What it is
Shadow copy is a built-in Windows feature that takes quick snapshots of files and folders. These snapshots capture how your data looked at a moment in time, so you can roll back to an earlier version if something goes wrong. Think of it like a time machine for your files on the same drive.
Why it matters
If you delete or overwrite a file by accident, or malware scrambles it, you can restore an earlier version in seconds. It is especially handy during ransomware cleanups when you need yesterday’s copy.
How it works
-
Windows creates snapshots during updates, restore points, or on a schedule.
-
Snapshots live on the same disk and are read-only.
-
You can right-click a file or folder → Properties → Previous Versions to restore.
-
Tools like System Restore can roll back system files and settings.
Red flags
-
Previous Versions tab is empty when you expect copies.
-
Ransomware or scripts that run commands like deleting shadow copies.
-
Low disk space causing Windows to prune old snapshots.
-
Drive errors or a recent reset that removed restore points.
Do it right
-
Turn on System Protection for your system drive and make a manual restore point before big changes.
-
Keep regular backups too. Shadow copies are not a full backup and won’t help if the disk dies.
-
Leave some free space so Windows can keep snapshots.
-
After a malware incident, restore only after you have cleaned the system.