What W7 Processes Create Shadow Copy?


  1. Posts : 2
    Windows 7 Home Premium 32bit
       #1

    What W7 Processes Create Shadow Copy?


    What processes or services does Windows 7 Home Premium use to create a HarddiskVolumeShadowCopy? I know that W7 backup does this but are there other automated W7 processes that do this? Is there any way to disable these or make them manual?

    I have a problem with NIS 2011 alerting to a possible Boot.Bootlock.B infection with an identified file of HarddiskVolumeShadowCopy#.

    This initially blocked the W7 backup early in the process and manually running W7 backup reproducibly produced the NIS 2011 block and alert.

    I was able to complete the W7 backup successfully by shutting off NIS 2011 and turned off backup. However, I still get the same alert about once after booting. I suspect this is some other W7 restore or backup function that is running automatically but would like to confirm this and, if possible, either turn it off or make it a manual process rather than automatic.

    I think this is a false positive alert because I have run several AV scans (NIS 2011, MalwareBytes, TDSSKiller, esagelab Bootkit Remover) that don't find anything. The NIS 2011 claims to have removed the file but doesn't put anything in quarantine.

    Using Windows 7 Home Premium SP1 fully updated

    Appreciate any help on this.

    Thanks.

    Foreman
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Hi Foreman, I would suggest that you ask your question in the Norton Community discussions Norton Users Discussion Forum - Norton Community
      My Computer


  3. Posts : 2
    Windows 7 Home Premium 32bit
    Thread Starter
       #3

    Jacee,

    Thanks. I've already posted in the Norton forum. My question here is what W7 processes could automatically create a W7 HarddiskShadowCopy other than Backup. I think the answer may be system restore. I can get the detect by manually creating a restore point. I just would like to confirm that W7 can run this automatically and how to disable this.

    Thanks.

    Foreman
      My Computer


  4. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #4

    I think the answer may be system restore
    Yes ... Volume Shadow Copy Service
      My Computer


  5. Posts : 71,975
    64-bit Windows 11 Pro for Workstations
       #5

    Hello Foreman, and welcome to Seven Forums.

    Shadow copies (previous versions) is a part of System Protection in Windows. System Protection is also responsible for restore points. If system protection is turned on for your Windows 7 drive, then Windows will automatically create previous versions and restore points on a scheduled task, and when you manually create a restore point and backup.

    Here are some tutorials that can help explain shadow copies, restore points, and system protection in more detail if you like.


    Hope this helps some,
    Shawn
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:43.
Find Us