MBRFilter protects the Master Boot Record against manipulation

MBRFilter is a new open source software for Windows devices designed to protect the Master Boot Record against manipulation.

The Master Boot Record holds information about how partitions and file systems are organized on a storage device.

It triggers the loader of installed operating systems as well, which makes it an important part of any computer system.

If the Master Boot Record is altered, either accidentally or through malicious software, it may result in boot errors or other issues.

There is malware out there in the wild that overwrites the Master Boot Record with its own boot loader. Petya, a ransomware, does so for instance.




The main purpose of MBRFilter is to protect the Master Boot Record against any form of manipulation.

Note: It is highly recommended to test the filter on a test system before it is installed on a production machine. Create a system backup before you do so in either case to be on the safe side.

Installation is a bit finicky. The filter is supplied as source, but also as a 32-bit and 64-bit driver for Windows. Make sure you download the correct version for Windows and unpack the downloaded archive afterwards.

The archive contains an .inf file and a .sys file. Right-click on MBRFilter.inf and select install from the context menu that opens. You are prompted to reboot the system afterwards to complete the installation.

If things worked well, Windows should boot again and you can start using the system like before. The only thing that you need to be aware of is that the driver will prevent writes to sector 0 on all drives, including those that you may authorize. You may run into issues for instance when initializing new drives on the machine.

This can cause an issue when initializing a new disk in the Disk Management application. Hit  ‘Cancel’ when asks you to write to the MBR/GPT and it should work as expected.

Alternatively, if OK was clicked, then quitting and restarting the application will allow partitoning/formatting.

Removal is quite complicated as well. The Github project page lists all the steps required to remove the MBRFilter again from a machine. Basically, the following steps need to be completed:

  1. Open a Registry Editor and remove the MBRFilter line from the UpperFilters Registry key: HKLM\System\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
  2. Reboot
  3. Use AccessMBR, a program supplied on the Github site as well to verify that the MBR lock is disabled.

The only option you have to manipulate the boot sector while the driver is active is to boot into Safe Mode.

Closing Words

If you are worried particularly about malware that overwrites the Master Boot Record, or accidentally damaging it, then you may find MBRFilter useful as it prevents that from happening.

It may make more sense for most users to install anti-ransomware software or antivirus software instead which should prevent ransomware or malware from running on the PC in first place (and thus modifying the MBR). MBRFilter