- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to restore folders using ShadowExplorer
05/15/2020 
1 People found this article helpful
35,032 Views
Description
This Article explains about restoring folders and files using ShadowExplorer.
Resolution
To restore shadow copies:
You can restore folders and files affected in the threat group with granular control, using third-party tools. This procedure uses the ShadowExplorer. We cannot be responsible for the results. We offer these steps as extra information. See the ShadowExplorer documentation.
- Download ShadowExplorer.
- Install and run it. See ShadowExplorer.com for instructions.
- In the main window, select the drive and backup time of the restore point.
- Select the folders and files to restore.
- Right-click and select Export.
- In the window that opens, create or select a folder.
- Click OK.
To disable VSS protection completely:
These steps turn off VSS and Rollback completely. If you want to stop taking new snapshots temporarily, use the Interval Change steps.
- Turn off the Agent self-protection. With the passphrase that you copied, run:
sentinelctl.exe unprotect -k "<passphrase>"
- Turn off VSS protection:
sentinelctl config -p agent.vssConfig.vssProtection -v false
sentinelctl config -p agent.vssSnapshots -v false
- Turn on the Agent self-protection:
sentinelctl.exe protect
- Reboot the endpoint.
To delete snapshots:
Important: This procedure uses vssadmin, which is a Microsoft tool. For help with vssadmin specific issues, please contact Microsoft.
- Turn off the Agent self-protection. With the passphrase that you copied, run:
sentinelctl.exe unprotect -k "<passphrase>"
- Disable deletion-protection for shadow copies. Run:
sentinelctl config -p vssConfig.vssProtection -v false - Open cmd or powershell as administrator and run the relevant command:
- To delete all shadow copies: vssadmin delete shadows /all
- To delete the oldest: vssadmin delete shadows /For=C:/Oldest
- To select shadow copies to delete, get a list of the shadow copy IDs and then delete by ID:
vssadmin list shadows
vssadmin delete shadows /shadow=<ShadowID>
- If you see this error:
Error: Snapshots were found, but they were outside of your allowed context. Try removing them with the backup application which created them.
- Log i as an administrator. Membership in the local Administrators group, or equivalent, is required to run DiskShadow.
- Start DiskShadow: Diskshadow
- Run: delete shadows all
- Turn on the Agent self-protection:
sentinelctl.exe protect
Related Articles
- Upgrading and Migrating Clients to Capture Client 3.6
- How do I send capture client TSR to tech support
- Recommendations for Ransomware Protection with Capture Client
YES
NO