A simple software utility that can block unauthorized attempts to erase File Shadow Copies of files on your computer, which is usually done by ransomware #Preserve shadow copy #Block ransomware #Protect shadow copy #Shadow copy #Block #Preserve
The Shadow Copy technology is used in Windows to create backup copies or snapshots of files on your computer, even while you are using them, so as to allow the quick recovery of data in case of need. As expected, one of the actions ransomware and other malware, for that matter, takes is attempting to delete the existing shadow copies of files. The reason behind this endeavor is simple: once your files are encrypted by the ransomware, it is much more difficult, if not impossible, to recover them in the absence of a shadow copy.
Having that in mind, ShadowGuard provides a way for you to make sure that shadow copies of file are not deleted without your consent. If active, this tiny application can take action when an application tries to erase shadow copies and stop it completely.
But how does it actually work? ShadowGuard attaches itself as a debugger to specific Windows processes, namely powershell.exe, WMIC.exe or VSSAdmin.ese. Its purpose is to detect commands meant to tamper with shadow copies in due time and blocking the application or process that initiated this action.
To put it another way, ShadowGuard prevents the deletion command from executing and thus, preserve the targeted shadow copies. Then, it sends a termination signal to the application that started the deletion command in the first place, meaning it blocks the actions of what could be ransomware.
Attaching ShadowGuard to the Powershell process can affect other applications that make use of Powershell commands. Please remember to disable it in case you experience problems with an application.
The same goes for the VSSAdmin.exe process, as ShadowGuard might tamper with the well-functioning of backup applications. To avoid such situations, you can create a whitelist containing applications that are allowed to modify or delete shadow copies and are not to be terminated.
ShadowGuard is a simple application, extremely easy to use and manage. However, it does alter the normal functioning of some Windows processes, which might affect third-party applications. You shouldn’t forget to disable it if it happens that an application does not work properly, especially if we are talking about applications that manage volume shadow copies.
ShadowGuard 1.0.1
add to watchlist add to download basket send us an update REPORT- runs on:
-
Windows 10 32/64 bit
Windows 8 32/64 bit
Windows 7 32/64 bit
Windows Vista 32/64 bit
Windows XP 32/64 bit - file size:
- 793 KB
- filename:
- ShadowGuard_Setup.exe
- main category:
- Security
- developer:
- visit homepage
Bitdefender Antivirus Free
Zoom Client
7-Zip
ShareX
4k Video Downloader
Windows Sandbox Launcher
Microsoft Teams
IrfanView
calibre
Context Menu Manager
- IrfanView
- calibre
- Context Menu Manager
- Bitdefender Antivirus Free
- Zoom Client
- 7-Zip
- ShareX
- 4k Video Downloader
- Windows Sandbox Launcher
- Microsoft Teams