What changed, when, and why.
RELEASE NOTES
EVERY VERSION, EVERY CHANGE
I'd rather over-document than leave you guessing what your backup software does. Each release lists every fix and every meaningful new feature. Customer-facing security fixes are called out separately so you know when an update is more than optional.
How VaultGuard Versions Work
VaultGuard follows semantic versioning: major.minor.patch.
Major (e.g., 3.x.x → 4.0.0) — significant architectural changes or breaking changes to configuration. Read the upgrade notes carefully before installing.
Minor (e.g., 3.2.x → 3.3.0) — new features that don't break anything existing. Safe to install.
Patch (e.g., 3.2.0 → 3.2.1) — bug fixes and security updates only. Always safe to install. Always recommended.
I commit to publishing security patches as quickly as I reasonably can after a confirmed vulnerability — typically within a few business days.
Going forward, every public release will be retained and available to active subscribers. Older versions of VaultGuard predating the v3.2.0 public launch were not retained — only the current release exists today.
How To Read These Notes
Every release entry uses the same structure:
New — features added in this release
Improved — refinements to existing features
Fixed — bug fixes
Security(only when customer-facing) — security issues that affect users directly
A release entry might not include all four sections — only the ones with actual changes appear.
Releases
v3.3 — May 17, 2026 (Current)
Find and restore individual files
New interactive backup browser lets you navigate any backup version like a file explorer
Search across an entire backup by filename — no need to remember exact paths
Restore individual files or whole folders to your computer with a single click
Smarter integrity verification
Each backup is independently verified for tampering, corruption, or ransomware damage
New trust system tracks every backup's verification history and provenance
Faster restores: integrity checks now target only the data you're actually restoring instead of the entire backup
Browse a backup the moment the first volume is ready — verification continues in the background
More reliable scheduled operations
Reworked verification scheduling eliminates timing conflicts with backup tasks
Failed scheduled tasks now surface clearly on the dashboard with color-coded status indicators
More resilient license validation with detailed messages when DNS filters, firewalls, or antivirus software interfere
Welcoming new installations
VaultGuard now detects existing Windows Server Backup data on first launch and walks you through what to expect
Cleaner, more readable logs focus on what actually happened — not on routine activity
Consistent, polished experience
Every dialog and prompt now matches the application's dark, professional theme
All dates displayed in standard 12-hour format throughout the app
Refined messaging during long-running operations so you always know what's happening and what's next
v3.2.0 — April 29, 2026
The first publicly available release of VaultGuard Backup. This release brings together months of development with a focus on commercial readiness, hardened licensing, and a smoother first-run experience.
New
Getting Started tab — a five-step setup checklist that opens automatically the first time VaultGuard launches, walking new users through configuration, scheduling, cloud setup, and email alerts.
Detect My Backup Drive — automatically identifies a connected external drive suitable as a backup target, eliminating manual drive-letter configuration.
Find Cloud Backup Folder — detects the local sync folder for any installed cloud storage provider.
Check Cloud Storage — verifies that the configured cloud sync folder is being mirrored by an active cloud sync app, regardless of which provider you use.
Two-factor authentication (TOTP) — optional 2FA support for administrative actions, with QR code provisioning for any standards-compliant authenticator app. As with the optional administrator passphrase, 2FA is available for users who want or need it for compliance, but isn't required to use VaultGuard.
Backup drive disconnected warning — VaultGuard now alerts at startup if the configured backup drive isn't connected, so you don't discover the problem at backup time.
Logs tab summary bar — at-a-glance display of the timestamps for the last successful backup, the last cloud copy, and the last integrity check.
Wake-To-Run — scheduled tasks can now wake the computer from sleep to run a backup, eliminating missed runs on machines that sleep overnight.
Improved
Cloud-provider neutrality throughout — every reference to specific cloud services has been removed from the application UI. VaultGuard now works equally well with any cloud storage provider, with no preference or branding for any specific service.
Schedule tab clarity — recommended and important scheduling labels now display full-width with high-contrast color coding.
License type detection — the application now correctly identifies license tier from the license name on activation, replacing earlier logic that occasionally misreported the type.
Integrity check timing — backup integrity verification now runs exactly 24 hours after each backup completes, ensuring verification work happens at a predictable off-hours time.
License re-validation interval — adjusted to ten minutes (previously evaluated at one minute, which generated unnecessary network traffic).
Log clarity — license type resolution now logs once at startup rather than repeatedly throughout the day, reducing log noise.
Email configuration UX — alert email setup has been consolidated under the Getting Started tab so new users encounter it in the right order.
Fixed
Resolved an issue where the manual "Run Backup Now" button could return wbadmin exit code 255 when invoked through certain Task Scheduler configurations. Manual runs now invoke wbadmin directly.
Corrected an interpolation issue in TOTP URI generation that affected compatibility with some authenticator apps.
Removed a duplicate "license resolved to..." log entry that appeared on every license check.
Security(customer-facing)
Embedded credentials removed. Earlier releases included an embedded Keygen API token and embedded Gmail SMTP credentials inside the compiled binary. As of v3.2.0, license validation and email alerts are routed through a dedicated relay server that holds those credentials separately, with the binary itself authenticated via a per-application key. This significantly reduces the impact of any future binary extraction.
TLS 1.2 enforced for all license validation requests.
Build & distribution
Code-signing with an SSL.com OV certificate (validation in progress at release time)
ConfuserEx hardening applied (anti-debug, anti-dump, anti-ildasm, constants encryption, control-flow obfuscation, identifier rename, reference proxy)
Compiled with PS2EXE (-requireAdmin -noConsole -x64); final binary size approximately 380 KB
Download: [VaultGuardBackup_v3.2.0.exe] SHA-256: [hash to be filled in at release]
v3.1 — late April 2026
The first release with subscription licensing. v3.1 introduced the commercial infrastructure that turned VaultGuard from an internal-use tool into a product that could be sold to customers outside my services practice.
New
Hardware-bound licensing — every license key is now bound to a hardware fingerprint derived from the host machine (motherboard, CPU, and disk identifiers combined and hashed). This is what prevents casual license-sharing.
License activation screen — first-run experience for entering a license key or starting a trial.
Offline grace period — the application continues to operate for up to 7 days if the license validation server cannot be reached due to network issues, then requires successful re-validation.
License expiry cleanup — when a subscription ends, VaultGuard cleanly disables itself rather than failing in unpredictable ways.
Email alert configuration — full configuration UI for SMTP-based alerts on backup events.
Two-factor authentication groundwork — TOTP infrastructure laid in (full UX delivered in v3.2.0).
Session timeout — administrative sessions automatically time out after 10 minutes of inactivity.
Known issues at end of v3.1(resolved in v3.2.0)
License type was occasionally misreported as the default tier instead of the actual subscription tier.
Keygen API credentials and Gmail SMTP password were embedded in the compiled binary.
Download: Not publicly available — older versions were not retained.
v3.0 — early April 2026
The architectural baseline for the 3.x family. v3.0 was the version that informally rolled out to my Information Security Kentucky services clients before any public availability. It established the core engine — wbadmin-based system imaging, cloud copy, manifest verification, and the multi-tab WinForms interface — that every subsequent release has built on.
New
Core wbadmin Windows system image backup
Cloud copy via robocopy to a sync folder of the customer's choice
Task Scheduler integration for unattended weekly backups
BitLocker monitoring and pre-backup Defender scanning
SHA-256 manifest verification with pre-restore integrity checks
Restore tab including ransomware-extension scanning of backup contents
Optional admin passphrase for users who choose to gate configuration changes behind one
Email alerts via SMTP
Multi-tab WinForms interface — Configure, Schedule, Logs, Restore, About
Download: Not publicly available — older versions were not retained.
Earlier releases (v2.x and older)
VaultGuard's earliest versions were used internally with my services clients before public release as a subscription product.
Staying Informed About New Releases
This page is the authoritative source for VaultGuard release information. For new feature releases, check this page or the [Information Security Kentucky homepage] for announcements.
A more granular notification system — letting you opt in or out of specific release categories — isn't available yet. As VaultGuard's customer base grows, this is one of the first things on the list to build.
Verifying Release Authenticity
Every release listed above is digitally signed by Information Security Kentucky LLC and published with a SHA-256 hash. To verify a download:
Open PowerShell as administrator.
Navigate to the file: cd $env:USERPROFILE\Downloads
Run: Get-FileHash .\VaultGuardBackup_vX.X.X.exe -Algorithm SHA256
Compare the output to the SHA-256 hash listed for that version above.
If the hashes don't match, do not run the file. Email customer service.
Final Note
If you're reading these notes because something broke after an update, email customer service immediately. Regression bugs in a backup product are unacceptable to me, and I treat them as priority issues. The fastest path to a fix is letting me know.