Kaspersky Removal Tool (still) breaking Volume Shadow Copy and System Protection

No Comments
Windows

Spent tonight troubleshooting why my PC hasn’t successfully managed to do a System Image Backup in a few weeks – Event Viewer indicating an error 0x8000ffff and Backup indicating error 0x81000019. If you’re having problems with System Protection and have used Kaspersky for your antivirus, read on.

A merry dance ensued, the usual suspects ran (SFC, DISM). For a while, I thought the backup drive was just corrupt – a CHKDSK turned up a bunch of stuff. Sadly, not a solution in any of the above cases.

The real key turned out to be that I noticed that System Restore was also not working; error 0x81000203. This could be seen in the System Properties > System Protection tab. Some googling indicated possible issues with a tool called TuneUp Utilities, which I had used but a very long time ago. Those pages also tried to suggest turning off your antivirus.

On a hunch, I did some more searching based on my antivirus, Kaspersky. I found this old blog post – https://rjcuk.blogspot.com/2016/09/kaspersky-removal-tool-bug.html – and true indeed, I had used the removal tool to repair an issue I was having with my Kaspersky installation. So, despite the age of that post, and other links asserting that this bug had been fixed, it has not, as can be seen from my screenshot below.

The important hive path highlighted, with the offending key circled; it should include Windows’ own “volsnap” entry in addition

Appending ‘volsnap’ at the end manually was enough, after a restart, to fully reactivate System Protection and System Image Backup. Note, a restart is required – adding the key was not effective immediately.

Post-repair hive entry; all working!

Anyway, making this post mainly in case anyone else finds this issue and needs another search hit for the solution, especially a more recent example. If it saves someone a few hours, then I’ll feel more justified!

Leave a Reply

Your email address will not be published. Required fields are marked *