How to restore folders using ShadowExplorer 05/15/2020 1 People found this article helpful 35,032 Views Description This Article explains about restoring folders and files using ShadowExplorer. Resolution To restore shadow copies: You can restore folders and files affected in the threat group with granular control, using third-party tools. This procedure uses the ShadowExplorer. We cannot be responsible for the results. We offer these steps as extra information. See the . ShadowExplorer documentation . Download ShadowExplorer Install and run it. See ShadowExplorer.com for instructions. In the main window, select the drive and backup time of the restore point. Select the folders and files to restore. Right-click and select Export. In the window that opens, create or select a folder. Click OK. To disable VSS protection completely: These steps turn off VSS and Rollback completely. If you want to stop taking new snapshots temporarily, use the Interval Change steps. Turn off the Agent self-protection. With the passphrase that you copied, run: sentinelctl.exe unprotect -k "< passphrase>" Turn off VSS protection: sentinelctl config -p agent.vssConfig.vssProtection -v false sentinelctl config -p agent.vssSnapshots -v false Turn on the Agent self-protection: sentinelctl.exe protect Reboot the endpoint. To delete snapshots: Important: This procedure uses , which is a Microsoft tool. For help with vssadmin specific issues, please contact Microsoft. vssadmin Turn off the Agent self-protection. With the passphrase that you copied, run: sentinelctl.exe unprotect -k "< passphrase>" Disable deletion-protection for shadow copies. Run: sentinelctl config -p vssConfig.vssProtection -v false Open cmd or powershell as administrator and run the relevant command: To delete all shadow copies: vssadmin delete shadows /all To delete the oldest: vssadmin delete shadows /For=C:/Oldest To select shadow copies to delete, get a list of the shadow copy IDs and then delete by ID: vssadmin list shadows vssadmin delete shadows /shadow= <ShadowID> Error: Snapshots were found, but they were outside of your allowed context. Try removing them with the backup application which created them. Log i as an administrator. Membership in the local Administrators group, or equivalent, is required to run DiskShadow. Start DiskShadow: Diskshadow Run: delete shadows all Turn on the Agent self-protection: sentinelctl.exe protect Related Articles Categories Was This Article Helpful?