Every once in a while, i scan my system with anti-rootkit tools. Just yesterday, GMER's scan resulted in a "\Device\Harddisk0\DR0---Unknown MBR code" info entry. I knew that this MBR modification had been caused by Keriver's Recovery Console, but i decided to somewhat test nProtect's MBR protection (as i have done with other legitimate MBR-accessing programs) by selecting "Restore" from GMER's right-click menu. To my great surprise, a standard MBR was restored without any alert from nProtect's utility... I was wondering: q1: How the MBR filter got bypassed? As i mentioned above, i have tested nProtect MBR Guard with other programs (non-malware/rootkit, though), and it succeeded in blocking the MBR accesses (e.g., Keriver's Recovery Console cannot be installed, if the MBR is protected). q2: Is there any other way to protect the MBR WHILE being alerted, at the same time, about the related attempt to access/modify it, besides a full-blown HIPS? PS: Purchasing AppGuard just for the MBR Guard component is not an option for me.