What is enrollaik.exe and Why It Runs When You Play Call of Duty

What is enrollaik.exe and Why It Runs When You Play Call of Duty

Andre Guaraldo

18 Aug, 2025, 17:02

|

Last updated: 18 Aug, 2025, 17:12

Call of Duty’s latest PC builds now start a small, unfamiliar program called enrollaik.exe every time you launch the game. Far from malware, this executable is a keystone in RICOCHET Anti-Cheat’s new hardware-backed security stack. It automatically enrolls a TPM 2.0 Attestation Identity Key (AIK) so that Activision’s servers can verify your machine at boot and confirm that the kernel-level driver (randgrid.sys) is running in a trusted environment.

Below, we unpack how enrollaik.exe works, why it appears only while the game is open, and how it ties into the Season 05 rollout that requires TPM 2.0 security and Secure Boot for future titles.

credits: Ricochet
credits: Ricochet

Article Highlights:

  • enrollaik.exe is a legitimate executable used by Call of Duty’s Ricochet Anti-Cheat to enroll a TPM 2.0 Attestation Identity Key, enabling hardware-backed security verification.
  • The integration of TPM 2.0 security and Secure Boot helps prevent cheating by ensuring the system boots securely and that the kernel-level anti-cheat driver (randgrid.sys) runs in a trusted environment.
  • There is no conflict between Ricochet’s TPM-based anti-cheat and other major anti-cheats like those in Battlefield 6 or Valorant, with occasional issues being specific hardware or driver settings rather than fundamental incompatibilities.

Why does enrollaik.exe pop up?

When players updated Modern Warfare III or installed Black Ops 6, Windows began prompting them to allow “enrollaik.exe” to make changes. The executable ships inside the game’s depot and weighs just a few hundred kilobytes. Its sole purpose is to call the function that creates an Attestation Identity Key (AIK) tied to the computer’s TPM chip.

What the AIK does

  • Generates a unique RSA/ECC key pair inside the TPM.
  • Requests an AIK certificate from Microsoft’s Azure Attestation service, proving the key is bound to genuine hardware.
  • Stores that certificate so games, and enterprise tools, can ask Windows to prove the system booted securely.

By packaging this step in enrollaik.exe, Activision avoids relying on older Windows builds where certreq.exe may be missing or blocked, reducing user friction during the first launch.

How Ricochet anti-cheat leverages AIK enrollment

Ricochet’s kernel-level driver (randgrid.sys) already monitors low-level memory to catch ring-0 cheats. Starting with Season 05, the driver also checks for a valid AIK certificate at game start-up. If the certificate is absent or invalid, the game silently spawns enrollaik.exe, enrolls a fresh AIK, and then passes the certificate hash to Activision’s authentication service during sign-in.

The ricochet anti-cheat handshake has three results:

  • 1. AIK enrollment: Binds TPM to Activision so it stops spoofed hardware IDs
  • 2. Kernel driver validation: Ensures randgrid.sys is loaded, blocking user-mode cheats from disabling the driver
  • 3. Remote attestation: Server cross-checks PCR values so it detects bootkits and unsigned drivers injected before Windows loads

TPM 2.0 Security and Secure Boot Requirements

Activision confirmed that TPM 2.0 and Secure Boot will become mandatory on PC when Black Ops 7 launches later in 2025. These firmware guards perform a measured boot and lock critical registers (PCR 0–9) before Windows hands control to user processes, a design Microsoft illustrates in its TPM 2.0 reference architecture.

What is enrollaik.exe and Why It Runs When You Play Call of Duty

Why TPM 2.0 matters for cheating

  • Unique Hardware Identity: Each TPM has an Endorsement Key burned by the manufacturer, making hardware bans far harder to evade.
  • Measured Boot Chain: Secure Boot blocks unsigned UEFI drivers; TPM attestation records those measurements so Ricochet can reject tampered systems at log-in.
  • Sealed Secrets: Encryption keys bound to the measured state cannot be released if a cheat alters the bootloader or disables HVCI.

Performance and Privacy

Ricochet stresses that TPM verification runs only during system and game start-up, remaining dormant in-match, and cannot read personal files or browsing data.

Troubleshooting the enrollaik.exe Prompt

  • Enable TPM 2.0 and Secure Boot in BIOS: Most mid-2010s motherboards have firmware TPM and ship with Secure Boot off by default.
  • Verify AIK Enrollment: Run certreq -enrollaik -config "" manually from an elevated terminal; success returns “Key is available”.
  • Check Driver Integrity. sc query atvi-randgrid* should list the Ricochet service; reinstall if missing.
  • Clear TPM (Last Resort): If enrollment fails with 0x80070490, clearing the TPM and rebooting often resolves mismatched EK certificates.

Conflicts with other anti-cheats

Despite concerns about multiple anti-cheat systems running simultaneously, there is no inherent conflict between Ricochet’s TPM 2.0-based security (via enrollaik.exe) and other popular anti-cheats that are having problems like Battlefield 6 and Valorant. These systems are designed to operate independently and coexist on the same PC without blocking each other.

However, some users may experience occasional technical issues such as driver clashes or system stability problems due to the sensitive nature of kernel-level drivers and hardware attestation. These are typically isolated cases related to specific hardware configurations or outdated drivers, not fundamental incompatibilities.

Game developers continue to work closely with hardware and software partners to improve compatibility and reduce false positives. So while the layered security approach is more demanding, it does not cause direct conflicts between anti-cheat solutions in general.

TL;DR: Don't worry about enrollaik.exe

Enrollaik.exe is not spyware; it is a lightweight trigger that enrolls your TPM 2.0 Attestation Identity Key so Activision can cryptographically prove your PC booted cleanly before Ricochet’s kernel driver loads.

This extra handshake, combined with mandatory Secure Boot, raises the barrier for rootkit-level cheats and positions Call of Duty for a hardware-secured future.

Players who enable TPM 2.0 today will transition smoothly into Black Ops 7, while those who ignore the prompt may soon find the game refuses to launch. In short, letting enrollaik.exe run once keeps the firefight fair for seasons to come


For the latest Call of Duty news and guides, follow Strafe Esports. Check out our X account for the latest content and coverages.

Featured image credits: Call of Duty

Latest news

New Study Finds 400 Million Gen Z Consumers Regularly Engage With Esports

New Study Finds 400 Million Gen Z Consumers Regularly Engage With Esports

The numbers are in, and they're hard to argue with. A new whitepaper from ESL FACEIT Group (EFG), Hero Esports, and Niko Partners titled The Esports Generation: Who They Are & Why They Spend dropped today, and it paints a picture of an audience that is bigger, more engaged, and more commercially valuable than many brands still realize
25 Jun
Thales Costa

G2 Esports and One Piece Collaborate to Create New Limited-Edition Drop

Esports giant G2 is making another move into the anime fashion space, this time partnering with one of the most beloved franchises in the world. In collaboration with One Piece, G2 has announced a new limited-edition streetwear drop available as of today (June 25).
25 Jun
Martin Arévalo-Östberg

GOALS Partners with PUMA for Exclusive In-Game Collectible Cosmetics

The new online football game currently gathering momentum — GOALS — has announced their latest endeavour: a team up with major sports brand: PUMA. The sports brand giant becomes the first to align themselves with GOALS for the release of an exclusive line of collectable cosmetics.
18 Jun
Foo Zen-Wen

Esports Foundation Bets $2M on Creators to Bring EWC and ENC to Every Corner of the World

The Esports Foundation just made a major move for content creators. On June 11, 2026, the organization behind the Esports World Cup and the Esports Nations Cup officially opened applications for its 2026 Creator Program, the largest co-streaming initiative esports has ever seen, and it is backing it up with a $2 million investment in creator rewards.
11 Jun
Thales Costa

KSI Becomes First 'Original' in New Football Game 'GOALS'

‘GOALS’ is a new online football game title designed by its namesake studio based in Stockholm, Sweden. Framed as a free-to-play, competitive, online title, ‘GOALS’ seeks to enter the competitive sports-esport cross-section with the tagline as the “next evolution of football gaming experiences”.
4 Jun
Foo Zen-Wen

G2 Esports Brings Fantasy Webcomic Red Aura to Global Audiences on WEBTOON

G2 Esports, one of the world's most recognisable names in competitive gaming, is stepping further into the world of original entertainment with the English-language global launch of its fantasy-action webcomic, Red Aura, on WEBTOON. The series goes live on Saturday, June 6, under the platform's prestigious WEBTOON Originals label.
4 Jun
Martin Arévalo-Östberg

CoD Black Ops 7 Season 4 Update: New Modes, Battle Pass Rewards, and Patch Notes Overview

Call of Duty Black Ops 7 Season 4 starts on June 4 with new 6v6 maps, modes and Endgame operations. The update also refreshes Zombies, Warzone, the Battle Pass and ranked rewards so players can follow every weapon, camo and seasonal unlock in one place.
3 Jun
André Guaraldo

Comments (2)

Log in to comment on this match
No comments yet

Log in and be the first to start the conversation!

Show more comments