Macrium Image Guardian Overview
| Macrium Image Guardian protects your backup files from unauthorised modification. MIG grants write access to existing backups file for Macrium Reflect 7.1, any image tools created by us, and optionally, MS RoboCopy. All other process attempting to update existing backup files will be denied access. MIG protects local NTFS volumes and allows Macrium Reflect 7.1 and later to use the protected volume as a shared network resource. |
Macrium Image Guardian protection architecture
Macrium Image Guardian protecting backups in a networked environment
In the above illustration, the PC sharing the backup repository (Shared Volume) has a full install of Macrium Reflect, including MIG. A local drive is shared over the network and MIG has been enabled on that drive in the Macrium Reflect user interface.
The other PC’s on the network can backup to this shared drive and do not require MIG to be installed. Backup file write access is automatically granted to Macrium Reflect 7.1, and later, write access for earlier versions of Macrium Reflect and other processes will fail.
The PC hosting the share with MIG installed can be used as a standalone Macrium Reflect installation. The protected drive will prevent unauthorised access to backup files on that drive if the local PC creates backups to the protected volume.
Installing Macrium Image Guardian
MIG is an optional component in the Macrium Reflect installer, It is selected by default and is available for Windows 7 and above in all editions of Macrium Reflect except for the Free Edition.
After installation, if MIG has automatically protected any local back drives for existing backup definitions then the following message box is displayed the first time Macrium Reflect is started:
Activating Macrium Image Guardian
MIG is active directly after installation and will automatically protect backup destination drives.
To turn MIG on or off, take the 'Other Tasks' > 'Macrium Image Guardian Settings..' menu option:
Turn on Image Guardian | Starts the Image Guardian Service | ||||||||
Automatically protect local backup drives | When turned on, all saved backup definitions are searched and Image Guardian is enabled for local backup drives When creating a new backups, unprotected target drives will be automatically protected by enabling Image Guardian on the drive. When the PC is restarted, Image Guardian will be re-enabled on all backup drives. This prevents accidentally leaving your drives unprotected by manually turning protection off. | ||||||||
Allow RoboCopy to sync and move backup files on protected volumes | Enables the MS utility RoboCopy to delete and overwrite backup files on protected volumes with the /MOV, /MOVE, /PURGE and /MIR parameters.
RoboCopy and Network Shares If the source of a /MOVE /MOV or target of a /MIR /PURGE operation is a MIG protected volume on a network share then all delete operations are blocked. This is because RoboCopy 'Rules' can only be applied if the Windows session that's opening the files is the same Windows session that's running RoboCopy. In the case of a network share, the remote computer is opening the files and will block all delete operations.
| ||||||||
Off | Turns off the Image Guardian service.
|
Macrium Image Guardian Events
To view Image Guardian windows events, take the 'Other Tasks' > 'Macrium Image Guardian Settings..' menu option and select the 'Events' tab:
Number | Event Name | Severity | Description |
---|---|---|---|
100 | EVT_MIG_SERVICE_STARTED | Informational | Image Guardian service started |
110 | EVT_MIG_DRIVER_STARTED_BY_SERVICE | Informational | Image Guardian driver started by service |
200 | EVT_MIG_SERVICE_STOPPED | Informational | Image Guardian service stopped |
300 | EVT_MIG_VOLUME_PROTECTED | Informational | Volume (\\?\Volume{6a2d53fe-c79a-11e1-b189-806e6f6e6963}\) is protected |
310 | EVT_MIG_BLOCK_VERIFICATION_FILE_ACCESS | Informational | Blocking process (processname.exe) creating verification file as process is not Macrium certified |
320 | EVT_MIG_BLOCKED_FILE_ACCESS | Warning | Blocked unauthorised process (processname.exe) accessing file (\\?\Volume{6a2d53fe-c79a-11e1-b189-806e6f6e6963}\Folder\filename.mrimg) |
330 | EVT_MIG_USER_PROTECTED_VOLUME | Informational | User has enabled Image Guardian on volume (\\?\Volume{6a2d53fe-c79a-11e1-b189-806e6f6e6963}\) |
340 | EVT_MIG_USER_DISABLED_VOLUME | Informational | User has disabled Image Guardian on volume (\\?\Volume{6a2d53fe-c79a-11e1-b189-806e6f6e6963}\) |
500 | EVT_MIG_ERROR_BAD_EVENT | Error | Error could not open Image Guardian verification event. Error code = 123 |
510 | EVT_MIG_ERROR_PROTECTING_VOLUME | Error | Error protecting volume (\\?\Volume{6a2d53fe-c79a-11e1-b189-806e6f6e6963}\). Error code = 123 |
520 | EVT_MIG_ERROR_UNPROTECTING_VOLUME | Error | Error unprotecting volume (\\?\Volume{6a2d53fe-c79a-11e1-b189-806e6f6e6963}\). Error code = 123 |