Author Topic: Registry Bakup and event log items  (Read 12572 times)

0 Members and 1 Guest are viewing this topic.

Offline RayG

  • Newbie
  • *
  • Join Date: Mar 2017
  • Posts: 8
  • Karma: 0
    • View Profile
Registry Bakup and event log items
« on: March 09, 2017, 01:02:59 am »
Whenever Registry backup runs it creates a shadow volume but it seems it does this in a way that causes this error in the event log:

File System Filter 'wcifs' (Version 10.0, ‎2016‎-‎09‎-‎15T16:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.

I have also noticed that the shadow is retained until the program is closed - should it be released when the backup has completed?

Windows Build 10.14393.693 version 1607

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Registry Bakup and event log items
« Reply #1 on: March 09, 2017, 02:53:30 am »
This doesn't happen with my Win 10 after creating a registry back up.

However, can you uninstall/reinstall the program to see if it continues to do that.

If it does then open a Command Prompt (Admin) and enter sfc /scannow to see what that reports.

Offline RayG

  • Newbie
  • *
  • Join Date: Mar 2017
  • Posts: 8
  • Karma: 0
    • View Profile
Re: Registry Bakup and event log items
« Reply #2 on: March 09, 2017, 05:57:10 am »
sfc /scannow - no errors
dism /online /cleanup-image /scanhealth - no errors

when other programs create snapshonts the error does not happen.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Registry Bakup and event log items
« Reply #3 on: March 09, 2017, 06:04:49 am »
Can you uninstall/reinstall as I've asked and if it continues I'll pass it on.

Offline RayG

  • Newbie
  • *
  • Join Date: Mar 2017
  • Posts: 8
  • Karma: 0
    • View Profile
Re: Registry Bakup and event log items
« Reply #4 on: March 09, 2017, 08:14:13 am »
Yes it still happens after uninstall/reinstall. My backup program also creates shadow copies and in both instances you can see the copy using vssadmin list shadows. But the event log only occurs when registry backup is run.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Registry Bakup and event log items
« Reply #5 on: March 09, 2017, 09:59:47 am »
Okay - I'll pass this on.

Offline jpm

  • Administrator
  • Full Member
  • *****
  • Join Date: Mar 2015
  • Posts: 185
  • Karma: 36
    • View Profile
    • Tweaking.com
Re: Registry Bakup and event log items
« Reply #6 on: March 09, 2017, 05:17:47 pm »
WCIFS is the Windows Container Isolation File System. Most likely your AV software is hooked in and causing the issue.
https://msdn.microsoft.com/en-us/windows/hardware/drivers/ifs/anti-virus-optimization-for-windows-containers?f=255&MSPPError=-2147217396

While researching this, I found the exact issue here. Sure save me a lot of typing. ;)
http://borncity.com/win/2017/02/23/windows-system-restore-fails-with-error-0xc000000d/

Offline RayG

  • Newbie
  • *
  • Join Date: Mar 2017
  • Posts: 8
  • Karma: 0
    • View Profile
Re: Registry Bakup and event log items
« Reply #7 on: March 10, 2017, 02:20:12 am »
@Jpm

Thanks for your comments but when I run my backup program it creates snapshots but the wcifs error does not occur. If the AV was the issue I would have expected it to happen for every program that created a snapshot?

@Boggin
Following yesterdays uninstall/install test I also find I have this error in the event log which I did not have before:

Faulting application name: TweakingRegistryBackup.exe, version: 3.5.0.3, time stamp: 0x582f3b59
Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x49b01fc3
Exception code: 0xc0000005
Fault offset: 0x000c9ba6
Faulting process ID: 0x1dd4
Faulting application start time: 0x01d299857e9f3657
Faulting application path: C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
Report ID: 2d25154a-ce62-405b-aa88-84f65146e312
Faulting package full name:
Faulting package-relative application ID:

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Registry Bakup and event log items
« Reply #8 on: March 10, 2017, 06:19:45 am »
You may not have had a clean uninstall and that error code is an Access Denied.

I use the free version of IObit Uninstaller which has a deep clean to remove any residue left by Windows Uninstall.

http://www.majorgeeks.com/files/details/iobit_uninstaller.html

You could use that program to uninstall it again and using the deep clean which may get rid of that error - just look out for any check boxes that could bundle Advanced System Care with the download.




Offline RayG

  • Newbie
  • *
  • Join Date: Mar 2017
  • Posts: 8
  • Karma: 0
    • View Profile
Re: Registry Bakup and event log items
« Reply #9 on: March 13, 2017, 04:28:23 am »
Uninstalled with iobit uninstaller and reinstalled (several times) but the MSVBVM60.DLL issue still remains, as does the File System Filter 'wcifs' ... message in the eventlog

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Registry Bakup and event log items
« Reply #10 on: March 13, 2017, 11:10:22 am »
I've given jpm a Bump email on this.

Offline jpm

  • Administrator
  • Full Member
  • *****
  • Join Date: Mar 2015
  • Posts: 185
  • Karma: 36
    • View Profile
    • Tweaking.com
Re: Registry Bakup and event log items
« Reply #11 on: March 13, 2017, 02:31:21 pm »
It's not necessarily true that with an AV working with one thing would work with another.   It could simply have whitelisted one but not us or for some reason, it may be setting off something heuristically. It may simply be your av does want things running in a virtual machine that it cant control.

When the backup runs, there is an option for the fallback option. That doesn;t use VSS. Does that work?

Also, what AV do you use?

Thanks!
Jim