Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Defragmenter programs can delete System Restore Points

26 May 2014   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Defragmenter programs can delete System Restore Points

I believe it's possible for any defrag program to cause loss of restore points. It has to do with the Volume Shadow Service cluster size

Quote:
The System Shadow Copy provider uses a copy-on-write mechanism that operates at a 16-KB block level. This is independent of the file system's cluster allocation unit size. If the file system's cluster size is smaller than 16 KB, the System Shadow Copy provider cannot easily determine that disk defragmentation I/O is different from typical write I/O, and performs a copy-on-write operation. This might cause the Shadow Copy storage area to grow very quickly. If the storage area reaches its user-defined limit, the oldest shadow copies are deleted first.
Shadow copies may be lost when you defragment a volume

Quote:
Trick #3: Don't lose your system restore points!

Lost system restore points in Windows are a common complaint with people using disk defragmenters on machines running Vista and later Windows versions. What happens is the defrag operation moves files around causing the Volume Shadow Copy Service (VSS) to create snapshots that overwrite older ones and cause restore points to get deleted. If you have VSS enabled on your hard drive, or if you are not sure if you do, the first thing you should do after installing Auslogics Disk Defrag is go to Program Settings - Algorithms and set the program to defragment in VSS-compatible mode. This prevents excessive growth of the VSS storage area and ensures that your system restore points will remain intact.

Not all defraggers have this option, so be sure to never use the ones that don't if you have VSS enabled.

Defragmenter programs can delete System Restore Points-vss.png
How to Defrag Your Hard Drive Properly

Quote:
#1 Restore Points/VSS

This issue is addressed in Microsoft KB 312067. Defrag activity can purge snapshots off a system. If the drive is formatted in 16K clusters (or a multiple) then steps are taken to minimize purging snapshots or shadow copies. On VSS-enabled drives with a cluster size less than 16K, you need to minimize file movement in order to avoid purging snapshots. By default, PerfectDisk addresses this issue by running in VSS Compatibility Mode with a configurable threshold. The Windows 7 defrag tool has no compatibility mode and will purge the snapshots off a VSS-enabled system.
8 Reasons Why the Best Windows 7 Defrag is Not the Built-in Windows Disk Defragmenter | Raxco Software Blog

Quote:
Minimizing interactions between defragmentation and shadow copies

When possible, move data in blocks aligned relative to each other in 16-kilobyte (KB) increments. This reduces copy-on-write overhead when shadow copies are enabled, because shadow copy space is increased and performance is reduced when the following conditions occur:
The move request block size is less than or equal to 16 KB.
The move delta is not in increments of 16 KB.

The move delta is the number of bytes between the start of the source block and the start of the target block. In other words, a block starting at offset X (on-disk) can be moved to a starting offset Y if the absolute value of X minus Y is an even multiple of 16 KB. So, assuming 4-KB clusters, a move from cluster 3 to cluster 27 will be optimized, but a move from cluster 18 to cluster 24 will not. Note that mod(3,4) = 3 = mod(27,4). Mod 4 is chosen because four clusters at 4 KB each is equivalent to 16 KB. Therefore, a volume formatted to a 16-KB cluster size will result in all move files being optimized.
Defragmenting Files (Windows)

Puran Defrag and VSS

Quote:
"You can uncheck all additional operations in Puran Defrag to run it in VSS compatibility mode. However it is recommended that you format your disk with cluster size > 16K. Please read Puran Defrag help VSS Compatibility section for more info."
Quote:
Simply excluding "System Volume Information" wont help. Here is the text from Puran Defrag help file "VSS Compatibility" section -

· It is highly recommended that you format your drive with cluster size of 16K if you want to defrag it and also do not want to loose Shadow Copies.

· If above is not possible for you then to configure Puran Defrag so that data movement is minimum and shadow copies are not lost or the loss is minimum, uncheck Additional Operations including Fill Gaps, Optimize Drectories, Free Space and PIOZR.
Puran Defrag and VSS | Wilders Security Forums

Some programs have settings to prevent or mitigate this issue, a VSS compatibility mode. Most do not.
Windows by default has a 4K cluster size, and it does not seem wise to change that to a 16K size for this inconsistent issue.

You can determine a drives cluster size by opening a command prompt and typing

fsutil fsinfo ntfsinfo C: (Replace the C with the letter of the drive you want to check)

I think 4k is default? Even my SSD reports that size

Defragmenter programs can delete System Restore Points-clusters.jpg

Defragmenter programs can delete System Restore Points-default.jpg

Also, you can create a text file in notepad with only 1 character and save it. Right click the new text file> Properties

It will show
Size: 1 bytes (1 bytes)
Size on disk: 4.0KB (4,096 bytes)
for example

Defragmenter programs can delete System Restore Points-notepad.jpg

Showing a cluster size of 4k

I think we can assume that most (if not all) users will not have a cluster size of greater then 16k. I think 4k is set as a reason? Therefore, anyone defragging runs the risk of losing restore points. Since it is not that common, I'll assume free space, and space allocated for SR points are the main causes?

Let's use this thread to discuss the issue. A Guy




My System SpecsSystem Spec
.
26 May 2014   #2
gregrocker

 

Thanks Bill. Brilliant explication. This will be good to get the discussion going further, attract google hits on the subject, also to link for those reporting or asking about it. I am hearing about this for some months now.

I guess what I'm still wondering is if there is any way to avoid it. That brings up the discussion if defrag is really even needed. I notice Win7 apparently doesn't any longer schedule a weekly default defrag, at least on my installs recently.

I had migrated to Puran for its boot-time defrag after it helped cut a 2 minute startup time in half. But the reports on Puran causing restore points loss are making me reconsider even advising defrag at all.
My System SpecsSystem Spec
27 May 2014   #3
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

There is likely a commonality amongst those who have the problem. I surmised perhaps free space on the drive, and space allocated for SR points are the main causes, but we may find that there is plenty of both, and yet it still happens. I have used many defragmenter programs over the years (Auslogics, Puran, JK Defrag, etc.), and have never has an issue.

I also use Power Defragmenter which is a GUI for Contig written by Mark Russinovich for Windows Sysinternals

Quote:
How it Works

Contig uses the native Windows NT defragmentation support that was introduced with NT 4.0 (see my documentation of the defrag APIs for more information). It first scans the disk collecting the locations and sizes of free areas. Then it determines where the file in question is located. Next, Contig decides whether the file can be optimized, based on free areas and the number of fragments the file currently consists of. If the file can be optimized, it is moved into the free spaces of the disk.
Contig

Quote:
Contig is designed to defragment individual files,[1] or specified groups of files, and does not attempt to move files to the beginning of the partition. Unlike the Windows built-in defragmenter tool, Contig can defragment individual files, individual directories, and subsets of the file system using wildcards.

Contig does not move any data except that belonging to the file in the question, so the amount it can defragment a file is limited to the largest contiguous block of free space on a system. Use of contig exchanges decreased file fragmentation for increased free space fragmentation.
Contig Defragmentation Utility Wikipedia

I don't know if Contig would have the same issue. If any defrag program could conceivably?

A Guy
My System SpecsSystem Spec
.

27 May 2014   #4
Ocman76

Windows 7 Ultimate x64 SP1
 
 
Puran Defrag

Hi,

I was directed here by gregrocker. I recently used Puran Defrag and created restore points beforehand only to check right after and discover that they had all been deleted. I ran a full boot defrag of my OS drive. If you want some more details let me know.
My System SpecsSystem Spec
27 May 2014   #5
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

I'm wondering if Event viewer would document the deletion of Restore Points for any reason?

A Guy
My System SpecsSystem Spec
27 May 2014   #6
Ocman76

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
I'm wondering if Event viewer would document the deletion of Restore Points for any reason?

A Guy
I could post my event logs here if you want. Just be aware there are probably a bunch of other problems in those logs from my computer haha
My System SpecsSystem Spec
27 May 2014   #7
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Every computer has a ton of entries in Event Viewer. You can try

Start> In search box type Event Viewer> Enter> When the Event viewer opens expand Custom Views, and click on Administrative events

Defragmenter programs can delete System Restore Points-event.jpg

Find the timestamp from when you did the defrag, and see if anything jumps out at you. You could also use the SF Diagnostic Tool - Using for Troubleshooting to capture events. Someone much wiser than I would be required to analyse them though

A Guy


My System SpecsSystem Spec
27 May 2014   #8
Ocman76

Windows 7 Ultimate x64 SP1
 
 

Quote   Quote: Originally Posted by A Guy View Post
Every computer has a ton of entries in Event Viewer. You can try

Start> In search box type Event Viewer> Enter> When the Event viewer opens expand Custom Views, and click on Administrative events

Find the timestamp from when you did the defrag, and see if anything jumps out at you. You could also use the SF Diagnostic Tool - Using for Troubleshooting to capture events. Someone much wiser than I would be required to analyse them though

A Guy
All the stuff in event viewer is too complicated for me to understand I don't know what to look for. However for future reference to anybody that does want to look at my events, I have attached them.


Attached Files
File Type: zip Administrative Events.zip (650.5 KB, 1 views)
My System SpecsSystem Spec
27 May 2014   #9
lehnerus2000

W7 Ultimate SP1, LM18 MATE, W10IP VM, W10 Home, #All 64 bit
 
 

I use Defraggler and it seems to delete System Restore points.
My System SpecsSystem Spec
27 May 2014   #10
andrew129260

Windows 10 Pro
 
 

Almost all third party antivirus programs will delete restore points if it finds infections in them. If you have a rootkit, sometimes it uses the av software to delete all the restore points the user has on purpose by infecting them with a little something. Basically setting a trap for the user.

Not that that matters anyway, under no circumstance should you use system restore to recover from a threat. It is not a good idea in the slightest.

You should always Disable system protection on a very infected pc to clean all restore points for the very nasty ones. This will delete all restore points on the system and will help keep malware from hiding. Then once all the infections are cleaned up, re-enable system protection.
My System SpecsSystem Spec
Reply

 Defragmenter programs can delete System Restore Points




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
System Protection Restore Points - Delete
How to Delete System Protection Restore Points in Windows 7 and Windows 8 This will show you how to delete all, all but the most recent, or individual System Protection restore points for a selected hard disk in Windows 7 and Windows 8. System Restore isn't available for Windows RT. If...
Tutorials
Can't delete old restore points
hi, i'd really like to make some space on my os drive by deleting my restore points but it wont work. i make regular image backups so i dont need them. as seen below it appears that the files have been deleted but they are still available in restore and when i go into the System Volume...
Backup and Restore
can not delete old restore points
Hello here is my problem, an unwanted restore point folder: http://img2.picload.org/image/opggrac/1.jpg http://img4.picload.org/image/opggrap/2.jpg -system protection is turned off for this drive and all restore points are deleted there -cleaner and system restore explorer dont find...
Performance & Maintenance
When does System Restore delete "old" System Restore Points?
When does System Restore delete "old" System Restore Points? A few days ago, there were 3-4 SR points in the list. Today there is only 1. Nothing significant has changed on the system.
Backup and Restore
System Image restore points--How to delete
Hi, I use Win 7, 64 bit and have some System image Restore points with type as Backup. I have tried to delete the same by cc cleaner etc. But the problem is that these system image restore points do not show up in CC cleaner. I can only see them when I go to Control Panel--Recovery--Open system...
Backup and Restore
How to delete please the restore points .......
I have made a picture i am wanting to ONLY delete restore points that are in the red circle. i have seen you can delete , but from what i gather only keep the latest restore point and the rest get deleted ... any help thanks .....
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:33.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App