Dear all,
I’m working on intercepting IRPs IRP_MJ_CREATE to filter some file access. I realized that Shadow Copy on Windows does not trigger any IRP when backing up my files. I’m a bit curious; How can Shadow Copy access my files without triggering this IRP ? Is there a way to catch the file interactions of Shadow Copy from a minifilter driver ?
Thanks for your help !