Possible F-Secure would protect the MBR but I do not know
Good question and got me curious so after a quick search I found this.
Quote : " After seeing the video, it looks like the method of the testing is not reflective of how ransomware enters the users' computer in the real world. And I'm emphasizing this because the malware's method of entry into the user's system is also part of how our detections work. Typical ransomware nowadays come in via spam emails. A minority is also propagated via exploit kits, malvertising and other web-related infection vectors. So if there are files that are coming in from those potential infection vectors, our detection layers have an extra layer of suspicion that is attributed to that file and it will most likely be detected.
That being said, the testing done in the video started with the file already in the system. The infection vector is not in the picture anymore and as such, all our network, web traffic and additional data for our Deepguard, is not available anymore. And in the real world, these ransomware files will not just appear that way. So in this testing, the only parts of the products that are tested are the file detection layers, and some parts of Deepguard. So in a way, this is not our product's full potential in protecting users against ransomware in the real world.
That being said, I've had a quick discussion with some of our engine developers, and we will still schedule an investigation into how we can load the product early enough without sacrificing performance. But of course we will also balance this if having this will truly give real protection for our users, or if the existing layers of protection are already sufficient when a ransomware arrives into the system via the channels it uses. "
Source :
When can we expect "Boot Time Protection"? - F-Secure Community - 91139
Missed out on this comment from F-Secure and it's interesting IMO on several points. Have no clue if they added something in any updates or upcoming versions but I would still suggest the use of Talos MBR Filter as one of several security layers.
MBR Filter - Cisco Talos
