Overwhelmed - Macrium Reflect

Subscribed....watching to see what happens....

I don't expect that change anytime soon until Macrium fixes its security issue with that driver. If a fix is coming, it will be issued by Macrium and although the name may be the same, the HASH for the new version will not violate MicroSloth's existing security list until it is tested by MS... which may be a while from now.

S1lent_Azrael said:

Thanks @garlin worked for us on our test environment. :)

After running the bat file the computer had to go through 2-stage (automatic) repair after I pressed F8 just before the final repair stage. After the second stage repair we ran the bat again and it said it is on previous (older) version of driversipolicy.p7b (1301)

The windows update history shows that KB5082063 is incomplete and requires a reboot.

We where able to run our Back-UP Job without Errors

After running bat with –restore :
Restoring latest version (.32684) of driversipolicy.p7b. Please be patient

The restore works, the Macrium error is back

Running bat shows:
Exiting. driversipolicy.p7b is already the latest version (.32684)

Another downgrade using the bat does not cause a repair action.

We will Probably wait till Wednesday (PATCH DAY) before trying it on live just to see, if Microsoft has grey-listed the driver or not and how it reacts when the may update is installed.

For now it works.

Click to expand...

UPDATE:
we installed the May update on our 2025 Server test server (no Internet) and were happy the old driversipolicy.p7b (.1301) is still in place. However, we see a reboot is still required for both the April and May security updates. See screenshot. What would our live server do in that case? Will it post load and install the latest driversipolicy.p7b ?

garlin said:

No changes in the May 2026 Monthly Update, it's the same set of blocked drivers as last month.

Code:

5083769.csv:"driversipolicy.p7b","Not versioned","11-Apr-2026","22:08","242,130"
5083769.csv:"driversipolicy.p7b","Not versioned","11-Apr-2026","21:53","242,130"
5089549.csv:"driversipolicy.p7b","Not versioned","07-May-2026","03:36","242,130"
5089549.csv:"driversipolicy.p7b","Not versioned","07-May-2026","03:33","242,130"

Click to expand...

PS: what tool are you using to export the ToC to a .csv

S1lent_Azrael said:

UPDATE:
we installed the May update on our 2025 Server test server (no Internet) and were happy the old driversipolicy.p7b (.1301) is still in place. However, we see a reboot is still required for both the April and May security updates. See screenshot. What would our live server do in that case? Will it post load and install the latest driversipolicy.p7b ?

Click to expand...

Blocked Drivers policy (or any Code Integrity security policies) are only applied at boot time. If you make changes on a live system to which policy file is to be used, they don't take effect until the next Windows restart.

The reason applying May 2026 didn't change the currently linked driversipolicy.p7b is due to how Component Based Servicing works.

1. Monthly Updates are cumulative. Barring any bad changes which had to be reverted, every month's updates will include the same set of patched Component folders to be added to \Windows\WinSxS as the previous month. Or simply, after MS decides to patch some Component (ie. driversipolicy.p7b), then some form of that file is included in every Monthly Update for this release until support runs out.

June 2026 and July 2026 will include some copy of driversipolicy.p7b that is the same or newer than the previous months.

2. Just because a Component is included, it doesn't have to change every month. Maybe an one-time fix to Windows was required, and it will never need to be updated again. So the cumulative update can carry the same Component version forever.

3. Your updated system keeps older versions of Components, just in case you need to uninstall updates. When a new Monthly Update is applied, WU does a smart comparison of the update's contents. If the patch includes a component, WU checks if that same version has already been installed before.

Duplicated components are skipped. Any new or missing components are installed, and it results in some change.

Since May 2026 keeps the same driversipolicy.p7b as April 2026, there is no effective change for this component. Therefore Windows doesn't touch the policy file (which is currently hardlinked to the pre-April version). Had a new driver blocklist been included, WU would have replaced the existing hardlink with a new one pointing to the later file version.
With no new changes to apply on the driver blocklist file, WU leaves the existing file alone (which preserves the current state of linking it back to the older driver version). We're taking advantage that WU is "blind" to our hack, since it's not running a consistency check. It's only watching for newer files to install. Applying May 2026 will not clobber what the script has done, but generally you have to reboot anyway after a CU's been applied.

S1lent_Azrael said:

PS: what tool are you using to export the ToC to a .csv

Click to expand...

A browser. Every CU is listed on the W10 and W11 Update History portals. If you select any update from the left margin, and scroll ALL THE WAY TO THE PAGE'S BOTTOM, there's a link for files changed in this update.

May 12, 2026—KB5089549 (OS Builds 26200.8457 and 26100.8457) - Microsoft Support

File information

For a list of the files provided in this update, download the file information for cumulative update 5089549.

For a list of the files provided in the servicing stack update, download the file information for the SSU (KB5092762) - version 26100.8456.

Click to expand...

When you collect a few of the recent CSV files, you can check if the file sizes changed over time. Because there's no checksums a file could may have stayed the same size but changed. But it's unlikely for the driver blocklist, which only tends to grow in length.

See this info from Macrium Image Mounting or VSS Errors Following Recent Windows Updates

I've told them to fix the issue to preseve their reputatation and abide by UK consumer law.

Steve C said:

I've told them to fix the issue to preseve their reputatation

Click to expand...

Macrium owners will not "take note" of Users' concerns for versions 7.3 - 8.0 - 8.1
They won't do anything to fix this problem.
Why?
If a third-party driver with an OFFICIAL Microsoft digital signature is assigned the status of a "Vulnerable Driver", it means that:
- the developer of the "outdated" program wants to get rid of the old version, which is no longer serviced or sold, i.e. it does not generate income.
- the program developer wants to force Users to upgrade to a new (current) version that sells and generates revenue.
- the program developer appeals to Microfoft with a proposal to conclude a "CONTRACT to change the status of the driver of the "outdated" program from "authorized driver" to "vulnerable driver"
... How much does such a "service" from Microsoft cost?
.. We know for sure that Microsoft does not do anything for free.
This is just THE BEGINNING..
Today - they blocked the "outdated driver" C:\Windows\System32\drivers\psmounterex.sys - and they created "image mount errors"
Tomorrow - they will block the "outdated MIG driver" C:\Windows\System32\drivers\mrigflt.sys - and they will create an "access error"
The day after tomorrow, they will block the "outdated drivers" of the ViBoot function, and they will create a "virtual mode error"..
**
In short:
The new Macrium "development team" is not creating anything, they are only destroying what was created by the "old Team" before October 2024.
Everything will be fine, get ready...
**
I have been using MacriumRescue 8.0.7175(BOOT ISO) for a long time, so I have no problems with Backup of ANY versions of Windows 7/8/10/11
I am grateful to the OLD development team who created the wonderful Macrium Reflect ver. 8.0.7175 program in 2022.

jerome said:

Macrium owners will not "take note" of Users' concerns for versions 7.3 - 8.0 - 8.1
They won't do anything to fix this problem.
Why?
If a third-party driver with an OFFICIAL Microsoft digital signature is assigned the status of a "Vulnerable Driver", it means that:
- the developer of the "outdated" program wants to get rid of the old version, which is no longer serviced or sold, i.e. it does not generate income.
- the program developer wants to force Users to upgrade to a new (current) version that sells and generates revenue.
- the program developer appeals to Microfoft with a proposal to conclude a "CONTRACT to change the status of the driver of the "outdated" program from "authorized driver" to "vulnerable driver"
... How much does such a "service" from Microsoft cost?
.. We know for sure that Microsoft does not do anything for free.
This is just THE BEGINNING..
Today - they blocked the "outdated driver" C:\Windows\System32\drivers\psmounterex.sys - and they created "image mount errors"
Tomorrow - they will block the "outdated MIG driver" C:\Windows\System32\drivers\mrigflt.sys - and they will create an "access error"
The day after tomorrow, they will block the "outdated drivers" of the ViBoot function, and they will create a "virtual mode error"..
**
In short:
The new Macrium "development team" is not creating anything, they are only destroying what was created by the "old Team" before October 2024.
Everything will be fine, get ready...
**
I have been using MacriumRescue 8.0.7175(BOOT ISO) for a long time, so I have no problems with Backup of ANY versions of Windows 7/8/10/11
I am grateful to the OLD development team who created the wonderful Macrium Reflect ver. 8.0.7175 program in 2022.

Click to expand...

I had no idea there was an "old" development team and a "new" development team. Do you know if anyone that was on the "old" development team is still left alive?

jerome said:

Macrium owners will not "take note" of Users' concerns for versions 7.3 - 8.0 - 8.1
They won't do anything to fix this problem.
Why?
If a third-party driver with an OFFICIAL Microsoft digital signature is assigned the status of a "Vulnerable Driver", it means that:
- the developer of the "outdated" program wants to get rid of the old version, which is no longer serviced or sold, i.e. it does not generate income.
- the program developer wants to force Users to upgrade to a new (current) version that sells and generates revenue.
- the program developer appeals to Microfoft with a proposal to conclude a "CONTRACT to change the status of the driver of the "outdated" program from "authorized driver" to "vulnerable driver"
... How much does such a "service" from Microsoft cost?
.. We know for sure that Microsoft does not do anything for free.
This is just THE BEGINNING..
Today - they blocked the "outdated driver" C:\Windows\System32\drivers\psmounterex.sys - and they created "image mount errors"
Tomorrow - they will block the "outdated MIG driver" C:\Windows\System32\drivers\mrigflt.sys - and they will create an "access error"
The day after tomorrow, they will block the "outdated drivers" of the ViBoot function, and they will create a "virtual mode error"..
**
In short:
The new Macrium "development team" is not creating anything, they are only destroying what was created by the "old Team" before October 2024.
Everything will be fine, get ready...
**
I have been using MacriumRescue 8.0.7175(BOOT ISO) for a long time, so I have no problems with Backup of ANY versions of Windows 7/8/10/11
I am grateful to the OLD development team who created the wonderful Macrium Reflect ver. 8.0.7175 program in 2022.

Click to expand...

Macrium will break UK consumer law if they don't fix the problem or offer suitable compemstaion since I have a 6 year claim window for Reflect 8 under UK consumer law which hasn't expired yet. I'm prepared to challenge them in the UK Small Claims Court for a small fee if they don't fix this driver issue in a reasonable time.

Steve C said:

Macrium will break UK consumer law if they don't fix the problem or offer suitable compemstaion since I have a 6 year claim window for Reflect 8 under UK consumer law which hasn't expired yet. I'm prepared to challenge them in the UK Small Claims Court for a small fee if they don't fix this driver issue in a reasonable time.

Click to expand...

can you keep us up-to-date regarding this matter?
hope they just fix it

S1lent_Azrael said:

can you keep us up-to-date regarding this matter?
hope they just fix it

Click to expand...

Will do but I will allow them at least a month to fix it.

They already had over a month

Why wait? It is EOL and not being maintained, so switching to a more current program that is maintained seems to be the sensible move going forward. Having an MR recovery USB will allow you to restore an old backup if an emergency arises.

Quandary said:

It is EOL and not being maintained, so switching to a more current program that is maintained seems to be the sensible move going forward.

Click to expand...

There are some people running Macrium LTSC which is based on 8.1 and has long term support.

If you have created a Virtual Machine in viBoot you can still mount the image in Windows through the .vhdx it created.

So.. Create the Virtual Machine in viBoot. Double click the viBoot and go into File -> Settings. Locate the .vhdx file in explorer and when you right click that file, you'll see the mount option.

psyclopse said:

If you have created a Virtual Machine in viBoot you can still mount the image in Windows through the .vhdx it created.

So.. Create the Virtual Machine in viBoot. Double click the viBoot and go into File -> Settings. Locate the .vhdx file in explorer and when you right click that file, you'll see the mount option.

Click to expand...

Please give more details since I get an error following your instructions.

Maybe you powered on the Virtual Machine? If so, then power it off. I haven't had any issues myself.

or

Detach in Disk Management:

• Right-click the Windows Start button and open Disk Management.
• Scroll down to check if the .vhdx is already listed at the bottom. If it is, right-click its header and select Detach VHD.

Otherwise a reboot might help.

With all this hassle, I'm glad I so rarely need to extract a file from an image. Maybe once a year at most.
While, if necessary,I can mount a Macrium image from one of my other computers that has Windows 7 &10 VMs, on my main machine I'll just alternate my images between Macrium and Haselo (where I can still mount an image.)
Trying to keep up with these 8 pages have given me a headache. Anyone got an aspirin?

glasskuter said:

With all this hassle, I'm glad I so rarely need to extract a file from an image. Maybe once a year at most.
While, if necessary,I can mount a Macrium image from one of my other computers that has Windows 7 &10 VMs, on my main machine I'll just alternate my images between Macrium and Haselo (where I can still mount an image.)
Trying to keep up with these 8 pages have given me a headache. Anyone got an aspiri

Click to expand...

My new routine.

Weekly image with Macrium Image free followed after this by Active@ Disk Image. I rarely have the need to mount an image and Active@Disk Image works with no problem. It took me some time to learn the interface on this program. It is very fast.

Curious, anyone know how to install a previous version of the Microsoft Vulnerable Block List?

Dirtyflash said:

Curious, anyone know how to install a previous version of the Microsoft Vulnerable Block List?

Click to expand...

There's a script.