Hmm... Take, for example, Dr.Web Security Space antivirus. It by default prohibits low-level access to the disk, which prevents such malicious programs designed to destroy the MBR from destroying it. And with all that, the computer functions normally, everything boots up. You can even check it yourself. Or, for example, Kaspersky Standard/Plus/Premium antivirus - it has an "Intrusion Prevention" component with four groups of applications - "Trusted", "Weak Restrictions", "Strong Restrictions" and "Untrusted". So, if I prohibit low-level access to the disk and the file system for the last three groups and then reboot - nothing happens, everything works correctly (the "Trusted" group is excluded because unknown malware would fall into the "Weak Restrictions" group at most). Even if no such rule is added to HIPS, why doesn't ESET react to the fact that some unknown program changed the MBR? This is quite strange, I would like to see at least a detection of behavior analysis, as, for example, Kaspersky does when it sees an attempt to change the MBR by an unknown program. Oh, and by the way, why not make this rule only for unknown ESET programs? But for trusted applications (say, those with a trusted digital signature or those whose security has been confirmed by ESET LiveGrid) such actions would be allowed