Elastic Windows Event Explorer


Publisher - Microsoft-Windows-FileShareShadowCopyProvider

Event ID 3

Message:

Microsoft File Share Shadow Copy Provider: Delete Shadow Copy: %{ShadowCopyId}.

Event Data:

# Name In Type
Out Type
1 ShadowCopyId win:GUID xs:GUID

Observed Windows Versions:

Version: 0

Fingerprint: 2I7Z327TKLM2U