[Windows] SymELAM is disabled in Symantec Endpoint Protection


Hello!This time on Windows 10, Symantec Endpoint Protection (SEP)SymElam(Early start malware countermeasure function)Will be invalidI will introduce the setting method for the event.

Early Launch Anti-Malware is simply malware that starts running before security tools are launched.Therefore, if this function is disabled, the security measures will be meaningless if infected with such type of malware.

Security attacks can cause a lot of damage, so resolve them early.

Event that occurred

When I suddenly check the SEP icon in the task tray,Warning markWas displayed.
When you hover the mouse pointer over it,SymElam is disabledWill be displayed.

Also, if you double-click in this state to open the SEP window,Red warning screenIs displayed (I forgot to take the screenshot ...)

Also, from the SEP management windowClick the [Repair] button to repair onceIs done,Reboot or sleepIf you doAlso invalidIt becomes.

Possible causes

Unfortunately, I'm guessing, but probably the latest OSFeature update (FU)I installed it, soCauseI think there was.

SEP itselfSettings are rewrittenI think that Windows Update has overwritten the setting value.

Also, since it returns to its original state due to sleep etc., it is better than SEP itself.OS corruptionI think like that.

* Honestly, the number of events that occurred was too small to know the exact cause.


Enable the Sym Elam function of SEP

Open the SEP management screen, click "Change settings" on the left menu, and click the "Set options" button in the "Virus and anti-spyware" section.

In the window that opens, click the "Early Launch Antimalware" tab, check the "Enable Symantec Early Launch Antimalware" checkbox, and click "OK".

by thisEnable ELAM that has been disabledCan be

Check network status

SEP obtains its own information and updated information from the Internet and intranets within the company, and reports virus information to Symantec.

It seems that if the flow does not go well, it may not be possible to update and this situation may occur.

Once properlyCan you browse the Internet or corporate intranet sites?please make sure.

Try OS repair

Unfortunately there may be other causes.OS repair,Overwrite installationYou may want to try.


This time, I introduced the setting method for the event that SymElam of SEP becomes invalid.

In my environment, it will be enabled immediately after re-enabling this feature.If you restart in that state, it will be disabled again.This was so annoying that I didn't know how to solve it.

However, while I was worried about that, I think that time had passed before I knew it while I was connected to the network.When I noticed, the event was resolved.Probably, I got the settings and repair information from the network and self-repaired.

I am very sorry that it is not a specific cause and solution.

Security measures are a fight against the ever-evolving risks.If you find any disturbing movement, it will be difficult later if you do not repair it immediately.

I think this event will be a case that you wouldn't notice if you weren't careful.
I hope this article will help you check if there are any features that have disabled settings on your PC.

I hope it helps you.

Reference URL

Early Launch Anti-Malware is Disabled | Endpoint Protection
Hidden page that shows all messages in a thread


Translate »
I copied the title and URL