Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Description

The volume snapshot driver has begun processing for volume online.

Message #

The volume snapshot driver has begun processing for volume online.

Volume GUID: %1

Guidance:
When a volume is brought online the volume snapshot driver scans for any persistent snapshots that may be on the volume.

You should expect this event when a volume is brought online.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 100,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 1,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-06T06:25:13.425270+00:00",
    "event_record_id": 87,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 228
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "7597D2A3-4404-4F99-B979-6233378A81BF",
    "SourceFile": "0x1",
    "SourceLine": 39024,
    "SourceTag": 124
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The volume snapshot driver has completed processing for volume online.

Message #

The volume snapshot driver has completed processing for volume online.

Volume GUID: %1

Guidance:
The volume snapshot driver was able to scan for any persistent snapshots on this volume.

You should expect this event when a volume is brought online.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 101,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 2,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-06T06:25:13.433430+00:00",
    "event_record_id": 88,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 228
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "7597D2A3-4404-4F99-B979-6233378A81BF",
    "SourceFile": "0x1",
    "SourceLine": 39187,
    "SourceTag": 125
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The volume snapshot driver encountered an error while performing processing for volume online.

Message #

The volume snapshot driver encountered an error while performing processing for volume online.

Error: %2

Volume GUID: %1

Guidance:
When a volume is brought online the volume snapshot driver scans for any persistent snapshots that may be on the volume.  In case of an error this scan is not performed.  The error may have originated in storage drivers beneath the volume snapshot driver; check their logs.

If the error is STATUS_DEVICE_NOT_CONNECTED this means the volume is in snapshot protection mode and has been taken offline to prevent loss of snapshots.

Fields #

Description

Activation of discovered snapshots began.

Message #

Activation of discovered snapshots began.

Volume GUID: %1

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver scans for and activates any persistent snapshots that may be on the volume.

You should expect this event when a volume is brought online or reverted to a snapshot.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 103,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 1,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-11T06:27:09.486348+00:00",
    "event_record_id": 184,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 352
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "CE657EBB-70C7-4B8B-A13F-FF11B9725249",
    "SourceFile": "0x1",
    "SourceLine": 22127,
    "SourceTag": 93
  },
  "message": ""
}

Description

Activation of discovered snapshots completed.

Message #

Activation of discovered snapshots completed.

Volume GUID: %1
Total Number of Snapshots Found: %2
Number of Snapshots Marked for Delete: %3
Number of Visible Snapshots Found: %4

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver scans for and activates any persistent snapshots that may be on the volume.  Some snapshots may be marked 'visible', meaning they were exposed as a local volume or file share.  Some detected snapshots may be marked 'deleted', meaning they are no longer available for use and their diff area space will be reclaimed when all older snapshots are deleted.  Look for instances of event 106 to see each snapshot that was discovered and whether it was 'visible' or 'deleted'.

You should expect this event when a volume is brought online or reverted to a snapshot.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 104,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 2,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-11T06:27:09.508914+00:00",
    "event_record_id": 190,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 352
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "CE657EBB-70C7-4B8B-A13F-FF11B9725249",
    "SnapshotCount": 3,
    "CountDeleted": 0,
    "CountVisible": 0,
    "SourceFile": "0x1",
    "SourceLine": 23009,
    "SourceTag": 107
  },
  "message": ""
}

Description

Activation of discovered snapshots encountered an error.

Message #

Activation of discovered snapshots encountered an error.

Error: %2

Volume GUID: %1

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver scans for and activates any persistent snapshots that may be on the volume.  Unless the volume is in snapshot protection mode or the error code indicates the volume is offline, a failure during this process results in loss of all snapshots on the volume.

Fields #

Description

A persistent snapshot was activated.

Message #

A persistent snapshot was activated.

Volume GUID: %1
Snapshot GUID: %2
Snapshot Marked Deleted: %3
Snapshot Visible: %4
Snapshot Commit Timestamp: %5

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver scans for and activates any persistent snapshots that may be on the volume.  If the snapshot is 'visible', it was exposed as a local volume or file share.  If the snapshot is 'deleted', it is no longer available for use and its diff area space will be reclaimed when all older snapshots are deleted.

You should expect this event when a volume containing persistent snapshots is brought online or reverted to a snapshot.  If all discovered snapshots are successfully activated you should expect event 104, otherwise you will see event 105.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 106,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-11T06:27:09.499366+00:00",
    "event_record_id": 189,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 352
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "CE657EBB-70C7-4B8B-A13F-FF11B9725249",
    "SnapshotGuid": "465863F8-1B56-11F1-9FBF-C6B26F270F0B",
    "Deleted": false,
    "Visible": false,
    "CommitTime": "2026-03-11T03:42:04.594000Z",
    "SourceFile": "0x1",
    "SourceLine": 20745,
    "SourceTag": 92
  },
  "message": ""
}

Description

Reading of a snapshot diff area's metadata began.

Message #

Reading of a snapshot diff area's metadata began.

Volume GUID: %1
Snapshot GUID: %2

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver reads the diff area for the most-recent persistent snapshot (if any).  The diff area for earlier persistent snapshots is typically read the first time the snapshot is read from.

You should expect this event when a volume is brought online, reverted to a snapshot, or when reading from a persistent snapshot for the first time after bringing a volume online.  This event may also occur if a volume is dismounted that contains snapshots that have not been read since the volume was brought online.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 107,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 1,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-11T06:28:15.280120+00:00",
    "event_record_id": 192,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 4156
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "CE657EBB-70C7-4B8B-A13F-FF11B9725249",
    "SnapshotGuid": "465845A3-1B56-11F1-9FBF-C6B26F270F0B",
    "SourceFile": "0x7",
    "SourceLine": 4286,
    "SourceTag": 84
  },
  "message": ""
}

Description

Reading of a snapshot diff area's metadata completed.

Message #

Reading of a snapshot diff area's metadata completed.

Volume GUID: %1
Snapshot GUID: %2
Count of 1MB Reads: %3
Count of 16KB Reads: %4
Diff Area Metadata Size: %5 Bytes
Total Data Read: %6 Bytes

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver reads the diff area for the most-recent persistent snapshot (if any).  The diff area for earlier persistent snapshots is typically read the first time the snapshot is read from.  The size of the diff area metadata may be less than the total number of bytes read if the diff area is discontiguous on disk.

You should expect this event when a volume is brought online, reverted to a snapshot, or when reading from a persistent snapshot for the first time after bringing a volume online.  This event may also occur if a volume is dismounted that contains snapshots that have not been read since the volume was brought online.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 108,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 2,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-11T06:28:15.323019+00:00",
    "event_record_id": 193,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 4156
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "CE657EBB-70C7-4B8B-A13F-FF11B9725249",
    "SnapshotGuid": "465845A3-1B56-11F1-9FBF-C6B26F270F0B",
    "LargeReadCount": 3,
    "SmallReadCount": 2,
    "TableDataBytes": 3162112,
    "TotalBytesRead": 3178496,
    "SourceFile": "0x7",
    "SourceLine": 4683,
    "SourceTag": 89
  },
  "message": ""
}

Description

Reading of a snapshot diff area's metadata encountered an error.

Message #

Reading of a snapshot diff area's metadata encountered an error.

Error: %3

Volume GUID: %1
Snapshot GUID: %2
Count of 1MB Reads: %4
Count of 16KB Reads: %5
Amount of Diff Area Metadata Read: %6 Bytes
Total Data Read: %7 Bytes

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver reads the diff area for the most-recent persistent snapshot (if any).  The diff area for earlier persistent snapshots is typically read the first time the snapshot is read from.  Unless the volume is in snapshot protection mode, a failure during this process results in loss of all snapshots on the volume.

Fields #

Description

Validation of diff area files began.

Message #

Validation of diff area files began.

Volume GUID: %1

Guidance:
When a volume is mounted, the volume snapshot driver reads and validates all the diff area files located on the volume.  These diff area files may be for persistent snapshots of the volume being mounted, or for persistent snapshots of other volumes.

You should expect this event when mounting a volume.  No user action is required.

Fields #

Description

Validation of diff area files completed.

Message #

Validation of diff area files completed.

Number of Diff Areas: %2

Guidance:
When a volume is mounted, the volume snapshot driver reads and validates all the diff area files located on the volume.  These diff area files may be for persistent snapshots of the volume being mounted, or for persistent snapshots of other volumes.

You should expect this event when mounting a volume.  No user action is required.

Fields #

Description

Validation of diff area files encountered an error.

Message #

Validation of diff area files encountered an error.

Error: %2

Volume GUID: %1

Guidance:
When a volume is mounted, the volume snapshot driver reads and validates all the diff area files located on the volume.  These diff area files may be for persistent snapshots of the volume being mounted, or for persistent snapshots of other volumes.  A failure during this process results in loss of all snapshots whose diff area files are located on the volume, unless those snapshots are of volumes that are in snapshot protection mode.

Fields #

Description

The volume is preparing to be taken offline.

Message #

The volume is preparing to be taken offline.

Volume GUID: %1

Guidance:
Some system services, such as the cluster service, inform the volume snapshot driver when they are about to take the volume offline.

You should expect this event when an entity such as the cluster service prepares to take a volume offline.  No user action is required.

Fields #

Description

The volume snapshot driver has begun processing for dismount.

Message #

The volume snapshot driver has begun processing for dismount.

Volume GUID: %1

Guidance:
When a volume is dismounted, the volume snapshot driver closes any handles it may have open on the dismounting volume, such as handles to diff areas.  All auto-release snapshots that have diff areas on the dismounting volume are deleted at this time. The volume snapshot driver may also perform some work to detect whether any future direct writes to the volume are to diff area space for persistent snapshots.  If such writes occur this detection work allows the volume snapshot driver to destroy the snapshots, since the direct volume writes may corrupt them.

You should expect this event when a volume dismounts.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 114,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 1,
    "keywords": 4611686018427387904,
    "time_created": "2022-04-07T16:45:03.737710+00:00",
    "event_record_id": 9,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 32
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "E856EAFF-60EA-4D9C-8467-32D0B50DBFFC",
    "SourceFile": "0x1",
    "SourceLine": 37521,
    "SourceTag": 119
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The volume snapshot driver has completed processing for dismount.

Message #

The volume snapshot driver has completed processing for dismount.

Volume GUID: %1

Guidance:
When a volume is dismounted, the volume snapshot driver closes any handles it may have open on the dismounting volume, such as handles to diff areas.  All auto-release snapshots that have diff areas on the dismounting volume are deleted at this time. The volume snapshot driver may also perform some work to detect whether any future direct writes to the volume are to diff area space for persistent snapshots.  If such writes occur this detection work allows the volume snapshot driver to destroy the snapshots, since the direct volume writes may corrupt them.

You should expect this event when a volume dismounts.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 115,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 2,
    "keywords": 4611686018427387904,
    "time_created": "2022-04-07T16:45:03.737712+00:00",
    "event_record_id": 10,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 32
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "E856EAFF-60EA-4D9C-8467-32D0B50DBFFC",
    "SourceFile": "0x1",
    "SourceLine": 38322,
    "SourceTag": 122
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The volume snapshot driver has begun processing for volume offline.

Message #

The volume snapshot driver has begun processing for volume offline.

Volume GUID: %1

Guidance:
When a volume is taken offline, the volume snapshot driver disables any persistent snapshots that still exist for the volume (autorelease snapshots were deleted when the volume was dismounted).  Snapshots of other volumes whose diff areas are on the offlining volume are destroyed, unless those volumes are in snapshot protection mode.  In that case those volumes are taken offline.

You should expect this event when a volume is taken offline.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 116,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 1,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-13T20:08:10.764027+00:00",
    "event_record_id": 113,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 4464
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "E3E83FDF-1F17-11F1-9FBA-010101010000",
    "SourceFile": "0x1",
    "SourceLine": 34284,
    "SourceTag": 113
  },
  "message": ""
}

Description

The volume snapshot driver has completed processing for volume offline.

Message #

The volume snapshot driver has completed processing for volume offline.

Volume GUID: %1

Guidance:
When a volume is taken offline, the volume snapshot driver disables any persistent snapshots that still exist for the volume (autorelease snapshots were deleted when the volume was dismounted).  Snapshots of other volumes whose diff areas are on the offlining volume are destroyed, unless those volumes are in snapshot protection mode.  In that case those volumes are taken offline.

You should expect this event when a volume is taken offline.  No user action is required.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-VolumeSnapshot-Driver",
    "guid": "67FE2216-727A-40CB-94B2-C02211EDB34A",
    "event_source_name": "",
    "event_id": 117,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 2,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-13T20:08:10.764058+00:00",
    "event_record_id": 114,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 4464
    },
    "channel": "Microsoft-Windows-VolumeSnapshot-Driver/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "TargetVolumeGuid": "E3E83FDF-1F17-11F1-9FBA-010101010000",
    "SourceFile": "0x1",
    "SourceLine": 34312,
    "SourceTag": 114
  },
  "message": ""
}

Description

The volume snapshot driver encountered an error while performing processing for volume offline.

Message #

The volume snapshot driver encountered an error while performing processing for volume offline.

Error: %2

Volume GUID: %1

Guidance:
When a volume is taken offline, the volume snapshot driver disables any persistent snapshots that still exist for the volume (autorelease snapshots were deleted when the volume was dismounted).  Snapshots of other volumes whose diff areas are on the offlining volume are destroyed, unless those volumes are in snapshot protection mode.  In that case those volumes are taken offline.

If the error is STATUS_INSUFFICIENT_RESOURCES (0xc000009a), the volume snapshot driver may have been unable to allocate memory.  Other error codes originate from lower drivers.  Please check their log(s) for further information.

Fields #

Description

The volume snapshot driver encountered an error while performing processing for dismount.

Message #

The volume snapshot driver encountered an error while performing processing for dismount.

Error: %3
Error Details: %2

Volume GUID: %1

Guidance:
When a volume is dismounted, the volume snapshot driver closes any handles it may have open on the dismounting volume, such as handles to diff areas.  All auto-release snapshots that have diff areas on the dismounting volume are deleted at this time. The volume snapshot driver may also perform some work to detect whether any future direct writes to the volume are to diff area space for persistent snapshots.  If such writes occur this detection work allows the volume snapshot driver to destroy the snapshots, since the direct volume writes may corrupt them.

A failure during this process results in loss of all snapshots whose diff area files are located on the volume, unless those snapshots are of volumes that are in snapshot protection mode.

Fields #

Description

Activation of discovered snapshots took too long and was aborted.

Message #

Activation of discovered snapshots took too long and was aborted.

Volume GUID: %1
Timeout Value (in seconds): %2

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver scans for and activates any persistent snapshots that may be on the volume.  This process took longer than the amount of time allowed on this system, so activation has been aborted.  Unless the volume is in snapshot protection mode, all snapshots on this volume have been deleted.

Fields #

Description

The volume snapshot driver was unable to log an event to the legacy System event log.

Message #

The volume snapshot driver was unable to log an event to the legacy System event log.

Volume Name: %2
Diff Volume Name (if applicable): %4
Original Error Event Code: %5
Original Error Status: %6
Cause of Logging Failure:%10

Fields #

Description

The volume snapshot driver encountered an error when attempting to determine whether the volume is clustered.

Message #

The volume snapshot driver encountered an error when attempting to determine whether the volume is clustered.

Error: %2

Volume GUID: %1

Guidance:
When a volume is brought online or reverted to a snapshot, the volume snapshot driver scans for and activates any persistent snapshots that may be on the volume.  This process attempts to determine whether the volume is part of a cluster shared resource, but the query to determine this failed.

This error does not indicate that any snapshots have been deleted.  You should expect this event if the volume is on a dynamic disk or is managed by a third-party volume manager.

Fields #

Description

Persistent snapshots are not supported on this edition of Windows.

Message #

Persistent snapshots are not supported on this edition of Windows.

Guidance:
This edition of Windows does not support creation of persistent snapshots.  Autorelease snapshots are supported.

Fields #

Description

PrepareForSnapshot (Enter).

Message #

PrepareForSnapshot (Enter)

Fields #

Description

PrepareForSnapshot (Leave).

Message #

PrepareForSnapshot (Leave)

Fields #

Description

PreExposure (Enter).

Message #

PreExposure (Enter)

Fields #

Description

PreExposure (Leave).

Message #

PreExposure (Leave)

Fields #

Description

AdjustBitmap (Enter).

Message #

AdjustBitmap (Enter)

Fields #

Description

AdjustBitmap (Leave).

Message #

AdjustBitmap (Leave)

Fields #

Description

EndCommit (Enter).

Message #

EndCommit (Enter)

Fields #

Description

EndCommit (Leave).

Message #

EndCommit (Leave)

Fields #

Description

Activate (Enter).

Message #

Activate (Enter)

Fields #

Description

Activate (Leave).

Message #

Activate (Leave)

Fields #

Description

SetIgnorable (Enter).

Message #

SetIgnorable (Enter)

Fields #

Description

SetIgnorable (Leave).

Message #

SetIgnorable (Leave)

Fields #

Description

ComputeIgnorableProduct (Enter).

Message #

ComputeIgnorableProduct (Enter)

Fields #

Description

ComputeIgnorableProduct (Leave).

Message #

ComputeIgnorableProduct (Leave)

Fields #

Description

Dismount (Enter).

Message #

Dismount (Enter)

Fields #

Description

Dismount (Leave).

Message #

Dismount (Leave)

Fields #

Description

Remount (Enter).

Message #

Remount (Enter)

Fields #

Description

Remount (Leave).

Message #

Remount (Leave)

Fields #

Description

DeleteProcess (Enter).

Message #

DeleteProcess (Enter)

Fields #

Description

DeleteProcess (Leave).

Message #

DeleteProcess (Leave)

Fields #

Description

Revert (Enter).

Message #

Revert (Enter)

Fields #

Description

Revert (Leave).

Message #

Revert (Leave)

Fields #

Description

ComputeProtectedBitmap (Enter).

Message #

ComputeProtectedBitmap (Enter)

Fields #

Description

ComputeProtectedBitmap (Leave).

Message #

ComputeProtectedBitmap (Leave)

Fields #

Description

FlushHoldFs (Enter).

Message #

FlushHoldFs (Enter)

Fields #

Description

FlushHoldFs (Leave).

Message #

FlushHoldFs (Leave)

Fields #

Description

ActivateLoop (Enter).

Message #

ActivateLoop (Enter)

Fields #

Description

ActivateLoop (Leave).

Message #

ActivateLoop (Leave)

Fields #

Description

ValidateDiffAreaFiles (Enter).

Message #

ValidateDiffAreaFiles (Enter)

Fields #

Description

ValidateDiffAreaFiles (Leave).

Message #

ValidateDiffAreaFiles (Leave)

Fields #

Description

VolumesSafeForWrite (Enter).

Message #

VolumesSafeForWrite (Enter)

Fields #

Description

VolumesSafeForWrite (Leave).

Message #

VolumesSafeForWrite (Leave)

Fields #

Description

DiscoverSnapshots (Enter).

Message #

DiscoverSnapshots (Enter)

Fields #

Description

DiscoverSnapshots (Leave).

Message #

DiscoverSnapshots (Leave)

Fields #