vss shadow folder

i have a physical server with antivirus installed on it.
The antivirus kick start to scan the vas shadow folder when the backup start.
Does the antivirus SHOULD scan this folder?
LVL 1
sara2000Asked:
Who is Participating?
 
JohnBusiness Consultant (Owner)Commented:
Shadow folders have prior copies of a file so it may be current or a version back.

Anti Virus should be able to quarantine a read-only file.

If you have infected files in your shadow storage, that answers your question (as I did above): yes, you should scan it.

Also check why your users are getting viruses. They should be more careful
0
 
JohnBusiness Consultant (Owner)Commented:
I use Symantec Endpoint Protection and it scans those folders. I see no reason not to scan. Run your daily scan at off hours if there seems to be a performance hit.

If a person has a corrupt file (file has a virus) and works on it and saves it, it will hit shadow storage.
0
 
sara2000Author Commented:
John you spot the issue,
Does this vs. shadow folder has a carbon copy of the files and folder or it has a single image file?
I noticed that anti-virus pop up with message saying that there are infected files. my understanding that this vs. shadow folder is read only and anti-virus can not do anything?
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
sara2000Author Commented:
Thank you for your reply.
If backup is active at present  then the vss shadow folder will be  in use by backup software. i believe this will result in read only file.
Will the anti-virus still san/quarantine files if it is infected?
0
 
JohnBusiness Consultant (Owner)Commented:
Once the AV (a good AV) quarantines a file, it has been removed from use. The AV will not continue to scan it. It needs intervention (what will you do with it?).
0
 
matrix8086Commented:
The VSS is used only "to take a picture" of a volume before the backup begins. So the files will be saved at that moment. If during backup a file is modified, the backup will not contain the latest version, but the version of the file at the moment when VSS "took the picture" of the file (before the effective backup begins).

In that manner, VSS permits to an online system to be backed up, with running services and with assuring the consistency of data.

As far as I know (and I use it) the best practice is that the VSS folder and the backup folders to be excluded for AV scans, because of performance issues. You should have a permanent online AV which scans all accessed files in real time. So scanning the VSS folder during backup it is redundant (it scans the file when take the snapshot/"picture" and one more scan when write the file to the backup folder). Of course nothing stops you for that practice, but it is not the best!

Best regards!
0
 
JohnBusiness Consultant (Owner)Commented:
You can do your scans in off hours as I noted. Then during working hours, the AV is only looking at current documents (not shadow storage). Best of both worlds.
0
 
JohnBusiness Consultant (Owner)Commented:
@sara2000  - Thank you and I was happy to help.
0
 
JohnBusiness Consultant (Owner)Commented:
@sara2000  - Thank you and I was happy to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.