Skip to main content

VSS (Volume Shadow Copy Services) Protection feature in Sentinel One Antivirus software

Ilija

 

The VSS (Volume Shadow Copy Service) Protection feature in Sentinel One is designed to safeguard the integrity of Volume Shadow Copies on your system. 

Sentinel One utilizes Volume Shadow Copy (VSS) to create backups of your documents. In case of an infection, this feature allows you to restore specific files instead of rolling back the entire VM. It typically consumes around 10% to 20% of the storage. While we find this feature to be great in most scenarios, if you don't like it, we could disable it per your request on one or all VMs that is up to your preference.

Here's an explanation of its purpose and how it works:

What is VSS?

  • Volume Shadow Copy Service (VSS) is a Microsoft technology that creates snapshots of data on a volume. These snapshots allow you to back up or restore files, including those that are open or in use.
  • It is commonly used by backup software and system restore tools.

Why is VSS Protection Needed?

  • Cyberattacks, particularly ransomware, often target VSS snapshots. Attackers delete these snapshots to prevent users from recovering their data after encrypting it.
  • Sentinel One's VSS Protection prevents this by monitoring and blocking unauthorized deletion or tampering with shadow copies.

How Does VSS Protection Work in Sentinel  One?

  1. Monitoring Shadow Copy Activities:
  2. Sentinel One monitors processes that attempt to delete or modify VSS snapshots.
  3. Blocking Malicious Activities:
  4. If Sentinel One detects an attempt to tamper with VSS snapshots (e.g., by ransomware), it blocks the process in real time to preserve the shadow copies.
  5. Logging Events:
  6. Any blocked attempt to delete or alter shadow copies is logged in the Sentinel  One console, providing visibility for administrators.
  7. Support for Recovery:
  8. By protecting shadow copies, VSS Protection ensures you have a way to recover your files without relying on external backups in case of a ransomware attack or other data loss incidents.



 

Key Benefits of VSS Protection in Sentinel One:

  • Ransomware Resilience: It makes recovery possible by preserving VSS snapshots even after an attack.
  • Data Recovery: Ensures you can restore previous versions of files or the system state.
  • Minimal Impact: Works in the background without affecting system performance.

Let us know if you need further assistance. 🚀


 

Related articles

Comments

0 comments

Please sign in to leave a comment.