Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Excluding Volume Shadow copies from the Real-Time Scan of Worry-Free Business Security (WFBS)

    • Updated:
    • 3 Mar 2021
    • Product/Version:
    • Worry-Free Business Security Services 6.7
    • Platform:
Summary

Volume Shadow Copies serve as a backup or snapshot of computer files or volumes, even when they are in use. On certain instances, infected files can be detected by the WFBS real-time scan within the Volume Shadow copies, but actions cannot be enforced.

This issue happens because the Volume Shadow copies have read-only access.

Details
Public

View the steps to add the Volume Shadow copies to the exclusions lit by clicking on the product that you are using below:

 
Anything added to the exclusions list, whether file or directory, will no longer be scanned by the Security Agent. It is highly recommended to ensure that any detected threats have been resolved before adding files or directories to the exclusions list. If technical assistance is needed, contact Trend Micro Technical Support.
 

To add the Volume Shadow Copies to the exclusion list:

  1. Log in to the WFBS management console.
  2. Go to Device, and select the desired group you want to add the exclusion.
  3. Select Configure Policy.
  4. Under Malware Prevention, click Antivirus/Anti-spyware, then expand the Exclusions option.
  5. Add and list down the Shadow Volume path under Directories.

    WFBS Exclusion list

     

    To list down the absolute path of the Shadow Volume, use an elevated Command Prompt, and run the "vssadmin List Shadows" command.

    • \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy*\
    • \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy*
     

To add the Volume Shadow Copies to the exclusion list:

  1. Log in to the WFBS-SVC console.
  2. Go to Policy Settings, then do either of the following:
    • For Classic Mode: click on the Security Agents menu > select the target group > Configure Policy
    • For Advance Mode: click on the Policies menu, then under Policy Management, select the Policy that would be configured
  3. In the Policy Configuration window, click on Scan Exclusions.
  4. Under Real-Time Scan / Scheduled Scan / Manual Scan, click on Add and list down the Shadow Volume path:

    ShadowVolumeExclusion.png

     

    To list down the absolute path of the Shadow Volume, use an elevated Command Prompt and run the "vssadmin List Shadows" command.

    • \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy*\
    • \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy*
     
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot
Solution Id:
000285726
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.