disable 7.2 Image Guardian pop up notification


Author
Message
CalgaryAB
CalgaryAB
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)
Group: Forum Members
Posts: 5, Visits: 11
Is there a way to disable the new pop up notification window?


jphughan
jphughan
Macrium Evangelist
Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)
Group: Forum Members
Posts: 4K, Visits: 29K
Not that I know, but out of curiosity what would be the use case for not informing users when Image Guardian is blocking an attempted action?  Before this arrived in 7.2, there were quite a few threads created here saying, "Why can't I delete/rename/move my image files?  I'm getting this weird error code about a storage policy," because users didn't realize that Image Guardian was doing its job.  And extrapolating from those threads, I would imagine Macrium got quite a few of those questions via email support, helpdesk tickets, and other channels.  That's why the notification exists today.  If you're actively doing something that's triggering that popup, then presumably you would either want to disable Image Guardian (which the popup provides a convenient way to achieve) so that you can accomplish your task, or stop doing whatever you're doing so that the popup stops appearing.  And if that popup is appearing for a reason unknown to you, presumably you'd want to know that something on your system is attempting to modify your backup files without your awareness.

Edited 16 November 2018 6:41 PM by jphughan
CalgaryAB
CalgaryAB
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)
Group: Forum Members
Posts: 5, Visits: 11
I'm a small business support tech and my clients leave IT matters to me: I know about I.G. and if a non-typical client does encounter I.G. preventing their access to .mrimg files without the popup message, they'll call or email me and I can determine what they are trying to accomplish beyond file manipulation, discuss ways to accomplish what they want (quite possibly not involving .mrimg file manipulation) and connect remotely to show them how to enable/disable I.G. if they are needing to know that.  I've been a Reflect proponent (STRONG proponent) since version 4.2 in 2009 and I can't remember a client wanting any hands-on involvement in backups; as long as I can recover files they accidentally delete and recover systems with terminal problems (Windows update crashed a system, hard drive failures on a couple systems, etc) they love backups being left to me.
  Ransomware hackers on the other hand don't need any assistance in any manner.  Presumably ransomware hackers just run a program that encrypts data files but as the sophistication increases, remote access to hacked systems that return large number of errors during the encryption process isn't beyond being a possibility.  I'm just trying to think what a hacker may do and trying to stay a step ahead.
  Maybe I'm just being paranoid, but conversely, am I being paranoid enough? (heh heh)
Nick
Nick
Macrium Representative
Macrium Representative (3K reputation)Macrium Representative (3K reputation)Macrium Representative (3K reputation)Macrium Representative (3K reputation)Macrium Representative (3K reputation)Macrium Representative (3K reputation)Macrium Representative (3K reputation)Macrium Representative (3K reputation)Macrium Representative (3K reputation)
Group: Administrators
Posts: 1.7K, Visits: 9.3K
CalgaryAB - 16 November 2018 7:03 PM
I'm a small business support tech and my clients leave IT matters to me: I know about I.G. and if a non-typical client does encounter I.G. preventing their access to .mrimg files without the popup message, they'll call or email me and I can determine what they are trying to accomplish beyond file manipulation, discuss ways to accomplish what they want (quite possibly not involving .mrimg file manipulation) and connect remotely to show them how to enable/disable I.G. if they are needing to know that.  I've been a Reflect proponent (STRONG proponent) since version 4.2 in 2009 and I can't remember a client wanting any hands-on involvement in backups; as long as I can recover files they accidentally delete and recover systems with terminal problems (Windows update crashed a system, hard drive failures on a couple systems, etc) they love backups being left to me.
  Ransomware hackers on the other hand don't need any assistance in any manner.  Presumably ransomware hackers just run a program that encrypts data files but as the sophistication increases, remote access to hacked systems that return large number of errors during the encryption process isn't beyond being a possibility.  I'm just trying to think what a hacker may do and trying to stay a step ahead.
  Maybe I'm just being paranoid, but conversely, am I being paranoid enough? (heh heh)

Thanks for posting.

If you need to you can disable popups while retaining protection by creating the following registry entry:

Key:   HKEY_LOCAL_MACHINE\SOFTWARE\Macrium
Name:  ReflectUIToastPopup
Type:  DWORD (32 Bit)
Value: 0


Kind Regards

Nick - Macrium Support

jphughan
jphughan
Macrium Evangelist
Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)Macrium Evangelist (5.9K reputation)
Group: Forum Members
Posts: 4K, Visits: 29K
Well there you go, a registry setting to the rescue. Smile

As for the ransomware/hacker scenario though, disabling the notifications doesn't really change anything there.  A program that tries to encrypt Reflect files with Image Guardian will see errors regardless of whether the popup is enabled.  You can try it yourself by disabling the popups and then using something like Command Prompt to try modify a file; you'll still get an error.  In addition, the popup notifications would only come into play for someone who's logged in interactively, which ransomware "distributors" won't be.  They're going for maximum infection and maximum efficiency, so they just want their application to run on victims' PCs and send back a unique ID and a decryption key for each victim so the hacker can then extort the victims.  They don't care about watching anything happen on the victims' PCs.  And even in an edge case where a hacker somehow had malware that gave them remote viewing capabilities, seeing the popup notification doesn't give them the opportunity to do anything about it.  They'd still need admin access to disable Image Guardian, and if the hacker has that, then frankly it's game over anyway.  The most common threat model, and the one Image Guardian is meant to protect against, is that a victim ends up running a malicious application that runs with non-admin rights and encrypts files it can access, typically in the user's profile folders (Desktop, Documents, etc), external hard drives, and network shares -- since files in those areas can be modified without elevated privileges.  That's partly why ransomware is so dangerous -- because it doesn't NEED to have a privilege escalation vulnerability available to exploit.  It can cause problems even for people running as standard users.  That's where Image Guardian comes into play.

As for the rest, I get your point that the users you support probably prefer not to think about backups themselves, but if they're not doing anything with their backups, then they shouldn't be encountering that popup.  And if they are, then once again I'd have thought they'd want to have a clue as to what might be preventing them from doing whatever they're trying to do rather than just getting a somewhat opaque "storage policy" error that doesn't mention Image Guardian at all, but if it's preferable in your use case for users not to be aware of what's going on, then it looks like Macrium already has you covered

Edited 16 November 2018 8:24 PM by jphughan
CalgaryAB
CalgaryAB
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)
Group: Forum Members
Posts: 5, Visits: 11
Nick, the knowledge in your brain never stops amazing me!  Reflect is no small bit of code and it seems that no matter the question, you've got the answer.  Kind of amazing how you single-handedly seem to out-gun teams of dozens or hundreds on other programs' technical support prowess.
  Thanx a mill and please keep developing new features for one of the very few programs that is worth upgrading when new versions come out.  (yeah, I'm looking at you Microsoft Office).
cheers
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search