The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

What is VSS or Volume Shadow Copy Service in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

In Windows 11/10, if you check Windows Task Manager at different intervals, you may notice that it sometimes contains a VSSVC.exe process running. When you hover your mouse over the process, it says Windows Volume Shadow Copy Service. It is not always running but is triggered by certain events to make a copy of your entire hard disk as a single or multiple sets depending on the number of disks you have. In this post, we will discuss (what is) Microsoft Volume Shadow Copy service in Windows and try to cover as many details as possible.

volume shadow copy service

Hard Disk Backup Vs Hard Disk Imaging

Most of us regularly back up our data files using some third-party program or MS-DOS commands like XCOPY. When we are backing up, our main intention is to create and retain the latest possible copies of our important data files. Thus, Hard Disk backup is mainly associated with data files.

On the contrary, we create an image of the entire hard disk or at least the system drive so that we can use it in the event of facing a corrupt operating system. The main reason behind disk imaging is that manually installing the operating system and then installing, configuring each application we use, takes up much time and effort. If you have an image of the system drive, we can simply boot using the device where the image is stored and restore the system drive so that it is usable again. Thus, disk imaging is more of backing up system files and properties rather than user data.

In short, you back up your data files, and you create an image of your system drive (program files/settings). When you restore using backed-up data, you get back the last backed-up data files. When you use imaging to restore your computer, you are copying back the program files, OS state, and properties – including the Windows registry and other databases/files relevant to the operating system.

Thus there is a difference between backing up data and creating a disk image. I hope I was able to clarify the difference here.

The Volume Shadow Copy service in Windows is relevant to disk imaging. The service is used to restore your computer – complete drive or a folder – to some previous state.

Volume Shadow Copy in Windows 11/10

When you right-click on a folder in Windows, you get the option saying “Previous versions”. You might have used the option as well to restore the folder settings and sometimes the content to a previous state. Similarly, you know that you can use the system restore to restore your computer to a previous state. Of course, there will be a loss of some programs and changes that you made recently, but compared to the turmoil of having to get all that stuff working using manual means, restoring is pretty easy.

The VSS service is also used by third-party programs to create a disk image whenever you want. On its own, the VSS starts upon certain triggers, to create an image of the system drive and other disks/drives associated with the computer in question. If all the drive types are of the same type – i.e., NTFS, it takes a single snapshot. If the drives are of different types and maybe also from different makes or models, the VSS takes a series of snapshots for each type of drive. Be it a single snapshot or set of snapshots, they are stored in a well-protected area of your system drive and are assigned a unique ID (date-time stamp) with which, they can be used to restore entire system drive or a folder therein, to a previous state.

Remember that, for VSS to function, the system drive needs to be the NTFS type. It won’t work if you are still using FAT32. Anyway, post-Windows XP, the system drives have always been NTFS thereby allowing VSS to function without any problems.

According to Microsoft, VSS is defined as follows:

“The Volume Shadow Copy Service (VSS) is a set of COM interfaces that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes.”

The definition stresses the fact that while other programs make you wait – sometimes for hours – for backing up data or imaging, the VSS takes few seconds (up to 60 seconds) to create an image of the system drive. The definition also specifies that you can continue working with other applications while VSS is running. In the case of backing up or imaging a computer drive using third-party programs, you have to wait until the operation is complete because you would not want to write to the hard disk drive that is being backed up.

Read: Use Vssadmin command-line to manage VSS.

How does VSS Work

There are three important functions called by VSS to create a snapshot:

  1. Freeze: For a moment, the Hard Disk is marked read-only so that nothing new can be written on it;
  2. Snap: Imaging the drive with parameters necessary to reconstruct that snap whenever necessary in the future;
  3. Unfreeze: Release the Hard Disk so that fresh data can be written to it. Since you continue to work while VSS is functioning, there may be another process that holds your input in some memory section until the Snap process is over.

The entire process is fast – so that you do not have to stop working. Going back to the definition, it takes up to a minute only to create a snapshot or a series of snapshots – depending upon the drive types and makes.

The Volume Shadow Copy Service in Windows provides two features:

  1. It stays side by side with the existing, working volume without interfering or obstructing user applications;
  2. It provides an API for third-party programs to create an image and to restore the volume or part thereof – to a previous state that is stored as a snapshot or a set of snapshots.

That means that most of the third-party programs that we use for imaging the hard disks, employ the VSS service. It also means that if the VSS service is stopped, some of the third-party programs will not function – i.e., they will not be able to create a disk image.

You can also use ShadowExplorer to access & restore Shadow Copies.

TIP: This post will help you if you face VSSVC.exe high disk usage issue.

Starting with Windows 8, Microsoft has introduced a feature called File History. File History saves copies of your Libraries, Desktop, Favorites, and Contacts so that you can get them back anytime if they are ever lost or damaged. While System Restore allows you to completely restore your computer to an earlier state, File History lets you restore your files and data from an earlier point in time.

Read next: The VSS service is shutting down due to idle timeout.

ArunKumar@TWC

Arun Kumar has been a Microsoft MVP (2010-12). He is obsessed with technology, especially the Internet. He deals with the multimedia content needs of training and corporate houses.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap