This project has moved and is read-only. For the latest updates, please go here.

Error when scanning or repairing non-system VC volume in Windows Explorer

Topics: Technical Issues, Users Discussion
Dec 30, 2016 at 12:36 AM
I am running Windows 10 Enterprise x64. I created a GPT partition table on a 4TB external HDD. Then I created a single partition, formatted it as NTFS, and told VC to encrypt it with a quick format. All goes fine. However, if I right-click the mounted volume in Windows Explorer, then go to Properties, Tools tab, "Check" then "Scan drive", I immediately get an error that says "Windows was unable to scan the drive. Close this dialog box, and then try to scan the drive again. If the problem persists, scan and repair the drive" . Then a second box comes up with the options "Scan drive (recommended)" and "Scan and repair drive" I can't recall if the 1st option works, but the 2nd option works fine.

So I go to Event Viewer and I get this:

Chkdsk was executed in scan mode on a volume snapshot.

Checking file system on D:

The shadow copy provider had an unexpected error while trying to process the specified operation.

A snapshot error occurred while scanning this drive. You can try again, but if this problem persists, run an offline scan and fix

So, this seems to be related to volume shadow copy. There is a service with a similar name that can be disabled, but I've read that this isn't a good idea. VSS is also related to System Restore and is also used for keeping shadow copies of files, among other things. My D drive (VC volume) also does not appear in the list of volumes available for System Restore (which is fine, I don't care about that anyway).

I also see a note in the VC docs that volume shadow copy does not work with non-system VC volumes.

The point I'm getting at is, what I'm trying to do initially fails with an error if done directly from Explorer, but I can scan or repair the volume within the VC application just fine, no errors occur. Is the latter the recommended way? Should I be worried about this? Or it is normal? Any advice? Can someone give a technical explanation?

I mostly plan to use this volume for storing static data, OS backups, etc. Will VSS not working with my VC volume affect any of this? In what ways?

I've never had an issue with VSS not working with volumes created by DiskCryptor or BestCrypt. I suspect that VC has this issue because, like TrueCrypt, VC does not encrypt non-system volumes in a completely transparent way, so the OS somehow sees this volume as different and therefore VSS won't work.

Thanks for any help!
Dec 31, 2016 at 6:28 AM
Can someone at least confirm or disconfirm that this is the expected behavior in my situation? I just want to be assured that there is nothing "wrong" with my volume.

Thanks!
Dec 31, 2016 at 7:38 AM
Yes. VeraCrypt creates virtual disk and maps part of sectors or file to the virtual disk.

Probably "scan" tries some low level disk operation and VeraCrypt virtual disk emulation does not support it.
Dec 31, 2016 at 8:35 AM
@kavsrf: Well, I've already posted the error, which seems to be related to Volume Shadow Copy. I also dont understand why VeraCrypt has this issue in relation to VSS, when other encryption solutions like DiskCryptor and BestCrypt Volume exhibit no such issue.

I've also noticed that Windows' built-in defragger cant defrag/optimize this VC volume, it's as if it doesn't see the volume as having an NTFS filesystem. Although a 3rd-party defragger (PerfectDisk) has no issue with this and correctly sees the volume as NTFS, and therefore defraggable.

I don't believe that "VeraCrypt creates a virtual disk and maps part of sectors or file to the virtual disk". This seems to imply that file-based encryption is used. Doesn't VC just encrypt the partition and its' filesystem in-place?

I've read before that both TrueCrypt and VeraCrypt dont transparently encypt non-system volumes, like an external HDD. But what does "transparent" mean in this sense? It can't avoid this on a system volume, since it must be bootable.
Dec 31, 2016 at 8:51 AM
For ordinary container VeraCrypt creates header. (128K at 0 sector and 128K at end). Other sectors are mapped to the virtual disk partition.

"Transparent" is not correct word. All disk encryption works in transparent mode but Diskryptor and BestCrypt (probably) are ordinary disk filter drivers.

Note: You cannot see VeraCrypt disk or volumes in "diskpart" or standard Disk management tool.
Dec 31, 2016 at 8:59 AM
Edited Dec 31, 2016 at 8:59 AM
@kavsrf: BUT I didn't create an encrypted container (file). I simply encrypted an NTFS-formatted VOLUME on an external HDD.

Why doesn't VeraCrypt just use regular disk filter drivers like other encryption solutions? I'm pretty sure this wouldn't be a security risk. I think that non-transparent encryption of non-system volumes is something that can be improved upon. But, because VC is just a fork of TC, albeit with improvements, then it has most of the same limitations.

You actually can see VC disks and volumes is diskpart and Disk Management, but they are seen as raw, even when mounted.
Dec 31, 2016 at 9:33 AM
AnonVendetta wrote:
@kavsrf: BUT I didn't create an encrypted container (file). I simply encrypted an NTFS-formatted VOLUME on an external HDD.
Volume is regular container.
Why doesn't VeraCrypt just use regular disk filter drivers like other encryption solutions? I'm pretty sure this wouldn't be a security risk. I think that non-transparent encryption of non-system volumes is something that can be improved upon. But, because VC is just a fork of TC, albeit with improvements, then it has most of the same limitations.
filter driver is used for system encryption
You actually can see VC disks and volumes is diskpart and Disk Management, but they are seen as raw, even when mounted.
You can see system disks(raw partitions). You cannot see virtual disk created by VeraCrypt.
Dec 31, 2016 at 9:47 AM
kavsrf wrote:
AnonVendetta wrote:
@kavsrf: BUT I didn't create an encrypted container (file). I simply encrypted an NTFS-formatted VOLUME on an external HDD.
Volume is regular container.
Why doesn't VeraCrypt just use regular disk filter drivers like other encryption solutions? I'm pretty sure this wouldn't be a security risk. I think that non-transparent encryption of non-system volumes is something that can be improved upon. But, because VC is just a fork of TC, albeit with improvements, then it has most of the same limitations.
filter driver is used for system encryption
You actually can see VC disks and volumes is diskpart and Disk Management, but they are seen as raw, even when mounted.
You can see system disks(raw partitions). You cannot see virtual disk created by VeraCrypt.
You say "filter driver is used for system encryption". But my external HDD isn't a system disk, there is nothing on it that's bootable. So, for non-system disks, what kind of driver is used? Surely it's something different than what other encryption solutions use, since they don't have the issue I've posted about. There must be be SOMETHING that cause VSS to not work, that cause Windows built-in defragger to see VC volume as not defraggable (but defraggable by 3rd-party software). In other words, something not fully transparent that causes these volumes to not be treated by all softwares as NTFS when mounted. These are 2 things I've noticed.

Either way, I can at least scan and repair my volume from within the VC app, so I suppose this is a non-issue.