MIG Protection During File Copying


Author
Message
capair45
capair45
Expert
Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)
Group: Forum Members
Posts: 464, Visits: 5.9K
I have Macrium Image Guardian (MIG) enabled on all my storage devices.

This morning, I decided to copy one image file from its MIG protected location to another disk. The reason was I wanted this file to be kept indefinitely on another disk and not subject to the retention rules. I used File Explorer for this process. The file was going to be copied from (I) to (D).

I have MIG protection enabled on the device where the file is stored and decided to test the MIG protection feature without disabling it first. To my surprise, the copy process started and completed with no message or intervention from Reflect. I was able to copy the image without disabling MIG.

See the attached image. In the left panel, note that MIG is enabled on Drive I. The upper-right panel shows the file nested in a folder on Drive I. The lower-right folder shows the copying of that file in process.

As a further test, I tried deleting an image file using File Explorer and the operation was correctly blocked by MIG.

My understanding is that MIG should stop this kind of process. Could it be that since I was copying the file from one MIG protected disk to another MIG protected disk, the operation is allowed?




Windows 10 Home (20H2)
Macrium Reflect 7.3.5321
Windows Defender
Malwarebytes Premium 4.2.3


jphughan
jphughan
Macrium Evangelist
Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)Macrium Evangelist (11K reputation)
Group: Forum Members
Posts: 7.9K, Visits: 55K
MIG doesn’t prevent the creation of new Reflect backup files on a volume, only the modification or deletion of existing backup files. I’m guessing that the idea is that creating a new backup file is not on its own a capability that a ransomware application would be able to use for malicious purposes.
capair45
capair45
Expert
Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)Expert (721 reputation)
Group: Forum Members
Posts: 464, Visits: 5.9K
jphughan - 13 September 2020 3:53 PM
MIG doesn’t prevent the creation of new Reflect backup files on a volume, only the modification or deletion of existing backup files. I’m guessing that the idea is that creating a new backup file is not on its own a capability that a ransomware application would be able to use for malicious purposes.

Ok.  Thanks for explaining that.

Windows 10 Home (20H2)
Macrium Reflect 7.3.5321
Windows Defender
Malwarebytes Premium 4.2.3


GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search