Macrium Reflect Not Seeing Vaults

Using Macrium Reflect (paid version) to do scheduled backups to an external drive, however, it cannot “see” and therefore include any Cryptomator vaults. Only option is to backup individual folders in the vault, but that has to be set up separately, and if you add a folder you also have to manually add it to the backup.

Any workarounds for this? Macrium only integrates with BitLocker

Did you try this with Dokany and WinFSP also?

I have not. I try not to deviate too far from using a tool the way it’s set up for the masses, since over time I’ll eventually forget the “how and why” reason I customized it. Is this something that I do once and forget it, or would I have to constantly monitor the forum for updates, changes, breaks, etc.? I try to keep tools as simple and straightforward as possible…

Cryptomator, without any third party software like WinSFP uses windows WebDAV as interface to provide your unencrypted files via explorer. Unfortunately windows WebDAV is poorly maintained and has limitations that could affect your file handling.
And not all software accepts WebDAV network drives as target locations.
So if you do not want to change your backup software, I recommend to switch the file system provider to WinSFP and try again.
Otherwise I have no further idea how to help. (I am not familiar with Macrium and it’s possibilities)

WinSFP has four features to install, core, Developer, Kernel and FUSE. Which ones and do I install on local hard drive or select “entire feature will be installed on local hard drive?”

Is there anything else to do after that besides select it in CR?

I installed the complete package.
No, nothing more to do than install and configure in Cryptomator (as written in the linked post)

OK. I can see the CR vaults now (as properly labeled virtual drive like “Cloud Vault (F:)” instead of the really long, cryptic string previously shown. That’s good but only cosmetic I think. Macrium does not see either of my two vaults as “formal” drives to do an image backup (like I do with my whole system drive); but they do appear when I select a “File & Folder Backup.” So to recap…can’t include them as part of an “image” backup," but I can do a "file and folder’ backup on them. No big difference as far as I’m concerned as long as they get backed up somewhere. FWIW they still have the little drive icon next to each, and when setting up the file/folder backup it does refer to them as drives (see below). So I assume that technically these are still considered "drives’ but not in the more formal sense like my 2 external drives, right?

Right. Like network share drives also appear in windows explorer as drive. Virtual file systems do also. (Hope I got your question right)

Changing the volume type to FUSE allows me to see and select the folders them in Macrium Reflect, but when the scheduled backup runs I keep getting an error message that it “could not find [drive].” Is anybody using reflect successfully with cryptomator to get scheduled backups to run?

After a quick google search i found this Kb article and I guess here’s the problem: Mapped network shares not visible in Macrium Reflect when UAC is enabled
Possible solutions are in the post (but I am not sure if they will work after you locked/unlocked your vault), and this can help as well: Cryptomator on Windows: Accessing your vault with admin priviliges

Of course a feedback of someone who is actually using Macrium together with Cryptomator would be very nice.

Thanks Michael - I’ll read both links, but I’ll also add that I can override a scheduled backup and start one manually. These manually generated backups seem to run fine. Any theory why Macrium would allow these but then bomb out on a scheduled one?

Sorry, I have no idea.

Its very strange. When I initially construct a new backup of my 2 Cryptomator folders, it always gives the option to “run the backup now,” and it always is successful. But when the next scheduled backup runs it always fails (there are no changes whatsoever to the backup configuration in between these backups). Makes no sense to me

Michael - Made the change as suggested in “Cryptomator on Windows: Accessing your vault with admin privileges” and it appeared to run without issue. Now will wait and see if its successful again tomorrow.

One thing - there appeared to be a warning that making this change now means any and ALL apps can see the vault. Does this pose any serious threat or risk and do you think the tradeoff is worth it? I am the only user of the laptop and I’m not connected to any external networks (ie work).

This is a personal decision. I would accept this risk as I am the only one with access to my PC.
Others see that as a risk. That’s why it was mentioned. I cannot give advice here or rate if it’s worth it.

Two things…1) the scheduled backups ran without issue today so making the change to the string fixed the problem. 2) I too am the only person who uses the laptop so no issue there, and I cannot think of any apps who require access to the vaults other than Macrium, so I think we’re good there as well. Backing up whats in my vaults is a priority (otherwise the contents wouldn’t be in vaults in the first place, right?).

But on to a bigger question I’ve been pondering…I recently used Bitlocker to encrypt my entire system drive. You can’t even get to Windows logon until you successfully enter a lengthy PIN to unlock it via Bitlocker, and only then can you enter your Windows username + password (and in my case, you also need my Yubikey). So unless I’m storing in the cloud (which I am) is a local vault even necessary or overkill?). I like security but it can get a bit out of hand…

You store an encrypted file on an encrypted device. That does not gain extra security.
This is why I recommend using Cryptomator primary for the purpose of online storage, as there are better solutions for local encryption only (my point of view).

OK, I guess I am viewing encryption as layers, or better yet, doors. Even if they get through the first one, they would still need to get through the second one, and for only the most sensitive of data, a third one (i.e…, local vault). Is this not a valid way of looking at it, regardless of the encryption tools you use?

No it’s not (for me). Every encryption needs resources.
Just make your 1st door safe, with a trustworthy encryption and a strong password. Keep your system clean by using virus protection, firewalls etc.

I am convinced that if someone manages to violate your first encryption, then ist most likely that he does this with others too.
Example: someone was able to install a key logger on your encrypted system and your firewall does not prevent it so send its data home (means: your system is not safe, despite being encrypted). Then your second encryption will be useless as the intruder will know your password.
If someone steals your notebook and manages to violate the 1st encryption, then it was weak. Make it strong, then nobody will break through that door. No need for additional layers of encryption.

With Bitlocker required to get to the Windows logon, then by default I have two doors, so I can do away with a local vault. I’m using Windows Defender for my firewall/virus protection. Any recommendations beyond that?

My impression is that if someone steals your laptop they’re primary goal is to sell it immediately vs spend days trying to crack into something they have no clue about its value. Too much work for the all too stupid criminal. As soon as they realize they can;t get in, it’s in the trash and they’re on to their next break-in.