StrafeStrafe Esports
What is enrollaik.exe and Why It Runs When You Play Call of Duty

What is enrollaik.exe and Why It Runs When You Play Call of Duty

Call of Duty

Andre Guaraldo

18 Aug, 2025, 17:02

|

Last updated: 18 Aug, 2025, 17:12

Call of Duty’s latest PC builds now start a small, unfamiliar program called enrollaik.exe every time you launch the game. Far from malware, this executable is a keystone in RICOCHET Anti-Cheat’s new hardware-backed security stack. It automatically enrolls a TPM 2.0 Attestation Identity Key (AIK) so that Activision’s servers can verify your machine at boot and confirm that the kernel-level driver (randgrid.sys) is running in a trusted environment.

Below, we unpack how enrollaik.exe works, why it appears only while the game is open, and how it ties into the Season 05 rollout that requires TPM 2.0 security and Secure Boot for future titles.

credits: Ricochet
credits: Ricochet

Article Highlights:

  • enrollaik.exe is a legitimate executable used by Call of Duty’s Ricochet Anti-Cheat to enroll a TPM 2.0 Attestation Identity Key, enabling hardware-backed security verification.
  • The integration of TPM 2.0 security and Secure Boot helps prevent cheating by ensuring the system boots securely and that the kernel-level anti-cheat driver (randgrid.sys) runs in a trusted environment.
  • There is no conflict between Ricochet’s TPM-based anti-cheat and other major anti-cheats like those in Battlefield 6 or Valorant, with occasional issues being specific hardware or driver settings rather than fundamental incompatibilities.

Why does enrollaik.exe pop up?

When players updated Modern Warfare III or installed Black Ops 6, Windows began prompting them to allow “enrollaik.exe” to make changes. The executable ships inside the game’s depot and weighs just a few hundred kilobytes. Its sole purpose is to call the function that creates an Attestation Identity Key (AIK) tied to the computer’s TPM chip.

What the AIK does

  • Generates a unique RSA/ECC key pair inside the TPM.
  • Requests an AIK certificate from Microsoft’s Azure Attestation service, proving the key is bound to genuine hardware.
  • Stores that certificate so games, and enterprise tools, can ask Windows to prove the system booted securely.

By packaging this step in enrollaik.exe, Activision avoids relying on older Windows builds where certreq.exe may be missing or blocked, reducing user friction during the first launch.

How Ricochet anti-cheat leverages AIK enrollment

Ricochet’s kernel-level driver (randgrid.sys) already monitors low-level memory to catch ring-0 cheats. Starting with Season 05, the driver also checks for a valid AIK certificate at game start-up. If the certificate is absent or invalid, the game silently spawns enrollaik.exe, enrolls a fresh AIK, and then passes the certificate hash to Activision’s authentication service during sign-in.

The ricochet anti-cheat handshake has three results:

  • 1. AIK enrollment: Binds TPM to Activision so it stops spoofed hardware IDs
  • 2. Kernel driver validation: Ensures randgrid.sys is loaded, blocking user-mode cheats from disabling the driver
  • 3. Remote attestation: Server cross-checks PCR values so it detects bootkits and unsigned drivers injected before Windows loads

TPM 2.0 Security and Secure Boot Requirements

Activision confirmed that TPM 2.0 and Secure Boot will become mandatory on PC when Black Ops 7 launches later in 2025. These firmware guards perform a measured boot and lock critical registers (PCR 0–9) before Windows hands control to user processes, a design Microsoft illustrates in its TPM 2.0 reference architecture.

What is enrollaik.exe and Why It Runs When You Play Call of Duty

Why TPM 2.0 matters for cheating

  • Unique Hardware Identity: Each TPM has an Endorsement Key burned by the manufacturer, making hardware bans far harder to evade.
  • Measured Boot Chain: Secure Boot blocks unsigned UEFI drivers; TPM attestation records those measurements so Ricochet can reject tampered systems at log-in.
  • Sealed Secrets: Encryption keys bound to the measured state cannot be released if a cheat alters the bootloader or disables HVCI.

Performance and Privacy

Ricochet stresses that TPM verification runs only during system and game start-up, remaining dormant in-match, and cannot read personal files or browsing data.

Troubleshooting the enrollaik.exe Prompt

  • Enable TPM 2.0 and Secure Boot in BIOS: Most mid-2010s motherboards have firmware TPM and ship with Secure Boot off by default.
  • Verify AIK Enrollment: Run certreq -enrollaik -config "" manually from an elevated terminal; success returns “Key is available”.
  • Check Driver Integrity. sc query atvi-randgrid* should list the Ricochet service; reinstall if missing.
  • Clear TPM (Last Resort): If enrollment fails with 0x80070490, clearing the TPM and rebooting often resolves mismatched EK certificates.

Conflicts with other anti-cheats

Despite concerns about multiple anti-cheat systems running simultaneously, there is no inherent conflict between Ricochet’s TPM 2.0-based security (via enrollaik.exe) and other popular anti-cheats that are having problems like Battlefield 6 and Valorant. These systems are designed to operate independently and coexist on the same PC without blocking each other.

However, some users may experience occasional technical issues such as driver clashes or system stability problems due to the sensitive nature of kernel-level drivers and hardware attestation. These are typically isolated cases related to specific hardware configurations or outdated drivers, not fundamental incompatibilities.

Game developers continue to work closely with hardware and software partners to improve compatibility and reduce false positives. So while the layered security approach is more demanding, it does not cause direct conflicts between anti-cheat solutions in general.

TL;DR: Don't worry about enrollaik.exe

Enrollaik.exe is not spyware; it is a lightweight trigger that enrolls your TPM 2.0 Attestation Identity Key so Activision can cryptographically prove your PC booted cleanly before Ricochet’s kernel driver loads.

This extra handshake, combined with mandatory Secure Boot, raises the barrier for rootkit-level cheats and positions Call of Duty for a hardware-secured future.

Players who enable TPM 2.0 today will transition smoothly into Black Ops 7, while those who ignore the prompt may soon find the game refuses to launch. In short, letting enrollaik.exe run once keeps the firefight fair for seasons to come

For the latest Call of Duty news and guides, follow Strafe Esports. Check out our X account for the latest content and coverages.

Featured image credits: Call of Duty

Latest news

Lamborghini to Sponsor DreamHack Events

Lamborghini to Sponsor DreamHack Events

An unlikely partnership, but one that is as real as anything else; ESL FACEIT Group (EFG) has announced a long-term deal with none other than Italian luxury car brand Automobili Lamborghini. This means that Lamborghini will be the Official Automotive Partner for DreamHack events moving forward, starting with DreamHack Atlanta (May 15-17) in the US.
12 May
Martin Arévalo-Östberg

KeSPA Returns to the Table: Partnership Resumes with Esports Nations Cup for 2026 Edition

KeSPA and the Esports Foundation have to an agreement, bringing the South Korean association back into the fold as National Team Partner, and by extension returns South Korea to the list of nations for the ENC.
9 May
Foo Zen-Wen

Esports Foundation Club Partner Program: Understanding the Engine Behind EWC

The Club Partner Program (CPP) is one of the Esports Foundation (EF) flagship initiatives centered around providing investment and incentives to a select group of esports organizations that are members of the club. It consists of its own ecosystem of support for organizations as well as providing said organizations with a separate track for winning prize money – the Club Championship. But what do we actually know about how it works? Join us as we listen to industry staples speak on their experience.
1 May
Foo Zen-Wen

Xbox Game Pass Gets Price Cut, Drops Call of Duty at Launch

As a response to the player feedback, Xbox Game Pass will now be available for a discounted rate. The catch, however, is that Call of Duty won’t be included at launch. Meaning, if you want to play Call of Duty at launch, you’d have to buy the game.
21 Apr
Ganesh Jadhav

Esports Nations Cup 2026 Confirms 16-Game Lineup for the Inaugural Event

The Esports Foundation has officially confirmed the complete 16-game lineup for the Esports Nations Cup 2026, the inaugural global nation-based esports competition set to take place in Riyadh, Saudi Arabia, from November 2–29, 2026. Over 100,000 players are expected to compete across hundreds of qualification events spanning 100 nations and territories throughout the year.
8 Apr
Kaustavmani Choudhury

Disney+ Expands KeSPA Partnership to Stream More Esports Events in 2026

Disney+ has announced an expanded partnership with the Korea e-Sports Association (KeSPA) to livestream a wider slate of Korean and pan-Asian esports competitions globally throughout 2026, building on an initial deal signed in September 2025.
6 Apr
Kaustavmani Choudhury

Esports Foundation Announces the 40 Clubs for 2026 Club Partner Program

Today, the Esports Foundation (EF) announced the selected 40 esports clubs for the 2026 Club Partner Program. The program, a $20M dollar initiative, provides funding and support for all the selected clubs. Now in its 3rd year, over $100M has been reportedly invested to date.
31 Mar
Foo Zen-Wen

Comments (2)

Log in to comment on this match
No comments yet

Log in and be the first to start the conversation!

Show more comments