Overwhelmed - Macrium Reflect

Dirtyflash said:

I was tinkering and discovered something that may be obvious to others but was a surprise to me. I never realized I could simply turn off Memory Intergity in Windows Security which then allowed me to switch off Microsoft Vulnerable Driver Blocklist. Off course that come with it's own implications and requires a reboot for it to apply, but seems like an easy way to gain access to browsing saved images. Turning Memory Integrity back on is one click and a reboot which turns on the Microsoft Vulnerable Driver Blocklist on its own and locks it by greying out the switch.

Click to expand...

I have rarely needed to mount an image to recover individual files since I have separate data file backups, but I knew this workaround existed if needed (Macrium 8 Free v8.0.7783). Full backup and restore still work fine as long as I keep using the update script @garlin created so my Rescue boot drive stays bootable when MS makes changes.

garlin said:

I believe most of the v8 users on this thread don't want to upgrade to X. Even if it properly supports CA 2023.

Click to expand...

No, I paid the price for X on my imprtant desktop PC but not my less important laptops.

garlin said:

I believe most of the v8 users on this thread don't want to upgrade to X. Even if it properly supports CA 2023.

Click to expand...

But it still does not.

Last WU updated SVN to 9 and I recreated the macrium PE thinking it would pickup the change.

It would not boot as there was a SVN mismatch so got a secure boot violation error.

June 2026 both introduces a new boot manager (SVN 9.0) and a new SkuSiPolicy (3.0.0.15). If you're using SkuSiPolicy, this restricts using the previous winload.efi in the boot.wim, requiring a newer updated image.

Still using Macrium v8.0.7783 Free and with the updated (SVN 9.0) and a new SkuSiPolicy (3.0.0.15), I create a new Bootable PE, like in april also and all work well, boots up fine with c2023.

garlin said:

June 2026 both introduces a new boot manager (SVN 9.0) and a new SkuSiPolicy (3.0.0.15). If you're using SkuSiPolicy, this restricts using the previous winload.efi in the boot.wim, requiring a newer updated image.

Click to expand...

Macrium Reflect + WinPE 26100(2024/12) creates a MacriumResque.iso(BOOT ISO) with bootx64.efi Bootloader(CA2023 certificate) ver. 10.0.26100.30227
WinPE 28000(2025/11) has bootx64.efi bootloader(CA2023 certificate) ver. 10.0.27954.300

Questions:
1. What version of bootx64.efi should you have in order for Macrium BOOT ISO (UEFI CA2023; WinPE) to work with all versions of Windows 10 / 11?
2. Is it enough to replace only the bootx64.efi file in the MacriumResque.iso\EFI\Boot\bootx64.efi folder? ... Or do I need to replace any other files?

oreyro said:

Macrium Reflect + WinPE 26100(2024/12) creates a MacriumResque.iso(BOOT ISO) with bootx64.efi Bootloader(CA2023 certificate) ver. 10.0.26100.30227
WinPE 28000(2025/11) has bootx64.efi bootloader(CA2023 certificate) ver. 10.0.27954.300

Questions:
1. What version of bootx64.efi should you have in order for Macrium BOOT ISO (UEFI CA2023; WinPE) to work with all versions of Windows 10 / 11?
2. Is it enough to replace only the bootx64.efi file in the MacriumResque.iso\EFI\Boot\bootx64.efi folder? ... Or do I need to replace any other files?

Click to expand...

Have you looked at the entry at

How to "fix" Secure Boot violation due to certificate revocations. - (Page 2)

There is an entry from jimrf97 at the end with a .bat file that looks promising and might help.

You run it on your system targeting the USB boot-able drive.

As I understand it, it sounds like the MS changes involve a series of steps over time starting with adding the new certificates to your windows and ultimately (possibly) removing the old certificates from both Windows and the BIOS.

I tried this .bat file a few months back and it seemed to work on a boot-able USB. But I don't think my system was (is?) yet 'all the way through' the complete MS process.