Applies to Sophos Home for Windows
What is it?
Master Boot Record Protection, also known as WipeGuard, is part of the behavioral module in Sophos Home, it prevents ransomware from destroying your storage configuration. It will evaluate and stop activities that involve hard drive formatting/deletion.
How to exclude a drive from WipeGuard to format it?
If you receive an Attack Intercepted message when trying to format a drive, you might need to exclude the behavior to proceed as needed. Adding exclusions reduces your security, so proceed with caution!
When a detection occurs, users will receive a message on their Sophos Home Dashboard reading "Malicious behavior prevented" WipeGuard.
To exclude a drive, follow these steps
Option 1 Temporarily Disable Mater Boot Record Protection
This will turn off the feature for all your drives, proceed with caution!
- Access the Sophos Home Dashboard
- Navigate to PROTECTION > Ransomware > Master Boot Record Protection
- Click on the slider to turn it off (it will turn gray)
- Reboot your computer
- Format the drive
- Re-enable Master Boot Protection by following steps 1-3
Option 2 - Create an exclusion for a specific drive
This will turn off the feature for a specific drive, proceed with caution!
- Access the Sophos Home Dashboard
- Locate the WipeGuard Malicious behavior prevented entry in the HISTORY tab
- Click Show Advanced Options
- Locate "Did we get this wrong?"
- Click Allow and Unblock
- Click Allow Behavior when presented with the popup
- Reboot your system and format the drive
- Navigate to PROTECTION > Ransomware > Master Boot Record Protection
- Locate the exclusion and remove it to ensure your drive is protected again