[a_d_13]

Hello,

Windows 8 will include a technology "Early Launch Anti-Malware". Whitepaper is here.

In summary:

• ELAM driver is loaded before all other boot drivers.
• ELAM driver can control whether other boot drivers are loaded.
• All malware signatures for ELAM driver must be stored in central location HKLM\ELAM\Measured\<vendor name>
• Restrictions on ELAM drivers: 0.5ms to respond to callbacks, max memory footprint 128KB, must be signed with special certificate.

Thanks,
--AD