HyperVisor Code Integrity Readiness Test fails for Early Launch AntiMalware drivers RRS feed

  • Question

  • Hi, I can *not* pass above test for my ELAM driver, because Windows unloads ELAM drivers *before* the statistics can be collected by the test. The Driver Verifier output then looks like this:


        [X] 0x02000000 Code integrity checks.

      Internal Flags:
        [X] 0x00001000 Additional debug information.
        [X] Indicates flag is enabled.
      Verifier Statistics Summary
        Raise IRQLs:                                     0
        Acquire Spin Locks:                              3
        Synchronize Executions:                          0
        Trims:                                           0

        Pool Allocations Attempted:                    170
        Pool Allocations Succeeded:                    170
        Pool Allocations Succeeded SpecialPool:          1
        Pool Allocations With No Tag:                    0
        Pool Allocations Not Tracked:                    0
        Pool Allocations Failed:                         0
        Pool Allocations Failed Deliberately:            0

      Driver Verification List

        MODULE: gdelam.sys (load: 1 / unload: 1)

    I was able to work around this issue by removing "unload" support for my driver, but this is not a good idea because "Windows" wants ELAM Drivers to be unloaded after their work is done. Finally quality gets worse just for passing a quality test.

    Wednesday, October 12, 2016 11:00 AM