I don't have a single learning resource to recommend for VM security overall. But I would say that if you're going to test infected ISO files, and doing this with a completely separate physical system that's disconnected from any network isn't on the table for you, then a VM with the riskier integration features disabled (as you said, VMware Tools in this case) is the next best thing. I do know that there have been exploits where a guest VM can affect something on the host and/or on another guest VM running on that host, such as reading or even changing values in the memory space of the host or other guest. Just off the top of my head, I'm not sure I've heard of any exploits where actual malware running in the guest has managed to transfer itself to the host without any integration features enabled, but that doesn't necessarily mean there hasn't been such a case. All that said, these exploits are quite rare, as evidenced by the fact that the bug bounties offered by VMware and Microsoft for these type of "hypervisor escape" exploits are quite high (and also by the fact that if these were commonplace, it wouldn't really be practical for public cloud VM hosting like Amazon EC2 and Microsoft Azure to exist in the first place). Additionally, the cases I'm recalling off the top of my head were purpose-built code meant as a proof of concept, not malicious outbreaks that occurred in the wild.
I do what Barb at Appguard recommend a while back to me. I add all the VM exe's to appguards guarded list. That way memory transfers are blocked.
For installing potentially infected ISOs as operating systems and for testing anti-malware: would you say it's safer doing that with the latest VMWare Player v15.5, normally, with VT-x enabled - or - running an old VMWare Player v7, which I was able to run on my old Win7 PC with VT-x disabled and sandboxed (under Sandboxie)? I'd think the later, because of the sandbox protection, what do you think? Thank you.
Bug fixes and Improvements v7.2.4539 - 18th November 2019 • Server Plus Edition: Exchange backups could crash after completion if the log file couldn't be written to. This has been resolved • Incorrect ReflectUI.exe Message Box: On system startup an incorrect pop-up dialog box could be shown by ReflectUI.exe. This has been resolved • viBoot: Images created by 'foreign' systems (not the same PC) could fail to enable the 'Boot Image' functionality in Reflect. This has been resolved • Macrium Image Guardian: We've improved the security of MIG by enhancing the malicious injection of threads into running processes. • Change Block Tracker: Minor performance and stability enhancements. • Rescue Media Builder: ◦ On some systems with dynamic disks, it was possible for the location of the PE files to be incorrectly set, causing boot menu entries to fail. This has been resolved. ◦ On USB-based rescue media, un-checking the "Check for devices missing drivers on boot" checkbox and rebuilding would sometimes not make the rescue media stop prompting for missing drivers. This has been resolved. ◦ When building Technicians media, failing to create autorun.inf will no longer cause the rescue media creation to abort. ◦ If the Windows ADK version 1607 was installed but a 64-bit PE 10 zip file was used to build rescue media, any subsequent 32-bit PE 10 builds would not prompt for an updated wim but would always use the 1607 wim from the ADK. This has been resolved. ◦ RMBuilder could fail to detect a new version of Windows RE after a Windows update. This has been resolved.
I purchased Macrium Reflect 7 Home Edition today, I took advantage of their one half price Black Friday offer. I have been using the Macrium Reflect 7 Free version and have made full backups monthly for the last three months. I presume the Home Edition will allow me to restore these Free Edition backups, should I need to. Does anyone know for sure? Should any forum members currently using the Home Edition have any suggestions or recommendations I would appreciate hearing them. As always I appreciate all replies and would thank you in advance. John
No problem restoring backups from the free edition.That said, it will roll you back to the free version. I would keep those but start a new series of backups and then discard the older one when enough time has passed. I installed this update and tested it on a couple of machines. No apparent issues, so far.
Having the home edition it will make a big difference in terms of speed and hard disk space particularly if one is using a small solid state drive as a backup. You need to create the first full backup, and then I would suggest making incrementals which might take, on a daily basis, about 50 seconds to a minute on average if changes are not big, and the size of incrementals might range from 300 MB to 2 GB again for average changes. Likewise restores are extremely fast on average 1:30 to 2 minutes and can be almost fully automated with a few clicks if you have created a "bootable rescue media". Nowadays if I have to try out a program, I take a quick incremental first, install the program, if it is fine no problem, if I don't like it a quick restore will completely remove the program, no hassles with uninstallers and registry keys left behind. I hope this helps.
I've just updated to v 7.2.4539, performed an incremental and restored the system as a test, everything worked perfectly. The bootable rescue media should be patched as well.
Experienced 'VSS error: 0x80042316 IDispatch error #8470' after update which prevented image being created. Ran 'Fix VSS Problems' in Macrium > Other Tasks and rebooted and was then able to create a full backup image without further issues.
I suspect that was a coincidence. To my knowledge, a Reflect update does not involve making a VSS snapshot, in which case it wouldn’t be the cause of any issues with VSS, though Reflect can certainly be affected by VSS issues when trying to make a backup.
Any paid version of Reflect will restore any image backup, with the possible exception of image backups created by a newer release of Reflect than the version you're using for the restore, although even there I’m told that even Reflect 6.1 from years ago should be able to restore image backups created by Reflect 7.x because the image file format hasn’t changed. In fact, the Free version can even be used to restore image backups created by the paid version. The possible exception is Incremental backups, since Free doesn’t support creating those. I haven’t tried using Free to do that. And Free doesn’t support restoring File & Folder backups. As others have said, enjoy having access to Incremental backups and Rapid Delta Restore! You may also want to consider whether Image Guardian and/or CBT would be desirable for you. I like the former but don’t like the latter because of the issues it seems to keep causing, but I also don’t have a use case that would significantly benefit from CBT. Others here whose use cases benefit significantly from CBT wouldn’t go without it.
I see the latest Reflect update includes another CBT update. It will be interesting to see if anyone has issues with it. I got rid of it a few versions ago.
Nice one, John. For anyone else who has been thinking of hopping on the Macrium Reflect Home Edition train, now is probably as good a time as any. More info at the BLACK FRIDAY 50% OFF page.
Bug fixes and Improvements v7.2.4557 - 29th November 2019 Macrium Image Guardian While attempting to retrieve the status of a process that was closing, the MIG driver could inadvertently access an invalid address resulting in a BSoD. This has been resolved. Rescue Media Builder On Windows XP, the rescue media builder would sometimes give a "WIM file not found" pop-up when there was a valid WIM file present. This has been resolved. When performing an automatic restore on a system with multiple network adapters, the network adapter configuration process will be logged in more detail. https://updates.macrium.com/reflect/v7/v7.2.4557/details7.2.4557.htm
Anyone able to build new (PE) rescue media with 4557? I first had to download almost 1 GB from Microsoft, but after that Reflect keeps prompting me endlessly about an additional 205 KB download from Microsoft...
Created both RE & PE10 rescue media without any issue with 4557. It did download c850mb from Microsoft at the start but didn't prompt for any further download. Running on Windows 10 release 1909.
For the download prompts, did 4557 update the WinPE 10 release that it uses for WinPE 10-based builds? Not talking about WinRE here. The WinPE 10 option has been using WinPE 10 1709 since Reflect 7.2 arrived. I can’t check myself since I’m away without my laptop, although given the issues that some seem to be having with building Rescue Media on the new release, I’m not eager to update.
Thanks. Updated both program and bootable rescue media, created an incremental backup and restored without any problems here...
@jphughan ~ It still shows WinPE 1709 but did download 850mb from Microsoft when I rebuilt Boot menu build (PE) for latest Reflect version. Maybe download was because I'd updated Windows build to 1909 since last Macrium update & creation of rescue media?
Strange. Updating your Windows 10 environment shouldn’t require a new download because Reflect keeps its own cache of the WinPE file set, and I’ve updated Windows 10 without having to redownload WinPE 10 1709 for Reflect. But the Macrium forums have a few reports about forced WinPE downloads after this update, in some cases repetitive prompts about needing to download 205 KB (not a typo) from Microsoft and never succeeding. The preliminary suspect for the latter case seems to be anti-virus at this point, but nothing confirmed yet. Maybe something else is going on that wipes or otherwise invalidates the WinPE 10 cache?
