Exclude files and folders from System Restore

Avatar
Arnor Baldvinsson
Follow

About six months ago I wrote a blog article about how to exclude files or folders from the System Restore database.  You can read the whole article on my blog site. 

At least 2 or 3 times I have had to use System Restore and not realized until it was too late that it had overridden changes I had made to product code.  The magic trick is contained in two registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot


Once in a while I get Blue Screen of Death on my machine.  Happens about every 3 months or so.  I leave my machines on so they can have a pretty long uptime (longest I recall seeing between reboots was 116 days)  When this happens and you opt to use the System Restore to get to an earlier restore point, you can be overwriting your code! 

In January 2012 this happened to me on my old development machine and without realizing I overwrote a fair amount of new code, changes and fixes I had been making to Build Automator and couple of other products.  With Build Automator I didn't notice this until couple of months later.  This was just before I put it into version control (yeah, shame on me!) but I had the other products in SVN so I could recover them easily.  There is nothing more irritating and down right aggravating than having bugs crop up in code again that you know you have already fixed!

Couple of weeks ago I had this happen on a VMware host machine when 3 virtual machines were running.  For some reason the operating system on one of them insisted on doing a system fix, which includes a system restore.  Of course this was the machine I was actively working on and I hadn't checked the project in the night before.  I was moving on to a different project so the bulb didn't come on until my backup had been overwritten and I had lost some work.  What made me realize it was that two entry fields on a screen I was working on were missing and couple of routines were no longer there.  Fortunately it was a very minor loss, but never the less, it is definitely worth it to exclude files and folders that you do not want to be overwritten by System restore.

I'm now going through my virtual machines and making sure that I have the settings that I need for each one of them, so I don't have to risk this again.

Arnor Baldvinsson

Have more questions? Submit a request

6 Comments

Date Votes
  • 0
    Avatar
    Andrei Belogortseff

    Very useful info, thanks a lot!

    Another way to stop system restore from overwriting files is to keep them on a separate drive that has the system restore disabled. That's what I've been doing. Still, your tip will sure come handy should I need to exclude something on the C: drive from being restored.

    Thanks!

  • 0
    Avatar
    Arnor Baldvinsson

    Thanks Andrei!  Yes, I forgot to mention (think I did in the article) that you can exclude drives from System Restore, which works great.  In Virtual Machines, however, you generally only use the C drive so this is a vital part if you use VMs for development (like I do for some projects that use a very old IDE that's 16bit and won't run on 64bit machines) 

  • 0
    Avatar
    Steven Kelly

    Thanks, your two blog posts are the best description on the net! Looking at the syntax for the file specs on MSDN and in my registry, it seems there is a difference between FilesNotToBackup and FilesNotToSnapshot. The former specifies all drives by omitting the drive letter and colon, e.g. \*.clw /s, whereas the latter replaces the drive letter and colon with $AllVolumes$, e.g. $AllVolumes$\*.clw /s (MSDN claims %AllVolumes%, my Win8 registry uses $AllVolumes$).

    Also, you might want to be careful using FilesNotToBackup - various backup programs look at that key, so users attempting to make sure your app's files are backed up may find some being omitted (or maybe backed up but not restored).

    Our app, MetaEdit+, has several files affected by the over-zealous behaviour of System Restore (.csl, .ctb, .mxt), so I'm going to test in various Windows versions using the free VMs provided by Microsoft for testing IE: https://www.modern.ie/en-us/virtualization-tools

  • 0
    Avatar
    Arnor Baldvinsson

    Thanks, Steven, for the information!

  • 0
    Avatar
    Steven Kelly

    I have some bad news. I've tested the registry keys in Windows 8. They do not prevent data loss, and in fact they can increase data loss.

    My test case was to create a Restore point of an initially empty situation, copy our repository data files to My Documents (including .csl and .ctb on Microsoft's list, and .aob etc. not on the list), and restore back to the restore point. I tried with FilesNotToSnapshot including $AllVolumes$\*.csl /s etc., and with that and FilesNotToBackup \*.csl /s. I tried just disabling system protection and turning it back on, and with a reboot after the first or both setting changes.

    In all cases, the files with the extensions mentioned by Microsoft were deleted, despite being mentioned in the registry keys. The other repository files were untouched. Worse, if I then undid the restore (effectively restoring to the restore point automatically created at the start of the restore operation), the files with extensions mentioned in the registry keys were not restored.

    In a sense, that lack of restoration obeys the registry keys - there really is no backup or snapshot of those files, or at least no restoration of them. Without the registry entries those files are correctly restored by Undo restore.

    What we really need is a "FilesNotToDelete" or "FilesNotToTouch" registry key. Given that Microsoft's list covers 574 extensions, most of which have nothing to do with executable files or scripts, a working mechanism to prevent System Restore causing this kind of data loss is badly needed.

  • 0
    Avatar
    Arnor Baldvinsson

    Thank you again Steven for your testing, while the results are unfortunate. It is definitely something to be very, VERY careful of and I fear that most people have no idea what System Restore can do to files that have no relation to the operating system. I have lost work to System Restore a few times and while it has saved me a number of times I know it has burned me without me knowing. I have sometimes found apps or code that I knew I had made modifications to that were gone - very likely because I had to use SR to recover from a bad Windows Update.

Please sign in to leave a comment.
Powered by Zendesk