Can CTM be stronger against MBR changes by malware?

If a malware messes the MBR, CTM could lost all the snapshots and the computer should be unbootable.
Recently was discussed some rootkits that could bypass the snapshots technology.
Is there anything in your minds to make CTM stronger against non-authorized changes to MBR?

For instance (block all only):

I thinks that’s the job of an antivirus/antirootkit/HIPS. Does anyone know if the HIPS in CIS protect the MBR against rootkits?

I know that Avira has MBR rootkit protection in Antivir as well. I’m sure Comodo does, too.

I’m not telling it’s not an antivirus work. It is.
But detecting zero day rootkits and tons of their variants is not as simple… If it fails and if CTM is protected, you could restore a clean snapshot. That what we want.
Almost any decent antivirus protect against MBR virus. But they would never be 100%.

The first thing that comes to mind is to give CTM the ability to backup and restore MBRs, preferably backing up the original as part of the installation. The backups should be forcibly saved only onto a removable media, like a flash drive.

This has been asked for on several occasions.

Ewen :slight_smile:

Also partition table (seems that this is a new issue :cry:;msg414962#msg414962)