Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.comp.os.windows-11 > #17982

Re: MS Shadow Copy service

From Paul <nospam@needed.invalid>
Newsgroups alt.comp.os.windows-11
Subject Re: MS Shadow Copy service
Date 2025-03-27 02:51 -0400
Organization A noiseless patient Spider
Message-ID <vs2sh3$3m25b$1@dont-email.me> (permalink)
References <mmeetj10722sjsmv75k70itprmtmomnjtu@4ax.com> <12vetjlbjnqjva8gd3rknu419n2mhce7nd@4ax.com> <vr8alq$3edg5$1@dont-email.me> <g3f9ujdh5robb5cr73fj9r5shr63403rl0@4ax.com>

Show all headers | View raw

On Thu, 3/27/2025 1:00 AM, micky wrote:

> I only have win11 on this machine.  Should I turn off Real Time
> Protection, or all of the protections, and Shutdown and then Reboot?
> Will that make something stop running?  Or only erase these entries? 
> 
> It doesn't seem important if it's only to erase these entries, but maybe
> that would save me a lot of space?  
> 
> Or maybe I shouldn't delete  these until the next time I run a full
> backup??????    Not sure why a full backup has not run again already. 

The command:

   vssadmin list shadows

tells us they exist, but it might not identify who "set" them.

What I was doing, was using my powers of guessing.

You might remember in WinXP, there were "Restore Points". If
you installed a driver, as long as System Protection was enabled,
the OS would make a "Restore Point" before the driver was installed.
You could roll back the Restore Point, to return a portion of the
file system, to its previous state.

If you turn off System Restore, in the System Protection setting

    [Picture]

     https://i.postimg.cc/28qnbHpG/restore-points-use-shadows.gif

... that has nothing to do with Windows Defender (Microsoft Defender)
and RealTime AV scanning. Windows Defender doesn't use shadows :-)
Thank goodness.

Your backup software can also use shadows. and you are right to identify
certain types of backup activity, as the source of some shadows.
I do "Fulls" and I don't think those leave too much cruft (the shadow
or snapshot can be removed after the backup is finished).
I would guess "Differential" and "Incremental" *might* use shadows.

Your shrewd guess that Macrium is involved, is probably it.
While it could be the System Protection in the picture above,
if you're not in need of the Restore Points, you can click
the Delete button, and the shadows that currently exist
should be removed, and then, if and when more Restore Points
get added, they would be created again. In WinXP days, an RP
was created every day. The W10/W11 approach is different, in
that "safety" RPs are created at a much lower frequency, and
there will be more of the "on-demand" type, where you're installing
software or are doing Windows Update, and a new RP is created when
that is starting.

For the average person, the "suspect list" is pretty short.
Restore Points might be a source of shadow activity.
And backup software might do it too. For some modes
of operation.

*******

I got to see something weird the other day. I was doing some
cleanup on the other machine. I figured "OK, let's do a defrag".
The defragment is running. I'm looking at the Optimize panel.
Normally, you see "Defrag" "Consolidate" "Defrag" "Consolidate"
and the Pass number increments.

It was up to around ten passes of that, and the disk drive LED
is flashing as you would expect for each phase. Then on the
eleventh pass, just "Consolidate" appears and the percentage
number starts to increment. I look over and *the disk LED is not flashing*.
It does another pass. It Consolidates (in theory, moves large
blocks of defragmented data to elsewhere on the disk). Yet,
again, the disk light will not flash! It must have done
around six passes of fake data movement, each time wasting
my time by pretending the percentage indicator was doing
real work.

Was that a shadow ? What was that ? I haven't a clue myself.
But it's the first time I've ever seen one like that.

   Paul

Back to alt.comp.os.windows-11 | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-16 17:02 -0400
  Re: MS Shadow Copy service User One <noreply@invalid.com> - 2025-03-16 22:03 +0000
    Re: MS Shadow Copy service Stan Brown <the_stan_brown@fastmail.fm> - 2025-03-16 20:42 -0700
    Re: MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-29 00:50 -0400
      Re: MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-29 01:38 -0400
  Re: MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-16 21:49 -0400
    Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-17 00:46 -0400
      Re: MS Shadow Copy service "Carlos E.R." <robin_listas@es.invalid> - 2025-03-17 13:16 +0100
        Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-17 11:25 -0400
          Re: MS Shadow Copy service "Carlos E.R." <robin_listas@es.invalid> - 2025-03-17 19:50 +0100
            Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-17 15:27 -0400
              Re: MS Shadow Copy service "Carlos E.R." <robin_listas@es.invalid> - 2025-03-17 21:34 +0100
                Re: MS Shadow Copy service Frank Slootweg <this@ddress.is.invalid> - 2025-03-18 14:45 +0000
                Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-18 20:13 -0400
    Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-17 01:07 -0400
      Re: MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-27 01:00 -0400
        Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-27 02:51 -0400
  Re: MS Shadow Copy service Newyana2 <newyana@invalid.nospam> - 2025-03-17 08:41 -0400
    Re: MS Shadow Copy service Frank Slootweg <this@ddress.is.invalid> - 2025-03-17 16:45 +0000
      Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-17 15:32 -0400
        Re: MS Shadow Copy service Newyana2 <newyana@invalid.nospam> - 2025-03-17 17:27 -0400
          Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-17 18:16 -0400
          Re: MS Shadow Copy service Frank Slootweg <this@ddress.is.invalid> - 2025-03-18 13:49 +0000
  Re: MS Shadow Copy service Frank Slootweg <this@ddress.is.invalid> - 2025-03-17 16:36 +0000
    Re: MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-27 01:05 -0400
      Re: MS Shadow Copy service Char Jackson <none@none.invalid> - 2025-03-28 00:27 -0500
        Re: MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-28 12:17 -0400
  Re: MS Shadow Copy service ...w¡ñ§±¤ñ  <winstonmvp@gmail.com> - 2025-03-17 10:44 -0700
    Re: MS Shadow Copy service Newyana2 <newyana@invalid.nospam> - 2025-03-17 17:28 -0400
      Re: MS Shadow Copy service Paul <nospam@needed.invalid> - 2025-03-17 18:50 -0400
      Re: MS Shadow Copy service ...w¡ñ§±¤ñ  <winstonmvp@gmail.com> - 2025-03-20 11:52 -0700
        Re: MS Shadow Copy service micky <NONONOmisc07@fmguy.com> - 2025-03-27 01:09 -0400

csiph-web