Avoid this potential conflict by excluding the Volume Shadow Copy from scan process.
In command prompt, type vssadmin list shadows to generate a list of VSS copy locations. An example:
C:\Users\Administrator>vssadmin list shadows
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.
Contents of shadow copy set ID: {351ee02c-ddd6-4588-ad52-c8a492cca985}
Contained 1 shadow copies at creation time: 5/12/2011 10:59:35 AM
Shadow Copy ID: {a22acec8-e80a-474f-85a4-701aef423d99}
Original Volume: (C:)\\?\Volume{29e5f939-3cac-11e0-ad9b-806e6f6e6963}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2
Originating Machine: ServerName
Service Machine: ServerName
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers,
Differential
Contents of shadow copy set ID: {4615fe12-fb9f-46ee-a1a1-ce21e5770c74}
Contained 1 shadow copies at creation time: 5/12/2011 10:59:51 AM
Shadow Copy ID: {4c6c2ba2-cc02-4c21-923e-8fdb004fbdf4}
Original Volume: (D:)\\?\Volume{433499a2-7c73-11e0-b7e0-000c29d393e5}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4
Originating Machine: ServerName
Service Machine: ServerName
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: ClientAccessible
Attributes: Persistent, Client-accessible, No auto release, No writers,
Differential
Contents of shadow copy set ID: {281ffda8-2852-4a03-aa6c-6fc91992afea}
Contained 1 shadow copies at creation time: 5/12/2011 11:03:14 AM
Shadow Copy ID: {e208be72-70bb-47a3-a41c-5f9f94c1aa68}
Original Volume: (D:)\\?\Volume{433499a2-7c73-11e0-b7e0-000c29d393e5}\
Shadow Copy Volume: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6
Originating Machine: ServerName
Service Machine: ServerName
Provider: 'Microsoft Software Shadow Copy provider 1.0'
Type: DataVolumeRollback
Attributes: Persistent, No auto release, No writers, Differential
C:\Windows\system32>mklink /d d:\WindowsImageBackup \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\
Creates a symbolic link for D:\WindowsImageBackup <<===>> \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\
Because you can not set the exclusion using string: (D:)\\?\Volume{433499a2-7c73-11e0-b7e0-000c29d393e5}\ or \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\ the following exclusions must be created:
On the desired Partition of copy, folder WindowsImageBackup has been created while setting Windows Server Backup Application.
In Central exception you have to add drive path to this folder as a security risk file and security risk folder.
For example: D:\WindowsImageBackup
Additionally, create an exception for the vssvc.exe process. (see screenshot)
Update this policy on the appropriate SEP client group.
As a confirmation that this policy is working, copy the Eicar test file to the WindowsImageBackup.
Run a scan – it should be ignored.
You can run as well the Windows Backup Server application to create the copy of another location in the WindowsImageBackup folder.
It should then function without any issues or freezes.
Ref: https://blogs.msdn.microsoft.com/adioltean/2008/02/28/a-simple-way-to-access-shadow-copies-in-vista/