Windows 10: Windows Defender incorrectly reports threat in Volume Shadow Copy

Discus and support Windows Defender incorrectly reports threat in Volume Shadow Copy in Windows 10 Software and Apps to solve the problem; In order to troubleshoot a network issue I downloaded netcat ncat.exe. Windows Defender classifies this as a "hack tool" and attempts to quarantine it.... Discussion in 'Windows 10 Software and Apps' started by jhg6308, Dec 5, 2021.

  1. jhg6308 Win User

    Windows Defender incorrectly reports threat in Volume Shadow Copy


    In order to troubleshoot a network issue I downloaded netcat ncat.exe. Windows Defender classifies this as a "hack tool" and attempts to quarantine it. It is not malware, it is a network debugging tool with legitimate uses. I was able to whitelist the executable so Windows Defender does not complain about the actual file. However, it now appears in several Volume Shadow copies, so when my nightly backup runs, Windows Defender complains that it found a threat. It's been doing this every day for months. I tried cleaning up shadow copies as suggested several places on the web, but every time a

    :)
     
    jhg6308, Dec 5, 2021
    #1

  2. Exclude backups (Volume Shadow Copy) from Windows Defender

    I'm not sure that excluding a volume shadow copy is actually what you need to do. I thought I was in the same boat as you... Windows Backup and Restore was reporting failed backups due to malware. The only references I could find in Windows Defender was to a path similar to Device\HarddiskVolumeShadowCopy5\Download\something.crx, and searching similar paths on my actual drives wasn't turning anything up.

    My first clue was when I tried to redo the backup manually, I noticed the first step was "Create Shadow Volume." This made me think that Defender must not be so stupid after all, and perhaps it was catching something being copied from a source drive. After futher investigation, turns out some symbolic links (folder aliases) I had created was confusing the issue and I finally did turn up the reported file (downloaded over 5 years ago!) that it was complaining about. Now why full scans from Defender doesn't find it, but real time access during backup does, is a separate issue.

    Likely you aren't as inept as me with locating the reported malware file(s), but maybe you do have a tenacious bad guy that is either having trouble being cleaned up, yet hiding itself well, or that keeps re-infecting the system from another vector.
     
    DannyMeister, Dec 5, 2021
    #2
  3. Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.

    Hi,

    Thank you for getting back with a reply.

    I suggest you to start the Volume shadow copy service and check. Follow these steps:

    a. Click Start and type services.msc in the search box.

    b. Search for the Volume shadow copy service and make sure the start- up type is automatic.

    i. Right click on the service

    ii. If the service is stopped, then Start the service

    iii. Select Properties

    iv. And in the Start-up type select Automatic.

    c. Click Ok.

    Keep us posted on Windows related queries and we will be happy to assist you further.
     
    Nachappa C K, Dec 5, 2021
    #3
  4. biconix Win User

    Windows Defender incorrectly reports threat in Volume Shadow Copy

    Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.

    I am getting a bunch of errors in the application log related to the Volume Copy Service. I first noticed it when I tried to create a recovery drive and the error simply said that "A problem occurred while creating the recovery drive"

    I examined the application log and noticed that this error occurs periodically, not only when I try to create the drive. I included the four errors below.

    What do I need to do to fix this?

    I am using a Surface pro 4, windows 10 with up to the minute patches. I also have installed carbonite but I doubt this is the cause as I did not encounter this problem on previous PCs

    Thanks in advance for any assistance

    Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance
    on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered

    ].

    Operation:

    Obtain a callable interface for this provider

    List interfaces for all providers supporting this context

    Check If Volume Is Supported by Provider

    Add a Volume to a Shadow Copy Set
    Context:

    Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}

    Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}

    Snapshot Context: 4194304

    Snapshot Context: 4194304

    Execution Context: Coordinator

    Provider ID: {00000000-0000-0000-0000-000000000000}

    Volume Name: \\?\Volume{acda900a-c1f6-4b66-831d-a54d0f93e6db}\

    Execution Context: Coordinator

    Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered

    ].
    Operation:

    Obtain a callable interface for this provider

    List interfaces for all providers supporting this context

    Check If Volume Is Supported by Provider

    Add a Volume to a Shadow Copy Set

    Context:

    Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}

    Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}

    Snapshot Context: 4194304

    Snapshot Context: 4194304

    Execution Context: Coordinator

    Provider ID: {00000000-0000-0000-0000-000000000000}

    Volume Name: \\?\Volume{acda900a-c1f6-4b66-831d-a54d0f93e6db}\

    Execution Context: Coordinator

    Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from
    CoCreateInstance on class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} and Name SW_PROV is [0x80040154, Class not registered

    ].
    Operation:

    Obtain a callable interface for this provider

    Add a Volume to a Shadow Copy Set

    Context:

    Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}

    Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}

    Snapshot Context: 4194304

    Execution Context: Coordinator

    Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {3e02620c-e180-44f3-b154-2473646e4cb8} [0x80040154, Class not registered

    ].
    Operation:

    Obtain a callable interface for this provider

    Add a Volume to a Shadow Copy Set
    Context:

    Provider ID: {74600e39-7dc5-4567-a03b-f091d6c7b092}

    Class ID: {3e02620c-e180-44f3-b154-2473646e4cb8}

    Snapshot Context: 4194304

    Execution Context: Coordinator
     
    biconix, Dec 5, 2021
    #4
Thema:

Windows Defender incorrectly reports threat in Volume Shadow Copy

Loading...
  1. Windows Defender incorrectly reports threat in Volume Shadow Copy - Similar Threads - Defender incorrectly reports

  2. Volume shadow copy error

    in Windows 10 BSOD Crashes and Debugging
    Volume shadow copy error: Event viewer error.Unexpected error calling routine ConvertStringSidToSidS-1-5-21-442981339-3756801702-44240739-1001.bak hr=0x80070359.The security structure is invalid.Any clues, please?...
  3. Volume shadow copy error

    in Windows 10 Gaming
    Volume shadow copy error: Event viewer error.Unexpected error calling routine ConvertStringSidToSidS-1-5-21-442981339-3756801702-44240739-1001.bak hr=0x80070359.The security structure is invalid.Any clues, please?...
  4. Volume shadow copy error

    in Windows 10 Software and Apps
    Volume shadow copy error: Event viewer error.Unexpected error calling routine ConvertStringSidToSidS-1-5-21-442981339-3756801702-44240739-1001.bak hr=0x80070359.The security structure is invalid.Any clues, please?...
  5. Volume Shadow Copy Service Not Working

    in Windows 10 Gaming
    Volume Shadow Copy Service Not Working: I am trying to backup my files but it is disabled. https://answers.microsoft.com/en-us/windows/forum/all/volume-shadow-copy-service-not-working/1d0404ed-9d64-47cb-a1a6-19242309da97
  6. Volume Shadow Copy Service Not Working

    in Windows 10 Installation and Upgrade
    Volume Shadow Copy Service Not Working: I am trying to backup my files but it is disabled. https://answers.microsoft.com/en-us/windows/forum/all/volume-shadow-copy-service-not-working/1d0404ed-9d64-47cb-a1a6-19242309da97
  7. Windows Defender incorrectly reports threat in Volume Shadow Copy

    in Windows 10 Gaming
    Windows Defender incorrectly reports threat in Volume Shadow Copy: In order to troubleshoot a network issue I downloaded netcat ncat.exe. Windows Defender classifies this as a "hack tool" and attempts to quarantine it. It is not malware, it is a network debugging tool with legitimate uses. I was able to whitelist the executable so Windows...
  8. Windows Defender incorrectly reports threat in Volume Shadow Copy

    in AntiVirus, Firewalls and System Security
    Windows Defender incorrectly reports threat in Volume Shadow Copy: In order to troubleshoot a network issue I downloaded netcat ncat.exe. Windows Defender classifies this as a "hack tool" and attempts to quarantine it. It is not malware, it is a network debugging tool with legitimate uses. I was able to whitelist the executable so Windows...
  9. Windows Defender Whitelist and Volume Shadow Copy

    in AntiVirus, Firewalls and System Security
    Windows Defender Whitelist and Volume Shadow Copy: In order to troubleshoot a network issue I downloaded netcat ncat.exe. Windows Defender classifies this as a "hack tool" and attempts to quarantine it. It is not malware, it is a network debugging tool. I was able to whitelist the executable. However, it now appears in...
  10. Volume Shadow Copy and Restore Points

    in Windows 10 Installation and Upgrade
    Volume Shadow Copy and Restore Points: I am noticing I cant find my Automatic Restore Points AND I cant find the Restore Points Windows creates after a Quality Update .. in the System Restore application. I just checked my Task Scheduler for Restore Points and the last task to create an Automatic Restore point...