Advice Request Anyone using MBRFilter?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Any risks with MBRFilter? Specifically I would like to know if MBRFilter might block a required change and cause a problem that way. Also, it would be helpful to know if this issues a warning or if a Windows warning is the sign the protection has blocked something. Really would like to know if this will block MBR damaging malware (Petya) working with AppCheck Free.

I have a Windows 7 PC that is GPT, so I guess I will not need this for protection against MBR damaging ransomware and other malware. Is this a safe conclusion to make? Other MBR PCs here are the ones I am concerned about for now.
 
5

509322

Any risks with MBRFilter? Specifically I would like to know if MBRFilter might block a required change and cause a problem that way. Also, it would be helpful to know if this issues a warning or if a Windows warning is the sign the protection has blocked something. Really would like to know if this will block MBR damaging malware (Petya) working with AppCheck Free.

I have a Windows 7 PC that is GPT, so I guess I will not need this for protection against MBR damaging ransomware and other malware. Is this a safe conclusion to make? Other MBR PCs here are the ones I am concerned about for now.

The greatest danger is that the uninstall directions are poorly written. If the uninstall is done incorrectly\goes badly, then you might get the dreaded BSOD INACCESSIBLE_BOOT_DEVICE - which means a probable clean install of the OS.

Ask others who have uninstalled it successfully if need be.
 
Last edited by a moderator:
5

509322

I have a Windows 7 PC that is GPT, so I guess I will not need this for protection against MBR damaging ransomware and other malware. Is this a safe conclusion to make? Other MBR PCs here are the ones I am concerned about for now.

I'm going to relay what Fabian Wosar stated over at Wilders. It goes something like this...

MBR modifying malware can still cause trouble. Some don't check if the system boots using BIOS\etc and will over-write the GPT causing damage. Then it will have to be repaired.

I'm not sure of the GPT subtleties - in other words, if MBRFilter will protect GPT. For a reliably accurate answer ask Fabian Wosar. He might answer, he might not answer. It's like Santa Claus, you won't get it unless you ask for it.
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Any risks with MBRFilter? Specifically I would like to know if MBRFilter might block a required change and cause a problem that way. Also, it would be helpful to know if this issues a warning or if a Windows warning is the sign the protection has blocked something. Really would like to know if this will block MBR damaging malware (Petya) working with AppCheck Free.

I have a Windows 7 PC that is GPT, so I guess I will not need this for protection against MBR damaging ransomware and other malware. Is this a safe conclusion to make? Other MBR PCs here are the ones I am concerned about for now.
It behaved OK on my PC's (allowing restores etc), as @mood said the uninstall instructons are very poorly written and require that you are familiar with registry editor (you should not delete the key, only the value from the key). So while it is easy to install it is hard to remove.
 
  • Like
Reactions: Brahman and AtlBo

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
It behaved OK on my PC's (allowing restores etc), as @mood said the uninstall instructons are very poorly written and require that you are familiar with registry editor (you should not delete the key, only the value from the key). So while it is easy to install it is hard to remove.

I can not uninstall MBRfilter confuses some guidance that works thanks? I have every time BSOD.
 
5

509322

I can not uninstall MBRfilter confuses some guidance that works thanks? I have every time BSOD.

If you deleted the entire key, then it will result in an INACCESSIBLE_BOOT_DEVICE BSOD.

To fix that type of BSOD you must clean install the OS or use the Microsoft ISO on a bootable disk\usb and try the repair disk function or do an image restore that has a Windows boot loader. A clean install works like a charm every time. The others not so much.

The MBRFilter uninstall instructions are poorly written. You just need to delete the key value and not the entire key itself.
 
Last edited by a moderator:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
The Image is gone. 404 error. Well I am still struggling to remove the key. Already got BSOD 2 times (Phew ....restored from image). Please help me to get rid of this MBR filter.

Open Regedit and navigate to this key:

HKLM\System\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}

Post the contents (attach screen print as picture or copy text in line)

I will tell you what to remove
 

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
799
Open Regedit and navigate to this key:

HKLM\System\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}

Post the contents (attach screen print as picture or copy text in line)

I will tell you what to remove

I tried to delete the upper filters key and it ended in a bsod. I am on windows 10 ( insecure boot)
 

Attachments

  • reg key.jpg
    reg key.jpg
    210.7 KB · Views: 438
  • Like
Reactions: AtlBo
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top