The default behavior is for Early Launch Antimalware - Boot-Start Driver Initialization policy to enforce "Good, unknown and bad but critical" (preventing "bad").If the registry value name below does not exist, this is not a finding.If it exists and is configured with a value of "0x00000007 (7)", this is a finding.Registry Hive: HKEY_LOCAL_MACHINERegistry Path: \SYSTEM\CurrentControlSet\Policies\EarlyLaunch\Value Name: DriverLoadPolicyValue Type: REG_DWORDValue: 0x00000001 (1), 0x00000003 (3), or 0x00000008 (8) (or if the Value Name does not exist)Possible values for this setting are:8 - Good only1 - Good and unknown3 - Good, unknown and bad but critical7 - All (which includes "bad" and would be a finding)

The default behavior is for Early Launch Antimalware - Boot-Start Driver Initialization policy to enforce "Good, unknown and bad but critical" (preventing "bad").If this needs to be corrected or a more secure setting is desired, configure the policy value for Computer Configuration >> Administrative Templates >> System >> Early Launch Antimalware >> "Boot-Start Driver Initialization Policy" to "Not Configured" or "Enabled" with any option other than "All" selected.