MBRFilter protects the Master Boot Record against manipulation
MBRFilter is a new open source software for Windows devices designed to protect the Master Boot Record against manipulation.
The Master Boot Record holds information about how partitions and file systems are organized on a storage device.
It triggers the loader of installed operating systems as well, which makes it an important part of any computer system.
If the Master Boot Record is altered, either accidentally or through malicious software, it may result in boot errors or other issues.
There is malware out there in the wild that overwrites the Master Boot Record with its own boot loader. Petya, a ransomware, does so for instance.
MBRFilter
The main purpose of MBRFilter is to protect the Master Boot Record against any form of manipulation.
Note: It is highly recommended to test the filter on a test system before it is installed on a production machine. Create a system backup before you do so in either case to be on the safe side.
Installation is a bit finicky. The filter is supplied as source, but also as a 32-bit and 64-bit driver for Windows. Make sure you download the correct version for Windows and unpack the downloaded archive afterwards.
The archive contains an .inf file and a .sys file. Right-click on MBRFilter.inf and select install from the context menu that opens. You are prompted to reboot the system afterwards to complete the installation.
If things worked well, Windows should boot again and you can start using the system like before. The only thing that you need to be aware of is that the driver will prevent writes to sector 0 on all drives, including those that you may authorize. You may run into issues for instance when initializing new drives on the machine.
This can cause an issue when initializing a new disk in the Disk Management application. Hit 'Cancel' when asks you to write to the MBR/GPT and it should work as expected.
Alternatively, if OK was clicked, then quitting and restarting the application will allow partitoning/formatting.
Removal is quite complicated as well. The Github project page lists all the steps required to remove the MBRFilter again from a machine. Basically, the following steps need to be completed:
- Open a Registry Editor and remove the MBRFilter line from the UpperFilters Registry key: HKLM\System\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
- Reboot
- Use AccessMBR, a program supplied on the Github site as well to verify that the MBR lock is disabled.
The only option you have to manipulate the boot sector while the driver is active is to boot into Safe Mode.
Closing Words
If you are worried particularly about malware that overwrites the Master Boot Record, or accidentally damaging it, then you may find MBRFilter useful as it prevents that from happening.
It may make more sense for most users to install anti-ransomware software or antivirus software instead which should prevent ransomware or malware from running on the PC in first place (and thus modifying the MBR).
Ah!, the old Anarchist Cookbook, brings back many memories
@SHAWN Anarchist cookbooks were text files, so no worries.
I would like to install this, but I am curious if there are any compatibility concerns while using Bitlocker?
I have not tried it. I would assume that there won’t be any, as it protects the MBR from modifications but does not alter it.
exactly my thoughts…
Last time I read, anti-ransonware software still could not detect MBR-attacking malware.
No antivirus company would like to put themselves out of business. What happened to the antivirus hardware(chips) talked about 25 years ago.
When you get so paranoid that you install every possible form of protection on your PC, all of that protection is going to cause you as much grief as the “nasties” you are trying to protect against. Just look at Avast’s recent attack on attempts by Mozilla to quickly deal with Firefox issues. Software companies like Mozilla going to have to start testing their software with all of the protection software out there to ensure it isn’t mistreated.Oh no. That would be prohibitively costly. They will just leave it up to the user to deal with the mess.
Be careful out there.
Downloaded and installed on Windows 10, 64bit system, installed with no issues..Here is the download link: http://www.softwarecrew.com/2016/10/stop-ransomware-infecting-your-mbr-with-mbrfilter/
Dude where is the download link? If it’s supposed to be the landing page link, well then you messed it up cause it points to this very page.
Sorry for that, fixed it.
@ Kenneth Knudsen
“Dude where is the download link?”
Why don’t you show a bit of initiative / self reliance, Try typing MBRfilter into your Browser’s search box.
That’s not difficult now is it ? Sarcasm intended, Dude.
The irony is that the program was mentioned elsewhere but with no link. I used Google and one of the results was this page.
Well, I would appreciate a direct link as well. You know, humans are lazy creatures. It’s just more convenient. That has nothing to do with difficulty, and feeding Google with more data just because there is no link? Using DuckDuckGo is an alternative, but in my experience there are often moments where it doesn’t show something what I wanted at all. But Google does
I have to agree with Gary D on this one and seriously if you lack the methods of searching for a tool BY GOD don’t use things like this might create a black hole (Sarcasm included) some tools are great but seriously if you don’t have the “Nack” gene as Dilbert would call it don’t mess with tools like this, hell reminds me of the days when a guide like 40hex or the anarchist cookbook was roaming the bbs’s I for one was no fool in messing with theses doc’s considering PC’s we’re 3k in price in minimum..
Also .inf extensions you might as well call it .bat, .com .exe, .msi or any of the auto run’s available.. unless you know WTF you are doing make backups, restore points then play as you want.