Can DeepGuard block writing to disk by sending SCSI IRP?

Homecomings

I tested several MBRKiller samples and I found one that bypassed DeepGuard. It seems that the sample writes to disk by sending SCSI IRP to disk driver to write MBR directly.

Will DeepGuard block this behavior in the future?

Here is the sample:

Ivan_Osipov

Hello @Homecomings

Thanks for your feedback. Could you please upload this file here: https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample?

And also please don't attach malware or malware samples like this in the future. Please use this link instead.

Best Wishes.