Register service as protected service

Question

We are working on a Security Suite for Windows. We want our process to be unkillable like that of Kaspersky's or Avast's. While looking around the web I came across Windows Protected Services.

https://msdn.microsoft.com/en-us/library/windows/desktop/dn313124%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

How to register my product as a windows protected service?

Or is this service only available for Anti - Malware products alone? How about its availability for a Security Suite, which does stuff like USB device management, data protection and similar stuff?

Answer 1

You need to write a ELAM (Early Launch Anti-Malware) driver to be able to create a protected service.

Each driver .sys file must be code signed by Microsoft, using a special certificate indicating that it is an Early Launch AM Driver.

Antimalware Vendor Participation Requirements:

Microsoft requires that Early Launch Antimalware vendors either be members of the Microsoft Virus Initiative (MVI) or pre-approved members of the Virus Information Alliance (VIA). This membership ensures that the vendors are active antimalware community participants with a positive industry reputation. Please reach out to [email protected] if you have questions about ELAM driver signing or becoming a pre-approved VIA member.