Why is Endpoint creating snap shots on Windows Server 2016/19? This started with 8.5.1+ and has seriously messed up some of my legacy backups that relay on the windows snap shots manager to process. I've had several fail as I'm having a conflict with times as Endpoint is creating without a schedule. This looks really suspicious...
Shadow copy has been created.
User SID: S-1-5-18
User name: NT AUTHORITY\SYSTEM
Process ID: 0x000000000000095c
Process image name: C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe
What is enabled for endpoint:
Malware -Prevent
Ransomware -Prevent
Memory threat -Prevent
Malicious behavior -Prevent
On a policy that is a mirror of the same and Endpoint running 8.5.1 but in Detect only with Ransomware, Memory threat and Malicious behavior and with Malware in Prevent its not creating the snaps.
I was wondering why my storage space whet up nearly 500Gb over a few days after the update and noticed that several hundred servers now have local snaps all starting just after the endpoint agent was updated. It does remove them after 8 or size but this was not an expected behavior that was accounted for. Downgrading the agent the snaps no longer happen upgrade and snaps happen again.