Skip to end of metadata
Go to start of metadata

In this article:

This article contains information about how the Macrium Image Guardian features can be used to protect golden images against ransomware and accidental deletion.

Macrium SiteDeploy® can make use of the Macrium Image Guardian (MIG) feature, which provides ransomware protection for golden images that are stored locally on the Site Manager server.

MIG works by preventing unauthorized delete or write operations from being performed on Macrium backup files by any process that does not have a valid Macrium code signature.

MIG can be used to protect golden images against accidental deletion and malicious third parties like ransomware.

Learn more about Macrium Image Guardian in Macrium Reflect here.


When you install SiteDeploy® for the first time, the installation will show you an option to install Macrium Image Guardian:

Once MIG has been installed, the computer may need to be rebooted before the Macrium Image Guardian driver is loaded and MIG can provide protection. Installing MIG via the SiteDeploy® installer will only protect backup image files hosted locally on the server. A standalone MIG installer can be downloaded to protect golden images located on shares local to other Windows computers. The installers can be found on the 'System' page within the Site Manager settings.

For existing Macrium Site Manager and SiteDeploy® installations, Macrium Image Guardian can be installed by navigating to the control panel and then selecting ‘Programs and Features’. Select ‘Macrium Site Manager with SiteDeploy’ or 'Macrium SiteDeploy' from the list of installed programs, then select ‘Change’.  

In the wizard that opens, select ‘Next’ then ‘Modify’. On the next page of the wizard, you can specify additional installation options. Ensure that ‘Install Macrium Image Guardian’ is selected, then select ‘Next’ and then ‘Install’. 

Tip for Site Manager Users

If Macrium Image Guardian has already been installed via Macrium Site Manager, then no further actions need to be taken. The driver and control application will already be installed and can be used with Macrium SiteDeploy® to protect golden image stores.


Once MIG has been installed, you can configure it by running the Macrium Image Guardian configuration app. A desktop icon and start menu entry will be created by the SiteDeploy® installer. The application can be found at C:\Program Files\Macrium\Common\MIGPopup.exe.

Running this program will display the following interface:

The 'Settings' page is where MIG can be enabled and disabled. MIG can also be disabled temporarily for a specified time period, this can be helpful when performing server maintenance.

To enable MIG on particular volumes, first Macrium Image Guardian must be turned on in the 'Settings' tab, then volumes can be selected in the 'Volumes' tab.

Select 'OK' or 'Apply' to confirm the selection.

Once MIG has been enabled for a volume, the volumes icon will change to the Macrium Image Guardian shield. This indicates that the volume is now being protected by MIG.

Controlling Macrium Image Guardian using the Golden Image Stores UI

If Macrium Image Guardian has been enabled in the Macrium Image Guardian configuration app, the local volumes it protects can be controlled using the SiteDeploy® UI. The arrow next to the golden image store can be expanded to show additional options for the golden image store. The Macrium Image Guardian switch can be toggled to enable or disable Macrium Image Guardian protection for the volume where this golden image store is located. If multiple golden image stores are located on the same local volume, this switch will disable/enable Macrium Image Guardian for all of the golden image stores.

If Macrium Image Guardian is disabled in the Macrium Image Guardian configuration app, then the option to control Macrium Image Guardian for a golden image store will be disabled:

Macrium Image Guardian in action

If a third-party process attempts to modify or delete a golden image, the following notification will be displayed:

The 'Events' tab of the Macrium Image Guardian Control app can be checked for more information about the process that was blocked:

  • No labels