What W7 Processes Create Shadow Copy?

[Foreman]

What processes or services does Windows 7 Home Premium use to create a HarddiskVolumeShadowCopy? I know that W7 backup does this but are there other automated W7 processes that do this? Is there any way to disable these or make them manual?

I have a problem with NIS 2011 alerting to a possible Boot.Bootlock.B infection with an identified file of HarddiskVolumeShadowCopy#.

This initially blocked the W7 backup early in the process and manually running W7 backup reproducibly produced the NIS 2011 block and alert.

I was able to complete the W7 backup successfully by shutting off NIS 2011 and turned off backup. However, I still get the same alert about once after booting. I suspect this is some other W7 restore or backup function that is running automatically but would like to confirm this and, if possible, either turn it off or make it a manual process rather than automatic.

I think this is a false positive alert because I have run several AV scans (NIS 2011, MalwareBytes, TDSSKiller, esagelab Bootkit Remover) that don't find anything. The NIS 2011 claims to have removed the file but doesn't put anything in quarantine.

Using Windows 7 Home Premium SP1 fully updated

Appreciate any help on this.

Thanks.

Foreman

 

[Jacee]

Hi Foreman, I would suggest that you ask your question in the Norton Community discussions Norton Users Discussion Forum - Norton Community

 

[Foreman]

Jacee,

Thanks. I've already posted in the Norton forum. My question here is what W7 processes could automatically create a W7 HarddiskShadowCopy other than Backup. I think the answer may be system restore. I can get the detect by manually creating a restore point. I just would like to confirm that W7 can run this automatically and how to disable this.

Thanks.

Foreman

 

[Jacee]

I think the answer may be system restore

Yes ... Volume Shadow Copy Service

 

[Brink]

Hello Foreman, and welcome to Seven Forums.

Shadow copies (previous versions) is a part of System Protection in Windows. System Protection is also responsible for restore points. If system protection is turned on for your Windows 7 drive, then Windows will automatically create previous versions and restore points on a scheduled task, and when you manually create a restore point and backup.

Here are some tutorials that can help explain shadow copies, restore points, and system protection in more detail if you like.

• How to Turn System Protection On or Off in Windows 7
• How to Delete System Protection Restore Points in Windows 7
• How to Create a System Restore Point in Windows 7
• How to Change the System Protection Disk Space Usage in Window 7
• How to Restore Files and Folders in Windows 7 with Previous Versions
• How to Delete Shadow Copies in Vista and Windows 7

Hope this helps some,
Shawn