StrafeStrafe Esports
What is enrollaik.exe and Why It Runs When You Play Call of Duty

What is enrollaik.exe and Why It Runs When You Play Call of Duty

Call of Duty

Andre Guaraldo

18 Aug, 2025, 17:02

|

Last updated: 18 Aug, 2025, 17:12

Call of Duty’s latest PC builds now start a small, unfamiliar program called enrollaik.exe every time you launch the game. Far from malware, this executable is a keystone in RICOCHET Anti-Cheat’s new hardware-backed security stack. It automatically enrolls a TPM 2.0 Attestation Identity Key (AIK) so that Activision’s servers can verify your machine at boot and confirm that the kernel-level driver (randgrid.sys) is running in a trusted environment.

Below, we unpack how enrollaik.exe works, why it appears only while the game is open, and how it ties into the Season 05 rollout that requires TPM 2.0 security and Secure Boot for future titles.

credits: Ricochet
credits: Ricochet

Article Highlights:

  • enrollaik.exe is a legitimate executable used by Call of Duty’s Ricochet Anti-Cheat to enroll a TPM 2.0 Attestation Identity Key, enabling hardware-backed security verification.
  • The integration of TPM 2.0 security and Secure Boot helps prevent cheating by ensuring the system boots securely and that the kernel-level anti-cheat driver (randgrid.sys) runs in a trusted environment.
  • There is no conflict between Ricochet’s TPM-based anti-cheat and other major anti-cheats like those in Battlefield 6 or Valorant, with occasional issues being specific hardware or driver settings rather than fundamental incompatibilities.

Why does enrollaik.exe pop up?

When players updated Modern Warfare III or installed Black Ops 6, Windows began prompting them to allow “enrollaik.exe” to make changes. The executable ships inside the game’s depot and weighs just a few hundred kilobytes. Its sole purpose is to call the function that creates an Attestation Identity Key (AIK) tied to the computer’s TPM chip.

What the AIK does

  • Generates a unique RSA/ECC key pair inside the TPM.
  • Requests an AIK certificate from Microsoft’s Azure Attestation service, proving the key is bound to genuine hardware.
  • Stores that certificate so games, and enterprise tools, can ask Windows to prove the system booted securely.

By packaging this step in enrollaik.exe, Activision avoids relying on older Windows builds where certreq.exe may be missing or blocked, reducing user friction during the first launch.

How Ricochet anti-cheat leverages AIK enrollment

Ricochet’s kernel-level driver (randgrid.sys) already monitors low-level memory to catch ring-0 cheats. Starting with Season 05, the driver also checks for a valid AIK certificate at game start-up. If the certificate is absent or invalid, the game silently spawns enrollaik.exe, enrolls a fresh AIK, and then passes the certificate hash to Activision’s authentication service during sign-in.

The ricochet anti-cheat handshake has three results:

  • 1. AIK enrollment: Binds TPM to Activision so it stops spoofed hardware IDs
  • 2. Kernel driver validation: Ensures randgrid.sys is loaded, blocking user-mode cheats from disabling the driver
  • 3. Remote attestation: Server cross-checks PCR values so it detects bootkits and unsigned drivers injected before Windows loads

TPM 2.0 Security and Secure Boot Requirements

Activision confirmed that TPM 2.0 and Secure Boot will become mandatory on PC when Black Ops 7 launches later in 2025. These firmware guards perform a measured boot and lock critical registers (PCR 0–9) before Windows hands control to user processes, a design Microsoft illustrates in its TPM 2.0 reference architecture.

What is enrollaik.exe and Why It Runs When You Play Call of Duty

Why TPM 2.0 matters for cheating

  • Unique Hardware Identity: Each TPM has an Endorsement Key burned by the manufacturer, making hardware bans far harder to evade.
  • Measured Boot Chain: Secure Boot blocks unsigned UEFI drivers; TPM attestation records those measurements so Ricochet can reject tampered systems at log-in.
  • Sealed Secrets: Encryption keys bound to the measured state cannot be released if a cheat alters the bootloader or disables HVCI.

Performance and Privacy

Ricochet stresses that TPM verification runs only during system and game start-up, remaining dormant in-match, and cannot read personal files or browsing data.

Troubleshooting the enrollaik.exe Prompt

  • Enable TPM 2.0 and Secure Boot in BIOS: Most mid-2010s motherboards have firmware TPM and ship with Secure Boot off by default.
  • Verify AIK Enrollment: Run certreq -enrollaik -config "" manually from an elevated terminal; success returns “Key is available”.
  • Check Driver Integrity. sc query atvi-randgrid* should list the Ricochet service; reinstall if missing.
  • Clear TPM (Last Resort): If enrollment fails with 0x80070490, clearing the TPM and rebooting often resolves mismatched EK certificates.

Conflicts with other anti-cheats

Despite concerns about multiple anti-cheat systems running simultaneously, there is no inherent conflict between Ricochet’s TPM 2.0-based security (via enrollaik.exe) and other popular anti-cheats that are having problems like Battlefield 6 and Valorant. These systems are designed to operate independently and coexist on the same PC without blocking each other.

However, some users may experience occasional technical issues such as driver clashes or system stability problems due to the sensitive nature of kernel-level drivers and hardware attestation. These are typically isolated cases related to specific hardware configurations or outdated drivers, not fundamental incompatibilities.

Game developers continue to work closely with hardware and software partners to improve compatibility and reduce false positives. So while the layered security approach is more demanding, it does not cause direct conflicts between anti-cheat solutions in general.

TL;DR: Don't worry about enrollaik.exe

Enrollaik.exe is not spyware; it is a lightweight trigger that enrolls your TPM 2.0 Attestation Identity Key so Activision can cryptographically prove your PC booted cleanly before Ricochet’s kernel driver loads.

This extra handshake, combined with mandatory Secure Boot, raises the barrier for rootkit-level cheats and positions Call of Duty for a hardware-secured future.

Players who enable TPM 2.0 today will transition smoothly into Black Ops 7, while those who ignore the prompt may soon find the game refuses to launch. In short, letting enrollaik.exe run once keeps the firefight fair for seasons to come

For the latest Call of Duty news and guides, follow Strafe Esports. Check out our X account for the latest content and coverages.

Featured image credits: Call of Duty

Latest news

Esports Foundation Announces the 40 Clubs for 2026 Club Partner Program

Esports Foundation Announces the 40 Clubs for 2026 Club Partner Program

Today, the Esports Foundation (EF) announced the selected 40 esports clubs for the 2026 Club Partner Program. The program, a $20M dollar initiative, provides funding and support for all the selected clubs. Now in its 3rd year, over $100M has been reportedly invested to date.
31 Mar
Foo Zen-Wen

The Real Pay Gap: Why a Mid-Tier Streamer Often Out-Earns a Pro Player

Compare esports player salary vs streamer income - real numbers, verified data. CS2, Dota 2, LoL pros vs xQc, Ninja, Faker, Full breakdown
26 Mar
Foo Zen-Wen

Brazil's Felca Law Blocks Kids from Multiple Games: What Gamers Need to Know

Brazil's Felca Law takes effect on 17 March 2026 and bans paid loot boxes in games that minors play. It forces Riot Games to set League of Legends and other titles to 18+ in the country, blocking underage accounts until 2027. Free Fire faces redesign of Royales, and Roblox limits chat for kids. Publishers must use CPF checks or biometrics, with fines up to 10% of revenue for violations.
14 Mar
André Guaraldo

"You're Going to Upset Everybody" - Ex-CoD Director Greg Reisdorf on Pros vs Casuals, Leaks, and Developer Ego

Greg Reisdorf served as Multiplayer Creative Director at Sledgehammer Games for over 15 years before departing in early 2025 to co-found Oncade, a direct-to-consumer game distribution platform. After 15 years shaping Call of Duty's multiplayer modes across titles like Advanced Warfare, WWII, and Black Ops Cold War, Greg Reisdorf has seen every version of the franchise's internal friction up close.
12 Mar
Kaustavmani Choudhury

Bach: "One week before Wallachia, we barely played Dota."

After defeating his former teammates, Zhang "Faith_bian" Ruida (also known as Bach) talked about his team's preparations for Wallachia, how they currently draft, and what's changed in his life since his first retirement.
12 Mar
Otomo

Call of Duty Black Ops 7 Season 02 Reloaded Brings Black Ops Royale, Paradox Junction Zombies Map, New Voyak KT-3 Assault Rifle and much more!

Season 02 Reloaded is one of Black Ops 7’s biggest mid-season drops yet, headlined by Black Ops Royale, the Paradox Junction Zombies map, and a new competitive arsenal. This article breaks down every major change for Warzone, Multiplayer, Zombies, and events.
4 Mar
André Guaraldo

Call of Duty Black Ops Royale: All you need to know about Activision's newest Battle Royale

Black Ops Royale is Call of Duty’s boldest Battle Royale experiment since Blackout: a mode inside Warzone that drops loadouts and the Gulag in favor of pure scavenging, Archetype‑driven weapon progression and tactical decision‑making on the new Avalon map. Instead of relying on a perfect pre‑built class, every match becomes a puzzle of rotations, Activities, Cradle Breaches and resource management, all fully tied into Black Ops 7’s progression. Whether you miss the Blackout era or are just tired of “more of the same” in BRs, this guide breaks down everything you need to know before you drop into Avalon.
3 Mar
André Guaraldo

Comments (2)

Log in to comment on this match
No comments yet

Log in and be the first to start the conversation!

Show more comments