diff --git a/README.md b/README.md
index 549b8d9..15e66ea 100644
--- a/README.md
+++ b/README.md
@@ -119,6 +119,7 @@ Some useful configurations have been supplied in /etc/default/vms:
    * The service can be removed from the system with `cd Qubes-VM-hardening; sudo bash install --uninstall`
 
 ## Releases
+   - v0.9.2  Fix vm-boot-protect mode
    - v0.9.1  Optimized, fix rc order, new "wiperw" tag
    - v0.9.0  Add tags and rc files, protect more home scripts, reinitialize home
    - v0.8.5  Fix template detection, /etc/default/vms erasure
diff --git a/vm-boot-protect.sh b/vm-boot-protect.sh
index d19772a..af192b7 100755
--- a/vm-boot-protect.sh
+++ b/vm-boot-protect.sh
@@ -30,7 +30,7 @@ rwbak=$rw/vm-boot-protect
 errlog=/var/run/vm-protect-error
 servicedir=/var/run/qubes-service
 defdir=/etc/default/vms
-version="0.9.1"
+version=0.9.2
 
 # Define sh, bash, X and desktop init scripts in /home/user
 # to be protected
@@ -277,11 +277,6 @@ if qsvc vm-boot-protect-root && [ $rwonly_pers = 1 ]; then
 
 fi
 
-# Keep configs invisible at runtime...
-if ! is_templatevm; then
-    rm -rf "$defdir" $servicedir/vm-boot-tag* $servicedir/vm-boot-protect* $errlog
-fi
-
 # Remove backups if indicated
 if [ $save_backup = 0 ]; then
     chattr -R -f -i $rwbak
@@ -294,4 +289,8 @@ if qsvc vm-boot-protect || qsvc vm-boot-protect-root; then
     umount $rw
 fi
 
+# Keep configs invisible at runtime...
+if ! is_templatevm; then
+    rm -rf "$defdir" $servicedir/vm-boot-tag* $servicedir/vm-boot-protect* $errlog
+fi
 exit 0