sara2000
asked on
vss shadow folder
i have a physical server with antivirus installed on it.
The antivirus kick start to scan the vas shadow folder when the backup start.
Does the antivirus SHOULD scan this folder?
The antivirus kick start to scan the vas shadow folder when the backup start.
Does the antivirus SHOULD scan this folder?
ASKER
John you spot the issue,
Does this vs. shadow folder has a carbon copy of the files and folder or it has a single image file?
I noticed that anti-virus pop up with message saying that there are infected files. my understanding that this vs. shadow folder is read only and anti-virus can not do anything?
Does this vs. shadow folder has a carbon copy of the files and folder or it has a single image file?
I noticed that anti-virus pop up with message saying that there are infected files. my understanding that this vs. shadow folder is read only and anti-virus can not do anything?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your reply.
If backup is active at present then the vss shadow folder will be in use by backup software. i believe this will result in read only file.
Will the anti-virus still san/quarantine files if it is infected?
If backup is active at present then the vss shadow folder will be in use by backup software. i believe this will result in read only file.
Will the anti-virus still san/quarantine files if it is infected?
Once the AV (a good AV) quarantines a file, it has been removed from use. The AV will not continue to scan it. It needs intervention (what will you do with it?).
The VSS is used only "to take a picture" of a volume before the backup begins. So the files will be saved at that moment. If during backup a file is modified, the backup will not contain the latest version, but the version of the file at the moment when VSS "took the picture" of the file (before the effective backup begins).
In that manner, VSS permits to an online system to be backed up, with running services and with assuring the consistency of data.
As far as I know (and I use it) the best practice is that the VSS folder and the backup folders to be excluded for AV scans, because of performance issues. You should have a permanent online AV which scans all accessed files in real time. So scanning the VSS folder during backup it is redundant (it scans the file when take the snapshot/"picture" and one more scan when write the file to the backup folder). Of course nothing stops you for that practice, but it is not the best!
Best regards!
In that manner, VSS permits to an online system to be backed up, with running services and with assuring the consistency of data.
As far as I know (and I use it) the best practice is that the VSS folder and the backup folders to be excluded for AV scans, because of performance issues. You should have a permanent online AV which scans all accessed files in real time. So scanning the VSS folder during backup it is redundant (it scans the file when take the snapshot/"picture" and one more scan when write the file to the backup folder). Of course nothing stops you for that practice, but it is not the best!
Best regards!
You can do your scans in off hours as I noted. Then during working hours, the AV is only looking at current documents (not shadow storage). Best of both worlds.
@sara2000 - Thank you and I was happy to help.
@sara2000 - Thank you and I was happy to help.
If a person has a corrupt file (file has a virus) and works on it and saves it, it will hit shadow storage.