0

I have been dealing with issues where the empty space on the C drive always goes to 0. I would run through the normal steps to empty space. But, the space would always be taken back down to 0. This is problematic because I cannot install any programs or future Windows Updates.

After some searching and working, I found the culprit to be Volume Shadow Copy (see reference here). What is odd is that the System Restore was disabled in sysdm.cpl. But, when I ran vssadmin list shadows, there were 9. I went ahead and deleted them all using vssadmin delete shadows /For=C:.

But, I have no idea what could have created these Volume Shadow Copys to begin with. I ran Windows Defender Deep Scan, BitDefender AntiVirus scan, and MalwareBytes scan and they did not show any detections. I also ran the Eset NOD32 online scan, but there were no detections. From what I can tell, my PC has demonstrated no malware-like behavior and this system is used for personal finance purposes only.

Is there any additional root cause analysis that I can perform to understand what caused this issue to arise in the first place? Any help is greatly appreciated.

Improve this question
5
  • 1
    It's difficult to tell what created those restore points without looking to see when and why the restore point was created through the GUI. I doubt we will be able to identify the reason those restore points were created. Any analysis that was possible is not impossible since those restore points were already deleted.
    – Ramhound
    Commented Jan 4 at 2:20
  • 1
    After some Windows updates, I've noticed Restore Points turned on again, though I'd stopped it before. Also, some applications can do so, e.g., various Windows cleaners such as Wise Disk Cleaner, privacy software such as ShutUp10, etc. This is meant as a safety feature, lest app cause unrecoverable damage -- but usually the user is warned that a Restore point is being created.
    – DrMoishe Pippik
    Commented Jan 4 at 2:55
  • @Ramhound That's the problem - there are no restore points. There are only files in the System Volume Information folder. I cannot delete them manually with TreeSize, I must do so with vssadmin through elevated CMD prompt privileges.
    – J Weezy
    Commented Jan 4 at 4:18
  • Have you looked the VSS setup itself? Maybe it is configured to take copies/snapshots etc.
    – Rohit Gupta
    Commented Jan 4 at 4:19
  • @RohitGupta Yes, it was enabled. But, I don't recall enabling it myself - that is the question that I am attempting to answer and understand.
    – J Weezy
    Commented Jan 22 at 21:56

0

Reset to default

You must log in to answer this question.