Last week I've been building a new system with Windows 10 Anniversary Update (version 1607). I wasn't really aware about this, but the mainboard had UEFI Secure Boot enabled per default, as recommended (enforced on out-of-the-box systems) by Microsoft.
Now, with the introduction of Windows 10 Anniversary Update, Microsoft enforces drivers that are signed with an Extended Validation Code Signing Certificate on all new (clean) Windows installs on systems with Secure Boot enabled
When trying to install AOMEI Backupper, Windows rejects the installation of the corresponding drivers as they are not signed with the the correct certificate.
I am aware that I can disable Secure Boot, but would rather not to, as it has some advantages. Many users probably wouldn't know how to do this anyway.
As per Microsoft Developer:
"Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change.
We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software."
Sources: