-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to restore folders using ShadowExplorer
05/15/2020 
1 People found this article helpful
495,783 Views
Description
This Article explains about restoring folders and files using ShadowExplorer.
Resolution
To restore shadow copies:
You can restore folders and files affected in the threat group with granular control, using third-party tools. This procedure uses the ShadowExplorer. We cannot be responsible for the results. We offer these steps as extra information. See the ShadowExplorer documentation.
- Download ShadowExplorer.
- Install and run it. See ShadowExplorer.com for instructions.
- In the main window, select the drive and backup time of the restore point.
- Select the folders and files to restore.
- Right-click and select Export.
- In the window that opens, create or select a folder.
- Click OK.
To disable VSS protection completely:
These steps turn off VSS and Rollback completely. If you want to stop taking new snapshots temporarily, use the Interval Change steps.
- Turn off the Agent self-protection. With the passphrase that you copied, run:
sentinelctl.exe unprotect -k "<passphrase>"
- Turn off VSS protection:
sentinelctl config -p agent.vssConfig.vssProtection -v false
sentinelctl config -p agent.vssSnapshots -v false
- Turn on the Agent self-protection:
sentinelctl.exe protect
- Reboot the endpoint.
To delete snapshots:
Important: This procedure uses vssadmin, which is a Microsoft tool. For help with vssadmin specific issues, please contact Microsoft.
- Turn off the Agent self-protection. With the passphrase that you copied, run:
sentinelctl.exe unprotect -k "<passphrase>"
- Disable deletion-protection for shadow copies. Run:
sentinelctl config -p vssConfig.vssProtection -v false - Open cmd or powershell as administrator and run the relevant command:
- To delete all shadow copies: vssadmin delete shadows /all
- To delete the oldest: vssadmin delete shadows /For=C:/Oldest
- To select shadow copies to delete, get a list of the shadow copy IDs and then delete by ID:
vssadmin list shadows
vssadmin delete shadows /shadow=<ShadowID>
- If you see this error:
Error: Snapshots were found, but they were outside of your allowed context. Try removing them with the backup application which created them.
- Log i as an administrator. Membership in the local Administrators group, or equivalent, is required to run DiskShadow.
- Start DiskShadow: Diskshadow
- Run: delete shadows all
- Turn on the Agent self-protection:
sentinelctl.exe protect
Related Articles
- SentinelOne agent command line tool
- Capture Client Agent Return Codes - Phase 1
- Configure Email and Notification(Alerts) in Capture Client for Tenants
YES
NO