Blocks malicious applications that try to tinker with the master boot record (MBR), which makes it a viable option for protection against certain types of ransomware.
- MBRFilter
- Version :1.0
- License :GPL
- OS :Windows All
- Publisher :Cisco
MBRFilter Description
Bootkits are a special category of infections that come with an extended ability to tamper with the master boot record (in short, MBR). Aside from a robust preventive attitude (backups, restore points) and a permanent, up-to-date security solution, protecting yourself against such MBR-targeting malware can be done with MBRFilter, a Cisco Talos-signed utility.
MBRFilter is an open-source tool that comes with pre-compiled versions you can use to block any attempt to modify the content of the MBR, otherwise known as sector 0. In other words, with MBRFilter installed, the Master Boot Record becomes read-only, and all the disk writing endeavors are not permitted.
MBR-targeting ransomware, such as Petya, Satana, or HDDCryptor force a reboot of the infected computer, which allows it to modify the data stored on the MBR and display the ransomware message.
The MBRFilter promises to block the disk writing operations, thus preventing the malware from accessing the boot record.
MBRFilter is very easy to deploy, you just have to right-click on the INF file and choose ‘Install’ from the context menu. A reboot is required for the changes to take effect.
When MBR-targeting threats attempt to write on disk, this action is automatically blocked, and MBRFilter displays a notification message that suggests you reboot in safe mode to change the MBR’s content.
Easy to deploy and easy to install, MBRFilter is a handy tool that stops the attempts to modify the MBR in order to avoid ransomware infections.