We are working on a Security Suite for Windows. We want our process to be unkillable like that of Kaspersky's or Avast's. While looking around the web I came across Windows Protected Services.
How to register my product as a windows protected service?
Or is this service only available for Anti - Malware products alone? How about its availability for a Security Suite, which does stuff like USB device management, data protection and similar stuff?
You need to write a ELAM (Early Launch Anti-Malware) driver to be able to create a protected service.
Each driver .sys file must be code signed by Microsoft, using a special certificate indicating that it is an Early Launch AM Driver.
Antimalware Vendor Participation Requirements:
Microsoft requires that Early Launch Antimalware vendors either be members of the Microsoft Virus Initiative (MVI) or pre-approved members of the Virus Information Alliance (VIA). This membership ensures that the vendors are active antimalware community participants with a positive industry reputation. Please reach out to mvi@microsoft.com if you have questions about ELAM driver signing or becoming a pre-approved VIA member.
