An administrator is investigating a possible threat that occurs during the Windows startup. A file is observed that is NOT digitally signed by Microsoft. Which Anti-malware feature should the administrator enable to scan this file for threats?
Early Launch Antimalware (ELAM)is a feature that is designed to provideanti-malware protection during the early stages of Windows startup. When ELAM is enabled, it scans drivers and files that load during startup, especially those not digitally signed by trusted sources like Microsoft.
How ELAM Works:
ELAM loads before other drivers at startup and scans critical files and drivers, identifying potential malware that may attempt to execute before other security layers are fully operational.
Since the file observed is not digitally signed by Microsoft, ELAM would detect and analyze it at boot, preventing possible threats from initializing.
Advantages of ELAM:
It provides proactive defense against rootkits and other threats that may try to gain persistence on the system by loading during the Windows boot process.
Why Other Options Are Less Suitable:
Auto-ProtectandBehavioral Analysisare effective but operate after the system has booted.
Microsoft ELAMis already enabled by default in Windows but does not provide the same customizability as SEP’s ELAM feature.
References: Enabling ELAM is a key best practice for SEP to secure the earliest startup stages against unsigned or suspicious files.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit