Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 1.60%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.09%
6.3.9600.16384 (winblue_rtm.130821-1623) 1.95%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.39%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.22%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.04%
6.2.9200.16384 (win8_rtm.120725-1247) 1.86%
6.2.9200.16384 (win8_rtm.120725-1247) 7.53%
6.2.9200.16384 (win8_rtm.120725-1247) 0.39%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.09%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.09%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.04%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.09%
6.1.7600.16385 (win7_rtm.090713-1255) 5.23%
6.1.7600.16385 (win7_rtm.090713-1255) 37.98%
6.1.7600.16385 (win7_rtm.090713-1255) 17.52%
6.1.7600.16385 (win7_rtm.090713-1255) 3.46%
6.1.7600.16385 (win7_rtm.090713-1255) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 0.04%
6.0.6002.18005 (lh_sp2rtm.090410-1830) 5.88%
6.0.6002.18005 (lh_sp2rtm.090410-1830) 1.30%
6.0.6001.18000 (longhorn_rtm.080118-1840) 0.04%
6.0.6001.18000 (longhorn_rtm.080118-1840) 0.39%
6.0.6000.16386 (vista_rtm.061101-2205) 0.39%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW, LookupAccountSidW, ConvertSidToStringSidW, GetLengthSid, FreeSid, AllocateAndInitializeSid, RegQueryInfoKeyW, RegEnumValueW, RegDeleteValueW, LookupAccountNameW, GetSidSubAuthorityCount, EqualDomainSid, IsValidSid, CreateWellKnownSid, AccessCheck, AdjustTokenPrivileges, LookupPrivilegeValueW, PrivilegeCheck, CheckTokenMembership, DuplicateToken, EqualSid, ConvertStringSidToSidW, AddAccessAllowedAceEx, AddAccessDeniedAceEx, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, CopySid, RegisterEventSourceW, ReportEventW, DeregisterEventSource, OpenThreadToken, OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, TraceMessage
api-ms-win-core-com-l1-1-0.dll
CoGetObjectContext, CLSIDFromString, CoTaskMemFree, CoCreateGuid, CoFreeUnusedLibraries, StringFromCLSID, CoSetProxyBlanket, CoTaskMemRealloc, CoUninitialize, CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoDisconnectContext, CoImpersonateClient, CoRevokeClassObject, CoRegisterClassObject, CoRevertToSelf, CoTaskMemAlloc
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-1.dll
RaiseException, SetUnhandledExceptionFilter, SetLastError, UnhandledExceptionFilter, GetLastError, SetErrorMode
api-ms-win-core-file-l1-2-0.dll
GetDiskFreeSpaceW, GetFileAttributesW, DeleteFileW, WriteFile, SetFileAttributesW, CreateDirectoryW, FindFirstVolumeW, ReadFile, GetVolumePathNamesForVolumeNameW, GetVolumeNameForVolumeMountPointW, GetDriveTypeW, FindClose, FindVolumeClose, QueryDosDeviceW, GetVolumePathNameW, FindNextFileW, FindNextVolumeW, DefineDosDeviceW, DeleteVolumeMountPointW, GetVolumeInformationW, FlushFileBuffers, CreateFileW, FindFirstFileW
api-ms-win-core-file-l2-1-0.dll
MoveFileExW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapSetInformation, GetProcessHeap, HeapFree
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedIncrement, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl, GetOverlappedResult
api-ms-win-core-libraryloader-l1-1-1.dll
FreeLibrary, GetModuleHandleA, GetModuleFileNameW, FindResourceExW, LoadResource, GetModuleHandleW, GetProcAddress, SizeofResource, LoadStringW, LoadLibraryExW
api-ms-win-core-localization-l1-2-0.dll
FormatMessageW
api-ms-win-core-memory-l1-1-1.dll
VirtualQuery, VirtualAlloc, VirtualProtect
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-1.dll
CreateThread, ResumeThread, GetCurrentThread, GetCurrentProcessId, GetCurrentThreadId, OpenThreadToken, TerminateProcess, GetCurrentProcess, GetStartupInfoW, OpenProcessToken, OpenThread, SetThreadPriority
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegDeleteTreeW, RegCloseKey, RegEnumKeyExW, RegQueryValueExW, RegEnumValueW, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegDeleteValueW, RegQueryInfoKeyW
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, CompareStringW
api-ms-win-core-string-l2-1-0.dll
CharNextW, CharPrevW
api-ms-win-core-synch-l1-2-0.dll
CreateEventW, InitializeCriticalSectionAndSpinCount, ResetEvent, WaitForSingleObject, WaitForMultipleObjectsEx, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, Sleep, InitializeCriticalSection, CancelWaitableTimer, CreateWaitableTimerExW, SetWaitableTimer, SetEvent
api-ms-win-core-sysinfo-l1-2-0.dll
GetComputerNameExW, GetSystemTimeAsFileTime, GetTickCount64, GetSystemDirectoryW, GetVersionExW, GetSystemInfo, GetSystemWindowsDirectoryW, GetTickCount
api-ms-win-core-timezone-l1-1-0.dll
GetTimeZoneInformation
api-ms-win-core-util-l1-1-0.dll
EncodePointer
api-ms-win-security-base-l1-2-0.dll
AddAccessAllowedAce, SetSecurityDescriptorDacl, CheckTokenMembership, PrivilegeCheck, DuplicateToken, AdjustTokenPrivileges, CreateWellKnownSid, EqualSid, SetSecurityDescriptorOwner, CopySid, SetSecurityDescriptorGroup, GetAclInformation, GetAce, AddAce, AddAccessDeniedAceEx, AddAccessAllowedAceEx, IsValidSid, AccessCheck, GetSidSubAuthorityCount, EqualDomainSid, FreeSid, AllocateAndInitializeSid, GetTokenInformation, GetLengthSid, InitializeSecurityDescriptor, InitializeAcl
api-ms-win-service-core-l1-1-1.dll
RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetServiceStatus
api-ms-win-service-private-l1-1-0.dll
I_ScUnregisterDeviceNotification, I_ScRegisterDeviceNotification
authz.dll
AuthzReportSecurityEventFromParams, AuthzUnregisterSecurityEventSource, AuthzRegisterSecurityEventSource
clusapi.dll
OpenCluster, ClusterResourceControl, GetClusterResourceState, CloseClusterResource, CloseCluster, OpenClusterResource, GetNodeClusterState, ClusterSharedVolumeSetSnapshotState
kernel32.dll
InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, GetLastError, EncodePointer, GetComputerNameW, GetComputerNameExW, GetVolumeInformationW, GetVolumePathNamesForVolumeNameW, GetModuleHandleW, GetTimeZoneInformation, SetErrorMode, GetDiskFreeSpaceW, InitializeCriticalSectionAndSpinCount, InterlockedCompareExchange, Sleep, EnterCriticalSection, LeaveCriticalSection, DefineDosDeviceW, ReadFile, CreateDirectoryW, SetFileAttributesW, GetEnvironmentVariableW, GetSystemWindowsDirectoryW, LoadLibraryW, GetProcAddress, CreateThread, FindFirstVolumeW, FindNextVolumeW, FindFirstFileW, FindNextFileW, ExpandEnvironmentStringsW, FindClose, FindVolumeClose, SetLastError, GetVersionExW, LoadLibraryExW, FormatMessageW, FreeLibrary, GetCurrentThread, MultiByteToWideChar, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, WriteFile, DeleteFileW, MoveFileExW, GetFileAttributesW, GetProcessHeap, HeapAlloc, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedExchange, WaitForSingleObject, CloseHandle, SetWaitableTimer, CancelWaitableTimer, GetCurrentThreadId, SetEvent, CreateEventW, CreateWaitableTimerW, OpenThread, CompareStringW, GetCommandLineW, HeapSetInformation, LocalAlloc, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, GetSystemDirectoryW, LocalFree, ResetEvent, DeviceIoControl, CreateFileW, GetDriveTypeW, HeapFree, GetSystemTimeAsFileTime, GetTickCount64, FlushFileBuffers, GetOverlappedResult, SetThreadPriority, WaitForMultipleObjects, ResumeThread, DeleteVolumeMountPointW, RaiseException, lstrlenW, QueryDosDeviceW, SetVolumeMountPointW, lstrcmpiW, lstrcpynW
msvcrt.dll
DllMain
netapi32.dll
NetApiBufferFree, NetShareEnum, NetLocalGroupGetMembers, NetShareGetInfo, NetShareDel, NetShareAdd
ntdll.dll
NtThawTransactions, NtFreezeTransactions, NtQueryVolumeInformationFile, RtlNtStatusToDosErrorNoTeb, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlNtStatusToDosError, NtUnloadKey, NtLoadKey, NtAdjustPrivilegesToken, NtOpenProcessToken, NtOpenThreadToken, EtwTraceMessage, RtlFreeSid, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAceEx, NtClose, NtCreateSymbolicLinkObject, RtlInitUnicodeString, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, NtSetSecurityObject, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtFreezeRegistry, NtThawRegistry, NtQuerySystemInformation, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlFreeUnicodeString, RtlStringFromGUID, NtWaitForSingleObject, NtDeviceIoControlFile, NtCreateEvent, NtAllocateUuids, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, RtlGetVersion, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtDeleteKey, ZwClose, ZwOpenFile, ZwQuerySystemInformation, ZwCreateEvent, ZwWaitForSingleObject, ZwDeviceIoControlFile, ZwUnloadKey, ZwCreateKey, ZwOpenThreadTokenEx, ZwQueryAttributesFile, ZwDeleteValueKey, ZwSetValueKey, ZwAdjustPrivilegesToken, ZwOpenProcessTokenEx, ZwQueryValueKey, ZwSetSecurityObject, ZwLoadKey, ZwDeleteKey, ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwResetEvent, ZwAllocateUuids, RtlAdjustPrivilege, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, DbgBreakPoint
ole32.dll
CoRevertToSelf, CoImpersonateClient, CoDisconnectContext, CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CLSIDFromString, CoFreeUnusedLibraries, CoGetObjectContext, StringFromCLSID, CoSetProxyBlanket, CoTaskMemRealloc, CoInitialize
resutils.dll
ResUtilEnumResourcesEx, ResUtilGetResourceName
rpcrt4.dll
I_RpcBindingInqLocalClientPID, UuidToStringW, RpcStringFreeW
setupapi.dll
SetupDiGetDeviceInstallParamsW, SetupDiGetDeviceRegistryPropertyW, SetupDiEnumDeviceInfo, SetupDiSetClassInstallParamsW, SetupDiCallClassInstaller, SetupDiGetClassDevsW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, SetupDiDestroyDeviceInfoList, CM_Get_Parent, CM_Locate_DevNodeW, CM_Get_Device_IDW, CM_Get_Device_ID_Size_Ex, SetupDiOpenDeviceInfoW, CM_Reenumerate_DevNode_Ex, CM_Get_Device_ID_List_ExW, SetupDiCreateDeviceInfoList, CM_Get_Device_ID_List_Size_ExW
shlwapi.dll
SHDeleteKeyW
user32.dll
RegisterDeviceNotificationW, LoadStringW, UnregisterDeviceNotification
virtdisk.dll
GetStorageDependencyInformation
vssapi.dll
VssFreeSnapshotPropertiesInternal, CreateWriter, CreateWriterEx

vssvc.exe

Microsoft Volume Shadow Copy Service by Microsoft

Remove vssvc.exe
Version:   5.1.2600.3244 (xpsp.071030-1534)
MD5:   741bb7ae54812ed3afc5c8dc5d7c1ab7
SHA1:   4bf1080f72bafabd20c1a5018b207cec6ac76b72
SHA256:   07276ab78358402da351b3007c1150d8284d87ad5452eab11570162044e3143b
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is vssvc.exe?

The Volume Shadow Copy Service provides the backup infrastructure for the Microsoft Windows, as well as a mechanism for creating consistent point-in-time copies of data known as shadow copies. The Volume Shadow Copy Service can produce consistent shadow copies by coordinating with business applications, file-system services, backup applications, fast-recovery solutions, and storage hardware.

About vssvc.exe (from Microsoft)

The Volume Shadow Copy Service (VSS) is a set of COM APIs that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. VSS provi

DetailsDetails

File name:vssvc.exe
Publisher:Microsoft Corporation
Product name:Microsoft® Volume Shadow Copy Service
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\vssvc.exe
Original name:VSSVC.EXE.MUI
File version:5.1.2600.3244 (xpsp.071030-1534)
Product version:5.1.2600.3244
Size:283 KB (289,792 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:6.003843
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'VSS' (Kötet árnyékmásolata)
  • 'VSS'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 57.50%
Windows 7 Ultimate 25.50%
Windows 7 Professional 9.00%
Windows Vista Home Premium 4.50%
Windows 7 Home Basic 2.00%
Windows 7 Starter 1.00%
Windows Vista Home Basic 0.50%

Distribution by countryDistribution by country

United States installs about 51.76% of Microsoft® Volume Shadow Copy Service.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 25.19%
Hewlett-Packard 20.61%
ASUS 12.98%
Toshiba 12.21%
Acer 10.31%
Lenovo 3.82%
Sony 3.05%
GIGABYTE 3.05%
Samsung 2.29%
MSI 2.29%
Gateway 1.53%
Alienware 0.76%
Medion 0.76%
Intel 0.76%
Sahara 0.38%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE