Shadow copy is a built-in Windows feature that takes quick snapshots of files and folders. These snapshots capture how your data looked at a moment in time, so you can roll back to an earlier version if something goes wrong. Think of it like a time machine for your files on the same drive.
If you delete or overwrite a file by accident, or malware scrambles it, you can restore an earlier version in seconds. It is especially handy during ransomware cleanups when you need yesterday’s copy.
Windows creates snapshots during updates, restore points, or on a schedule.
Snapshots live on the same disk and are read-only.
You can right-click a file or folder → Properties → Previous Versions to restore.
Tools like System Restore can roll back system files and settings.
Previous Versions tab is empty when you expect copies.
Ransomware or scripts that run commands like deleting shadow copies.
Low disk space causing Windows to prune old snapshots.
Drive errors or a recent reset that removed restore points.
Turn on System Protection for your system drive and make a manual restore point before big changes.
Keep regular backups too. Shadow copies are not a full backup and won’t help if the disk dies.
Leave some free space so Windows can keep snapshots.
After a malware incident, restore only after you have cleaned the system.