this feature can be annoying as it requires a few extra steps to get back to what you are doing. This tutorial will explain how you can disable the requirement ...

  • How to create a command-line toolkit for Windows Image
    How to create a command-line toolkit for Windows

    If you are a system administrator, IT professional, or a power user it is common to find yourself using the command prompt to perform administrative tasks in Windows. Whether it be copying files, accessing the Registry, searching for files, or modifying disk partitions, command-line tools can be faster and more powerful than their graphical alternatives. This tutorial will walk you through ...

  • How to enable the F8 key to start Safe Mode in Windows 8 Image
    How to enable the F8 key to start Safe Mode in Windows 8

    Windows 8 introduced a new boot loader that decreased the time that it takes Windows 8 to start. Unfortunately, in order to do this Microsoft needed to remove the ability to access the Advanced Boot Options screen when you press the F8 key when Windows starts. This meant that there was no easy and quick way to access Safe Mode anymore by simply pressing the F8 key while Windows starts. Instead in ...

  • How to determine what services are running under  a SVCHOST.EXE process Image
    How to determine what services are running under a SVCHOST.EXE process

    A very common question we see here at Bleeping Computer involves people concerned that there are too many SVCHOST.EXE processes running on their computer. The confusion typically stems from a lack of knowledge about SVCHOST.EXE, its purpose, and Windows services in general. This tutorial will clear up this confusion and provide information as to what these processes are and how to find out more ...

 

Comments:

blog comments powered by Disqus

Login

Remember Me
Sign in anonymously