same thing, ransomwares can still corrupt your HDD because every GPT drive has a small MBR partition for backward compatibility. The only thing I'm not sure is the possibility we can restore the data in those GPT partition. It's obvious that with MBR, the drive is dead
This seems to match my experience. Except I think that the experience I had was in reverse. I had trouble restoring full system images on GPT drives 4 or 5 times in a row. I can't say AppCheck had anything to do with this, because it allows only reads, but I think EUFI/EFI may need to occasionally write to the mbr during Windows operation (standard boot security of some kind maybe running while AppCheck is running too or maybe loading).
The PCs are earlier series of GPT/EUFI/EFI (2 PCs). I think on these slightly dated PCs, it was the BIOS I believe may have been confused by AppCheck rather than corruption of the mbr from R/W. I noticed multiple entries for the boot loader in the EUFI/EFI startup application, like it was expecting something in the mbr that wasn't there so it created another entry. Then during Windows runtime perhaps (or early boot time A/C on) that couldn't be changed or verification achieved (due to mbr write protection). ALL a guess. None of the multiple boot loaders in EUFI BIOS would boot. Some kind of security mismatch of values during the boot. EUFI says this...mbr protection says no.
I read around and read of stories of this same thing with as many as 20+ instances of the boot loader on a PC (HPs too like these), so security came to my mind as something that could be affecting the slightly dated hardware setups. This seems to coincide roughly with the time AppCheck introduced free mbr protection too. And HP is kind of over the top about workstation security.
I suspect on a newer BIOS this issue would have been dealt with however. Haven't updated this BIOS yet (just turned off A/C R/W mbr protection), which I will be doing soon enough. Otherwise, no idea if this is the cause of the problem I had or could be present on newer systems. Kind of doubt so, since it surely would have been caught and fixed.
Just for me an interesting if painful blip of PC agony I guess...although getting the system back in both cases was no fun whatsoever->Windows fixes all failed, so yep, replacing hive files was the only way for those aware of that technique...