Should I block it?

No, this file is 100% safe to run.

Additional versions

6.3.9600.16384 (winblue_rtm.130821-1623)	1.60%
6.3.9600.16384 (winblue_rtm.130821-1623)	0.09%
6.3.9600.16384 (winblue_rtm.130821-1623)	1.95%
6.3.9600.16384 (winblue_rtm.130821-1623)	0.39%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.22%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.04%
6.2.9200.16384 (win8_rtm.120725-1247)	1.86%
6.2.9200.16384 (win8_rtm.120725-1247)	7.53%
6.2.9200.16384 (win8_rtm.120725-1247)	0.39%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.09%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.09%
6.2.8250.0 (winmain_win8beta.120217-1520)	0.04%
6.2.8102.0 (winmain_win8m3.110823-1455)	0.09%
6.1.7600.16385 (win7_rtm.090713-1255)	5.23%
6.1.7600.16385 (win7_rtm.090713-1255)	37.98%
6.1.7600.16385 (win7_rtm.090713-1255)	17.52%
6.1.7600.16385 (win7_rtm.090713-1255)	3.46%
6.1.7600.16385 (win7_rtm.090713-1255)	0.04%
6.1.7600.16385 (win7_rtm.090713-1255)	0.04%
6.1.7600.16385 (win7_rtm.090713-1255)	0.04%
6.0.6002.18005 (lh_sp2rtm.090410-1830)	5.88%
6.0.6002.18005 (lh_sp2rtm.090410-1830)	1.30%
6.0.6001.18000 (longhorn_rtm.080118-1840)	0.04%
6.0.6001.18000 (longhorn_rtm.080118-1840)	0.39%
6.0.6000.16386 (vista_rtm.061101-2205)	0.39%
View more
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)	0.04%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)	0.09%
5.1.2600.5512 (xpsp.080413-2108)	10.68%
5.1.2600.5512 (xpsp.080413-2108)	0.04%
5.1.2600.5512 (xpsp.080413-2108)	0.04%
5.1.2600.3311 (xpsp.080212-0003)	0.09%
5.1.2600.3300 (xpsp.080125-2027)	0.04%
5.1.2600.3244 (xpsp.071030-1534)	0.04%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	2.25%

Relationships

swprv.dll (by Microsoft)

PE file structure

Show functions

Import table

advapi32.dll

GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW, LookupAccountSidW, ConvertSidToStringSidW, GetLengthSid, FreeSid, AllocateAndInitializeSid, RegQueryInfoKeyW, RegEnumValueW, RegDeleteValueW, LookupAccountNameW, GetSidSubAuthorityCount, EqualDomainSid, IsValidSid, CreateWellKnownSid, AccessCheck, AdjustTokenPrivileges, LookupPrivilegeValueW, PrivilegeCheck, CheckTokenMembership, DuplicateToken, EqualSid, ConvertStringSidToSidW, AddAccessAllowedAceEx, AddAccessDeniedAceEx, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, CopySid, RegisterEventSourceW, ReportEventW, DeregisterEventSource, OpenThreadToken, OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, TraceMessage

api-ms-win-core-com-l1-1-0.dll

CoGetObjectContext, CLSIDFromString, CoTaskMemFree, CoCreateGuid, CoFreeUnusedLibraries, StringFromCLSID, CoSetProxyBlanket, CoTaskMemRealloc, CoUninitialize, CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoDisconnectContext, CoImpersonateClient, CoRevokeClassObject, CoRegisterClassObject, CoRevertToSelf, CoTaskMemAlloc

api-ms-win-core-delayload-l1-1-1.dll

ResolveDelayLoadedAPI, DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-1.dll

RaiseException, SetUnhandledExceptionFilter, SetLastError, UnhandledExceptionFilter, GetLastError, SetErrorMode

api-ms-win-core-file-l1-2-0.dll

GetDiskFreeSpaceW, GetFileAttributesW, DeleteFileW, WriteFile, SetFileAttributesW, CreateDirectoryW, FindFirstVolumeW, ReadFile, GetVolumePathNamesForVolumeNameW, GetVolumeNameForVolumeMountPointW, GetDriveTypeW, FindClose, FindVolumeClose, QueryDosDeviceW, GetVolumePathNameW, FindNextFileW, FindNextVolumeW, DefineDosDeviceW, DeleteVolumeMountPointW, GetVolumeInformationW, FlushFileBuffers, CreateFileW, FindFirstFileW

api-ms-win-core-file-l2-1-0.dll

MoveFileExW

api-ms-win-core-handle-l1-1-0.dll

CloseHandle

api-ms-win-core-heap-l1-2-0.dll

HeapAlloc, HeapSetInformation, GetProcessHeap, HeapFree

api-ms-win-core-interlocked-l1-2-0.dll

InterlockedIncrement, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange

api-ms-win-core-io-l1-1-1.dll

DeviceIoControl, GetOverlappedResult

api-ms-win-core-libraryloader-l1-1-1.dll

FreeLibrary, GetModuleHandleA, GetModuleFileNameW, FindResourceExW, LoadResource, GetModuleHandleW, GetProcAddress, SizeofResource, LoadStringW, LoadLibraryExW

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW

api-ms-win-core-memory-l1-1-1.dll

VirtualQuery, VirtualAlloc, VirtualProtect

api-ms-win-core-processenvironment-l1-2-0.dll

ExpandEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-1.dll

CreateThread, ResumeThread, GetCurrentThread, GetCurrentProcessId, GetCurrentThreadId, OpenThreadToken, TerminateProcess, GetCurrentProcess, GetStartupInfoW, OpenProcessToken, OpenThread, SetThreadPriority

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0.dll

RegDeleteTreeW, RegCloseKey, RegEnumKeyExW, RegQueryValueExW, RegEnumValueW, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegDeleteValueW, RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0.dll

MultiByteToWideChar, CompareStringW

api-ms-win-core-string-l2-1-0.dll

CharNextW, CharPrevW

api-ms-win-core-synch-l1-2-0.dll

CreateEventW, InitializeCriticalSectionAndSpinCount, ResetEvent, WaitForSingleObject, WaitForMultipleObjectsEx, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, Sleep, InitializeCriticalSection, CancelWaitableTimer, CreateWaitableTimerExW, SetWaitableTimer, SetEvent

api-ms-win-core-sysinfo-l1-2-0.dll

GetComputerNameExW, GetSystemTimeAsFileTime, GetTickCount64, GetSystemDirectoryW, GetVersionExW, GetSystemInfo, GetSystemWindowsDirectoryW, GetTickCount

api-ms-win-core-timezone-l1-1-0.dll

GetTimeZoneInformation

api-ms-win-core-util-l1-1-0.dll

EncodePointer

api-ms-win-security-base-l1-2-0.dll

AddAccessAllowedAce, SetSecurityDescriptorDacl, CheckTokenMembership, PrivilegeCheck, DuplicateToken, AdjustTokenPrivileges, CreateWellKnownSid, EqualSid, SetSecurityDescriptorOwner, CopySid, SetSecurityDescriptorGroup, GetAclInformation, GetAce, AddAce, AddAccessDeniedAceEx, AddAccessAllowedAceEx, IsValidSid, AccessCheck, GetSidSubAuthorityCount, EqualDomainSid, FreeSid, AllocateAndInitializeSid, GetTokenInformation, GetLengthSid, InitializeSecurityDescriptor, InitializeAcl

api-ms-win-service-core-l1-1-1.dll

RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetServiceStatus

api-ms-win-service-private-l1-1-0.dll

I_ScUnregisterDeviceNotification, I_ScRegisterDeviceNotification

authz.dll

AuthzReportSecurityEventFromParams, AuthzUnregisterSecurityEventSource, AuthzRegisterSecurityEventSource

clusapi.dll

OpenCluster, ClusterResourceControl, GetClusterResourceState, CloseClusterResource, CloseCluster, OpenClusterResource, GetNodeClusterState, ClusterSharedVolumeSetSnapshotState

kernel32.dll

InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, GetLastError, EncodePointer, GetComputerNameW, GetComputerNameExW, GetVolumeInformationW, GetVolumePathNamesForVolumeNameW, GetModuleHandleW, GetTimeZoneInformation, SetErrorMode, GetDiskFreeSpaceW, InitializeCriticalSectionAndSpinCount, InterlockedCompareExchange, Sleep, EnterCriticalSection, LeaveCriticalSection, DefineDosDeviceW, ReadFile, CreateDirectoryW, SetFileAttributesW, GetEnvironmentVariableW, GetSystemWindowsDirectoryW, LoadLibraryW, GetProcAddress, CreateThread, FindFirstVolumeW, FindNextVolumeW, FindFirstFileW, FindNextFileW, ExpandEnvironmentStringsW, FindClose, FindVolumeClose, SetLastError, GetVersionExW, LoadLibraryExW, FormatMessageW, FreeLibrary, GetCurrentThread, MultiByteToWideChar, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, WriteFile, DeleteFileW, MoveFileExW, GetFileAttributesW, GetProcessHeap, HeapAlloc, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedExchange, WaitForSingleObject, CloseHandle, SetWaitableTimer, CancelWaitableTimer, GetCurrentThreadId, SetEvent, CreateEventW, CreateWaitableTimerW, OpenThread, CompareStringW, GetCommandLineW, HeapSetInformation, LocalAlloc, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, GetSystemDirectoryW, LocalFree, ResetEvent, DeviceIoControl, CreateFileW, GetDriveTypeW, HeapFree, GetSystemTimeAsFileTime, GetTickCount64, FlushFileBuffers, GetOverlappedResult, SetThreadPriority, WaitForMultipleObjects, ResumeThread, DeleteVolumeMountPointW, RaiseException, lstrlenW, QueryDosDeviceW, SetVolumeMountPointW, lstrcmpiW, lstrcpynW

msvcrt.dll

DllMain

netapi32.dll

NetApiBufferFree, NetShareEnum, NetLocalGroupGetMembers, NetShareGetInfo, NetShareDel, NetShareAdd

ntdll.dll

NtThawTransactions, NtFreezeTransactions, NtQueryVolumeInformationFile, RtlNtStatusToDosErrorNoTeb, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlNtStatusToDosError, NtUnloadKey, NtLoadKey, NtAdjustPrivilegesToken, NtOpenProcessToken, NtOpenThreadToken, EtwTraceMessage, RtlFreeSid, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAceEx, NtClose, NtCreateSymbolicLinkObject, RtlInitUnicodeString, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, NtSetSecurityObject, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtFreezeRegistry, NtThawRegistry, NtQuerySystemInformation, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlFreeUnicodeString, RtlStringFromGUID, NtWaitForSingleObject, NtDeviceIoControlFile, NtCreateEvent, NtAllocateUuids, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, RtlGetVersion, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtDeleteKey, ZwClose, ZwOpenFile, ZwQuerySystemInformation, ZwCreateEvent, ZwWaitForSingleObject, ZwDeviceIoControlFile, ZwUnloadKey, ZwCreateKey, ZwOpenThreadTokenEx, ZwQueryAttributesFile, ZwDeleteValueKey, ZwSetValueKey, ZwAdjustPrivilegesToken, ZwOpenProcessTokenEx, ZwQueryValueKey, ZwSetSecurityObject, ZwLoadKey, ZwDeleteKey, ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwResetEvent, ZwAllocateUuids, RtlAdjustPrivilege, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, DbgBreakPoint

ole32.dll

CoRevertToSelf, CoImpersonateClient, CoDisconnectContext, CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CLSIDFromString, CoFreeUnusedLibraries, CoGetObjectContext, StringFromCLSID, CoSetProxyBlanket, CoTaskMemRealloc, CoInitialize

resutils.dll

ResUtilEnumResourcesEx, ResUtilGetResourceName

rpcrt4.dll

I_RpcBindingInqLocalClientPID, UuidToStringW, RpcStringFreeW

setupapi.dll

SetupDiGetDeviceInstallParamsW, SetupDiGetDeviceRegistryPropertyW, SetupDiEnumDeviceInfo, SetupDiSetClassInstallParamsW, SetupDiCallClassInstaller, SetupDiGetClassDevsW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, SetupDiDestroyDeviceInfoList, CM_Get_Parent, CM_Locate_DevNodeW, CM_Get_Device_IDW, CM_Get_Device_ID_Size_Ex, SetupDiOpenDeviceInfoW, CM_Reenumerate_DevNode_Ex, CM_Get_Device_ID_List_ExW, SetupDiCreateDeviceInfoList, CM_Get_Device_ID_List_Size_ExW

shlwapi.dll

SHDeleteKeyW

user32.dll

RegisterDeviceNotificationW, LoadStringW, UnregisterDeviceNotification

virtdisk.dll

GetStorageDependencyInformation

vssapi.dll

VssFreeSnapshotPropertiesInternal, CreateWriter, CreateWriterEx

vssvc.exe

Microsoft Volume Shadow Copy Service by Microsoft

Remove vssvc.exe

Version:	5.1.2600.5512 (xpsp.080413-2108)
MD5:	2f4e4bd86dd97ff6b9c92fa883e732c5
SHA1:	5910077defea288ba0fb69f9097825d51495da9a

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is vssvc.exe?

The Volume Shadow Copy Service provides the backup infrastructure for the Microsoft Windows, as well as a mechanism for creating consistent point-in-time copies of data known as shadow copies. The Volume Shadow Copy Service can produce consistent shadow copies by coordinating with business applications, file-system services, backup applications, fast-recovery solutions, and storage hardware.

About vssvc.exe (from Microsoft)

“The Volume Shadow Copy Service (VSS) is a set of COM APIs that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. VSS provi”

Details

File name:	vssvc.exe
Publisher:	Microsoft Corporation
Product name:	Microsoft® Volume Shadow Copy Service
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\vssvc.exe
Original name:	VSSVC.EXE.MUI
File version:	5.1.2600.5512 (xpsp.080413-2108)
Product version:	5.1.2600.5512
Size:	283 KB (289,792 bytes)
Build date:	4/13/2008 9:41 PM
Digital DNA
PE subsystem:	Windows GUI
Entropy:	6.003843
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'VSS' (Kötet árnyékmásolata)
'VSS'

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	57.50%
Windows 7 Ultimate	25.50%
Windows 7 Professional	9.00%
Windows Vista Home Premium	4.50%
Windows 7 Home Basic	2.00%
Windows 7 Starter	1.00%
Windows Vista Home Basic	0.50%

Distribution by country

United States installs about 51.76% of Microsoft® Volume Shadow Copy Service.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	25.19%
Hewlett-Packard	20.61%
ASUS	12.98%
Toshiba	12.21%
Acer	10.31%
Lenovo	3.82%
Sony	3.05%
GIGABYTE	3.05%
Samsung	2.29%
MSI	2.29%
Gateway	1.53%
Alienware	0.76%
Medion	0.76%
Intel	0.76%
Sahara	0.38%

Remove Adware and Spyware Programs, FREE Download!