Hey Pete. RansomOff does not modify the MBR. The protection is implemented in an upper disk filter. You have to reboot because of how Windows operates the drive stack. Upper disk filters cannot be added or removed dynamically, say like a file filter. When you untick MBR protection on HMPA, it doesn't remove the filter but simply sets a flag internally in their driver saying "we are now ignoring all requests, just pass this on through to the next driver." The driver is still loaded but just not engaged. When you untick MBR in RO, we stop the driver from loading into the device stack in the first place. Hope that makes sense.