Keep your Volume Shadow Copy in Windows 10 safe [Ransomware]

Loredana Harsana
by Loredana Harsana
Editor
0 Comments
Download PDF
Affiliate Disclosure

  • Ransomware often deletes Windows shadow copies using Microsoft's vssadmin.exe program.
  • You can now use Raccine in order to terminate all processes that try to delete Shadow volumes.
  • Make no compromises and take a look at these reliable ransomware Windows 10 decrypt tools.
  • As a privacy-conscious user, do not hesitate to visit and even bookmark this Security News Hub.

Isn’t at all uncommon to see ransomware deleting all Windows shadow copies using vssadmin. However, things are about to change thanks to Raccine.

Users worldwide are aware of the issue and look for reliable solutions. Here’s what one of them says:

Most modern ransomware removes shadow copies though.

You can now use Raccine to terminate all processes that try to delete Shadow volumes using exactly Microsoft‘s vssadmin.exe program.

The good news is that it always acts before ransomware stands a chance to start encrypting data on your PC.

What is Volume Shadow Copy Windows 10?

backup copies

Volume Shadow Copy Service or VSS is a special Microsoft Windows technology used to create backup copies or snapshots of volumes or computer files.

This can happen even when they are in use. Just remember that for volumes under 500 megabytes, the free space required if of minimum 50 megabytes.

For volumes over 500 megabytes, the number changes to a minimum of 320 megabytes this time.

How can I install and use Raccine?

  1. Firstly, download Raccine.exe into your PC.
  2. Then, use an elevated command prompt to copy it to the C:\Windows folder.elevated command prompt
  3. Up next, also download the raccine-reg-patch.reg Registry file.
  4. Don’t hesitate to double-click on it.
  5. When it prompts you to merge the contents into the Registry, don’t hesitate to give it your permission to do so.

Raccine basically works by registering the raccine.exe executable as a debugger for vssadmin.exe. It does so by using the Image File Execution Options Windows registry key.

Once you register raccine.exe as a debugger, every time vssadmin.exe is executed, it will also launch Raccine, which will check to see if vssadmin is trying to delete shadow copies.

If it happens to discover that a process is indeed using vssadmin delete, it will automatically terminate the process.

How to delete Shadow copies Windows 10?

If your wish is to delete Shadow copies in Windows 10, then click the Win + R keyboard shortcut to open the Run dialog, input SystemPropertiesProtection, and press Enter.

Up next, you just need to select a partition to delete all these shadow copies from, and choose Configure.

Finally, make sure to press Delete in order to remove all restore points from this drive or partition, and click Apply.

Delete

You can delete shadow copies to free up space in your computer but never think of that any longer due to ransomware threats.

Raccine can easily solve this particular issue. Let us know in the comments area below if you tried it already.