System Image

  1. XXLMandalorian's Avatar
    Posts : 36
    Win 10 64
       #1

    System Image


    Hello,

    I was listening to a podcast and they talked about the steps when a PC gets infection with Malware. They said that you should quarantine the PC, disable system images, then remediate the user. They also said you should turn them off system images as malware can make it's way into those. When you turn it off, the pod caster said it erases all system images. Is this if the image was made on a partition on the C or and and all local drives?

    At my job, I have system images for users on their D drive. If C is infected can D also be at risk? I think it would depend on the malware?

    We are getting close to decommissioning a server and plan to use it for backups. Would network backups get effected if the local machine or machines get infected?

    Also if I disable system image, and the machine system images are on the network would it also erase those?

    Look forward to hearing back from you!
      My Computer


  2. Posts : 54
    Windows 11
       #2

    What do you use to make the System Image, how often is this done, and how many versions are saved?
    If there is only one image and it was taken after the infection occurred then is will also be corrupted.
    If the malware encrypts files then it is possible that the system image would also have been encrypted making it useless. Anything that local PC has write access to is vulnerable, ie. local or networked drives.
    The best solution is to make regular backups with an offline copy.
      My Computer

  3. XXLMandalorian's Avatar
    Posts : 36
    Win 10 64
    Thread Starter
       #3

    quandary said:
    What do you use to make the System Image, how often is this done, and how many versions are saved?
    If there is only one image and it was taken after the infection occurred then is will also be corrupted.
    If the malware encrypts files then it is possible that the system image would also have been encrypted making it useless. Anything that local PC has write access to is vulnerable, ie. local or networked drives.
    The best solution is to make regular backups with an offline copy.
    Ah, sorry this is (Win 7) system image w/ repair disks.

    As of space issues its only one image, but when this server comes free it be nice/fun to tasks schedule it but from what it sounds like, and since we are an under 50 employee company and don't have/done golden images, I'll just take the know good images off their D and keep them air gapped on the server.

    When you say offline copy that's an air gapped one right or just a local to that PC copy?

    Wonder if you can Enable and D/C a specific usb port w/ a PowerShell script? That be cool, task schedule the script to full scan and if no viruses found enable usb port and run backup then D/C the HDD.
      My Computer

  4. Try3's Avatar
    Posts : 9,369
    Windows 10 Home x64 Version 21H2 Build 19044.1288
       #4

    XXLMandalorian said:
    If C is infected can D also be at risk?
    Yes

    XXLMandalorian said:
    Would network backups get effected if the local machine or machines get infected?
    Yes

    XXLMandalorian said:
    I was listening to a podcast and they talked about the steps when a PC gets infection with Malware. They said that you should quarantine the PC, disable system images, then remediate the user. They also said you should turn them off system images as malware can make it's way into those. When you turn it off, the pod caster said it erases all system images. Is this if the image was made on a partition on the C or and and all local drives?
    ...
    Also if I disable system image, and the machine system images are on the network would it also erase those?
    Their comments seem strange.
    Yes, malware can infect anything the computer has access to and if that includes system images then they can be infected.
    - I don't know of any system imaging utility that deletes existing system images without explicit instructions from suitable users [Admins / Network Admins].
    - You might decide to delete any that were connected when & since the infection happened.
    I agree that an infected computer and everything connected to it should be quarantined as soon as an infection is found.
    - Other network computers might be saved by rapid isolation but they would also have to be scanned before they could be judged to be clean.
    I think the key fact to note is that any system image is at risk during routine computer operations if the computers have access to them.
    - Allowing access for making system images is therefore a risky decision so:-
    - - continual access would be inappropriate
    - - anti-malware checks should be conducted before allowing that access [possibly disconnecting from external connections such as the internet, running scans, …].

    All the best,
    Denis
      My Computer

  5. Try3's Avatar
    Posts : 9,369
    Windows 10 Home x64 Version 21H2 Build 19044.1288
       #5

    XXLMandalorian said:
    Ah, sorry this is (Win 7) system image w/ repair disks.
    You cannot rely on system images made using Windows imaging - part of "Backup & restore (Windows 7)".

    MS said not to use it anymore in their announcement of Windows 10 Version 1709 and have never withdrawn that warning

    imaging deprecated in Ver 1709 - TenForums



    Macrium Reflect [free edition] is often recommended in this forum for making system images. Other utilities are available but this one is so commonplace that you can get plenty of help for it.
    - I understand that many TenForums members use the free version and find it perfectly satisfactory.

    Backup and Restore with Macrium Reflect - TenForumsTutorials
    Macrium Software Macrium Reflect Free
    Macrium USB - TenForums
    Macrium Reflect KnowledgeBase - user guide [version-independent link]

    Its viBoot facility can make bootable system images. Or, more precisely,
    Macrium viBoot - Macrium KB said:
    viBoot enables you to boot into the images you have made using Macrium Reflect, for validation purposes, or to retrieve data from old applications stored on a bootable image.
    Macrium viBoot - Macrium KB said:
    Macrium viBoot enables you, to instantly create, start and manage Microsoft Hyper-V and Virtualbox virtual machines using one or more Macrium Reflect image files as the basis of the virtual machine storage sub-system.
    Macrium viBoot - Macrium KB
    Macrium viBoot - Create Virtual Machine using Macrium Image - TenForumsTutorials



    Amongst the other system imaging utilities are:

    1 Acronis True Image - Normally paid for but
    - Owners of these disk brands can get free limited-capability versions from those companies.
    Seagate, Samsung, Maxtor disks [they call their version DiscWizard] - online help index with user manual download link
    WD, SanDisk, G-Technology disks - their download includes a copy of the user manual - online help
    - These free versions depend on the presence of that brand of disk both to make system images & to restore system images.
    - The free versions allow full system imaging but not the incremental/differential imaging that the paid-for version allows.
    - Their own-branded USB stick can be enough to allow them to work but an SD card is not.
    - They cannot necessarily detect a branded disk connected in a non-standard way [such as in a caddy in a DVD bay] and the only way to find out is to try it. This has varied over time/versions.
    - Their willingness to restore images in the absence of a branded disk has also varied over time/versions.
    2 AOMEI Backupper Standard Edition - Free Backup Software for Windows - Free version
    3 EaseUS ToDo Backup - Free version
    4 Paragon Backup & Recovery - Free version
    [Links 2-4 provided by Paul Black]



    While you're thinking about backups, consider Backup and Restore Device Drivers - TenForumsTutorials as well.

    All the best,
    Denis
      My Computer

  6. XXLMandalorian's Avatar
    Posts : 36
    Win 10 64
    Thread Starter
       #6

    WOW! Thanks for all the info! Can't wait to try a bunch of this stuff out and read up on device driver backups!
      My Computer



 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:23.
Find Us




Windows 10 Forums