Full definition
Introduced in Windows XP/Server 2003. Coordinates VSS Requester (application asking for snapshot), VSS Writer (application component, e.g., SQL Server, Exchange) and VSS Provider (storage driver). Windows Backup, Volume Restore Points and Explorer's 'Previous Versions' feature all depend on VSS. Every modern ransomware family runs vssadmin delete shadows /all /quiet before encrypting, specifically to prevent VSS restore. Post-ransomware recovery via VSS only works if the attacker missed this step, or if shadow copies live on a separate volume the attacker did not reach.
Need to recover data or have a technical question?
Senior engineers in PT, EN and ES.