Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 1.56%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.08%
6.3.9600.16384 (winblue_rtm.130821-1623) 1.90%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.38%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.21%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.04%
6.2.9200.16384 (win8_rtm.120725-1247) 1.81%
6.2.9200.16384 (win8_rtm.120725-1247) 7.34%
6.2.9200.16384 (win8_rtm.120725-1247) 0.38%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.04%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.08%
6.1.7600.16385 (win7_rtm.090713-1255) 5.10%
6.1.7600.16385 (win7_rtm.090713-1255) 37.02%
6.1.7600.16385 (win7_rtm.090713-1255) 17.07%
6.1.7600.16385 (win7_rtm.090713-1255) 3.37%
6.1.7600.16385 (win7_rtm.090713-1255) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 0.04%
6.0.6002.18005 (lh_sp2rtm.090410-1830) 5.73%
6.0.6002.18005 (lh_sp2rtm.090410-1830) 1.26%
6.0.6001.18000 (longhorn_rtm.080118-1840) 0.04%
6.0.6001.18000 (longhorn_rtm.080118-1840) 0.38%
View more

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW, LookupAccountSidW, ConvertSidToStringSidW, GetLengthSid, FreeSid, AllocateAndInitializeSid, RegQueryInfoKeyW, RegEnumValueW, RegDeleteValueW, LookupAccountNameW, GetSidSubAuthorityCount, EqualDomainSid, IsValidSid, CreateWellKnownSid, AccessCheck, AdjustTokenPrivileges, LookupPrivilegeValueW, PrivilegeCheck, CheckTokenMembership, DuplicateToken, EqualSid, ConvertStringSidToSidW, AddAccessAllowedAceEx, AddAccessDeniedAceEx, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, CopySid, RegisterEventSourceW, ReportEventW, DeregisterEventSource, OpenThreadToken, OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, TraceMessage
api-ms-win-core-com-l1-1-0.dll
CoGetObjectContext, CLSIDFromString, CoTaskMemFree, CoCreateGuid, CoFreeUnusedLibraries, StringFromCLSID, CoSetProxyBlanket, CoTaskMemRealloc, CoUninitialize, CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoDisconnectContext, CoImpersonateClient, CoRevokeClassObject, CoRegisterClassObject, CoRevertToSelf, CoTaskMemAlloc
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-1.dll
RaiseException, SetUnhandledExceptionFilter, SetLastError, UnhandledExceptionFilter, GetLastError, SetErrorMode
api-ms-win-core-file-l1-2-0.dll
GetDiskFreeSpaceW, GetFileAttributesW, DeleteFileW, WriteFile, SetFileAttributesW, CreateDirectoryW, FindFirstVolumeW, ReadFile, GetVolumePathNamesForVolumeNameW, GetVolumeNameForVolumeMountPointW, GetDriveTypeW, FindClose, FindVolumeClose, QueryDosDeviceW, GetVolumePathNameW, FindNextFileW, FindNextVolumeW, DefineDosDeviceW, DeleteVolumeMountPointW, GetVolumeInformationW, FlushFileBuffers, CreateFileW, FindFirstFileW
api-ms-win-core-file-l2-1-0.dll
MoveFileExW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapSetInformation, GetProcessHeap, HeapFree
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedIncrement, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl, GetOverlappedResult
api-ms-win-core-libraryloader-l1-1-1.dll
FreeLibrary, GetModuleHandleA, GetModuleFileNameW, FindResourceExW, LoadResource, GetModuleHandleW, GetProcAddress, SizeofResource, LoadStringW, LoadLibraryExW
api-ms-win-core-localization-l1-2-0.dll
FormatMessageW
api-ms-win-core-memory-l1-1-1.dll
VirtualQuery, VirtualAlloc, VirtualProtect
api-ms-win-core-processenvironment-l1-2-0.dll
ExpandEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-1.dll
CreateThread, ResumeThread, GetCurrentThread, GetCurrentProcessId, GetCurrentThreadId, OpenThreadToken, TerminateProcess, GetCurrentProcess, GetStartupInfoW, OpenProcessToken, OpenThread, SetThreadPriority
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegDeleteTreeW, RegCloseKey, RegEnumKeyExW, RegQueryValueExW, RegEnumValueW, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegDeleteValueW, RegQueryInfoKeyW
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, CompareStringW
api-ms-win-core-string-l2-1-0.dll
CharNextW, CharPrevW
api-ms-win-core-synch-l1-2-0.dll
CreateEventW, InitializeCriticalSectionAndSpinCount, ResetEvent, WaitForSingleObject, WaitForMultipleObjectsEx, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, Sleep, InitializeCriticalSection, CancelWaitableTimer, CreateWaitableTimerExW, SetWaitableTimer, SetEvent
api-ms-win-core-sysinfo-l1-2-0.dll
GetComputerNameExW, GetSystemTimeAsFileTime, GetTickCount64, GetSystemDirectoryW, GetVersionExW, GetSystemInfo, GetSystemWindowsDirectoryW, GetTickCount
api-ms-win-core-timezone-l1-1-0.dll
GetTimeZoneInformation
api-ms-win-core-util-l1-1-0.dll
EncodePointer
api-ms-win-security-base-l1-2-0.dll
AddAccessAllowedAce, SetSecurityDescriptorDacl, CheckTokenMembership, PrivilegeCheck, DuplicateToken, AdjustTokenPrivileges, CreateWellKnownSid, EqualSid, SetSecurityDescriptorOwner, CopySid, SetSecurityDescriptorGroup, GetAclInformation, GetAce, AddAce, AddAccessDeniedAceEx, AddAccessAllowedAceEx, IsValidSid, AccessCheck, GetSidSubAuthorityCount, EqualDomainSid, FreeSid, AllocateAndInitializeSid, GetTokenInformation, GetLengthSid, InitializeSecurityDescriptor, InitializeAcl
api-ms-win-service-core-l1-1-1.dll
RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, SetServiceStatus
api-ms-win-service-private-l1-1-0.dll
I_ScUnregisterDeviceNotification, I_ScRegisterDeviceNotification
authz.dll
AuthzReportSecurityEventFromParams, AuthzUnregisterSecurityEventSource, AuthzRegisterSecurityEventSource
clusapi.dll
OpenCluster, ClusterResourceControl, GetClusterResourceState, CloseClusterResource, CloseCluster, OpenClusterResource, GetNodeClusterState, ClusterSharedVolumeSetSnapshotState
kernel32.dll
InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, GetLastError, EncodePointer, GetComputerNameW, GetComputerNameExW, GetVolumeInformationW, GetVolumePathNamesForVolumeNameW, GetModuleHandleW, GetTimeZoneInformation, SetErrorMode, GetDiskFreeSpaceW, InitializeCriticalSectionAndSpinCount, InterlockedCompareExchange, Sleep, EnterCriticalSection, LeaveCriticalSection, DefineDosDeviceW, ReadFile, CreateDirectoryW, SetFileAttributesW, GetEnvironmentVariableW, GetSystemWindowsDirectoryW, LoadLibraryW, GetProcAddress, CreateThread, FindFirstVolumeW, FindNextVolumeW, FindFirstFileW, FindNextFileW, ExpandEnvironmentStringsW, FindClose, FindVolumeClose, SetLastError, GetVersionExW, LoadLibraryExW, FormatMessageW, FreeLibrary, GetCurrentThread, MultiByteToWideChar, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, WriteFile, DeleteFileW, MoveFileExW, GetFileAttributesW, GetProcessHeap, HeapAlloc, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedExchange, WaitForSingleObject, CloseHandle, SetWaitableTimer, CancelWaitableTimer, GetCurrentThreadId, SetEvent, CreateEventW, CreateWaitableTimerW, OpenThread, CompareStringW, GetCommandLineW, HeapSetInformation, LocalAlloc, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, GetSystemDirectoryW, LocalFree, ResetEvent, DeviceIoControl, CreateFileW, GetDriveTypeW, HeapFree, GetSystemTimeAsFileTime, GetTickCount64, FlushFileBuffers, GetOverlappedResult, SetThreadPriority, WaitForMultipleObjects, ResumeThread, DeleteVolumeMountPointW, RaiseException, lstrlenW, QueryDosDeviceW, SetVolumeMountPointW, lstrcmpiW, lstrcpynW
msvcrt.dll
DllMain
netapi32.dll
NetApiBufferFree, NetShareEnum, NetLocalGroupGetMembers, NetShareGetInfo, NetShareDel, NetShareAdd
ntdll.dll
NtThawTransactions, NtFreezeTransactions, NtQueryVolumeInformationFile, RtlNtStatusToDosErrorNoTeb, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlNtStatusToDosError, NtUnloadKey, NtLoadKey, NtAdjustPrivilegesToken, NtOpenProcessToken, NtOpenThreadToken, EtwTraceMessage, RtlFreeSid, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAceEx, NtClose, NtCreateSymbolicLinkObject, RtlInitUnicodeString, RtlCreateAcl, RtlLengthSid, RtlAllocateAndInitializeSid, NtSetSecurityObject, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtFreezeRegistry, NtThawRegistry, NtQuerySystemInformation, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlFreeUnicodeString, RtlStringFromGUID, NtWaitForSingleObject, NtDeviceIoControlFile, NtCreateEvent, NtAllocateUuids, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, RtlGetVersion, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtDeleteKey, ZwClose, ZwOpenFile, ZwQuerySystemInformation, ZwCreateEvent, ZwWaitForSingleObject, ZwDeviceIoControlFile, ZwUnloadKey, ZwCreateKey, ZwOpenThreadTokenEx, ZwQueryAttributesFile, ZwDeleteValueKey, ZwSetValueKey, ZwAdjustPrivilegesToken, ZwOpenProcessTokenEx, ZwQueryValueKey, ZwSetSecurityObject, ZwLoadKey, ZwDeleteKey, ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwResetEvent, ZwAllocateUuids, RtlAdjustPrivilege, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, DbgBreakPoint
ole32.dll
CoRevertToSelf, CoImpersonateClient, CoDisconnectContext, CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, CLSIDFromString, CoFreeUnusedLibraries, CoGetObjectContext, StringFromCLSID, CoSetProxyBlanket, CoTaskMemRealloc, CoInitialize
resutils.dll
ResUtilEnumResourcesEx, ResUtilGetResourceName
rpcrt4.dll
I_RpcBindingInqLocalClientPID, UuidToStringW, RpcStringFreeW
setupapi.dll
SetupDiGetDeviceInstallParamsW, SetupDiGetDeviceRegistryPropertyW, SetupDiEnumDeviceInfo, SetupDiSetClassInstallParamsW, SetupDiCallClassInstaller, SetupDiGetClassDevsW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, SetupDiDestroyDeviceInfoList, CM_Get_Parent, CM_Locate_DevNodeW, CM_Get_Device_IDW, CM_Get_Device_ID_Size_Ex, SetupDiOpenDeviceInfoW, CM_Reenumerate_DevNode_Ex, CM_Get_Device_ID_List_ExW, SetupDiCreateDeviceInfoList, CM_Get_Device_ID_List_Size_ExW
shlwapi.dll
SHDeleteKeyW
user32.dll
RegisterDeviceNotificationW, LoadStringW, UnregisterDeviceNotification
virtdisk.dll
GetStorageDependencyInformation
vssapi.dll
VssFreeSnapshotPropertiesInternal, CreateWriter, CreateWriterEx

vssvc.exe

Microsoft Volume Shadow Copy Service by Microsoft

Remove vssvc.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   7ea2bcd94d9cfaf4c556f5cc94532a6c
SHA1:   573266dfa465d87c4601c726592828c276e69bbd
SHA256:   7cd6637be0a08e3b0f9991d79751dca8aec9224b83301821daa29c9f42b7a9e3
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is vssvc.exe?

The Volume Shadow Copy Service provides the backup infrastructure for the Microsoft Windows, as well as a mechanism for creating consistent point-in-time copies of data known as shadow copies. The Volume Shadow Copy Service can produce consistent shadow copies by coordinating with business applications, file-system services, backup applications, fast-recovery solutions, and storage hardware.

About vssvc.exe (from Microsoft)

The Volume Shadow Copy Service (VSS) is a set of COM APIs that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. VSS provi

DetailsDetails

File name:vssvc.exe
Publisher:Microsoft Corporation
Product name:Microsoft® Volume Shadow Copy Service
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\vssvc.exe
Original name:VSSVC.EXE.MUI
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:1001.5 KB (1,025,536 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:6.003843
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'VSS' (Kötet árnyékmásolata)
  • 'VSS'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00010507%
0.028634%
Kernel CPU:0.00004230%
0.013761%
User CPU:0.00006277%
0.014873%
Kernel CPU time:31 ms/min
100,923,805ms/min
CPU cycles:5,507/sec
17,470,203/sec
Memory
Private memory:1.36 MB
21.59 MB
Private (maximum):4.79 MB
Private (minimum):3.38 MB
Non-paged memory:1.36 MB
21.59 MB
Virtual memory:30.82 MB
140.96 MB
Virtual memory (peak):32.32 MB
169.69 MB
Working set:3.4 MB
18.61 MB
Working set (peak):4.8 MB
37.95 MB
Page faults:1,406/min
2,039/min
I/O
I/O read transfer:8 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:9 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:24 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:4
12
Handles:106
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:C:\Windows\System32\vssvc.exe
Owner:SYSTEM
Windows Service
Service name:VSS
Display name:Kötet árnyékmásolata
Description:“Gere e implementa cópias sombra de volume utilizadas para cópia de segurança, entre outros propósitos. Se este serviço for parado, as cópias sombra não estarão disponíveis para cópia de segurança e esta poderá falhar. Se este serviço estiver desactivado, não será possível iniciar qualquer serviço que dependa explicitamente dele.”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
sechost.dll
Total CPU:0.00008507%
0.272967%
Kernel CPU:0.00000000%
0.107585%
User CPU:0.00008507%
0.165382%
CPU cycles:1,762/sec
5,741,424/sec
Memory:100 KB
1.16 MB
vssvc.exe (main module)
Total CPU:0.00004254%
Kernel CPU:0.00004254%
User CPU:0.00000000%
CPU cycles:693/sec
Memory:1012 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 57.50%
Windows 7 Ultimate 25.50%
Windows 7 Professional 9.00%
Windows Vista Home Premium 4.50%
Windows 7 Home Basic 2.00%
Windows 7 Starter 1.00%
Windows Vista Home Basic 0.50%

Distribution by countryDistribution by country

United States installs about 51.76% of Microsoft® Volume Shadow Copy Service.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 25.19%
Hewlett-Packard 20.61%
ASUS 12.98%
Toshiba 12.21%
Acer 10.31%
Lenovo 3.82%
Sony 3.05%
GIGABYTE 3.05%
Samsung 2.29%
MSI 2.29%
Gateway 1.53%
Alienware 0.76%
Medion 0.76%
Intel 0.76%
Sahara 0.38%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE