In reading over the forum traffic at TenForums. recently, I encountered an item of great interest. This thread is entitled “File System Filter ‘wcifs’ Event ID 4.” Despite the title, it reveals that a number of Windows 10 users have been unable to create or use restore points recently. Curious to understand if my own system might be affected, I went looking for wcifs-related errors on my production PC. And sure enough, I found them. Not only that, I was also unable to revert to a brand-new restore point I created. This leads to my hypothesis — namely, that Win10 restore points appear broken.
Reverting to a recent restore point reported success, but then this message appeared following restart. Ouch!
What Makes Win10 Restore Points Appear Broken?
Discussion of the underlying problem based on error codes points toward some issue(s) with the Volume Shadow Service, or VSS. One astute reader pointed to a TechNet article about the File Screening Minifilter Driver. And indeed, errors related to that driver or to WCIFS appear to be present in all reports of this apparent breakdown for restore points in Build 1607 Version 14393. That’s the current production version of Windows 10, the Current Branch to be perfectly clear.
Another thread on TenForums picks up and runs further with the WCIFS theme. It’s entitled Warning about File System Filter ‘wcifs’ – what is THAT ??? That’s exactly my own actual symptoms, too, so I dug in to learn more. The emerging consensus is that this is indeed a Windows bug (not something caused by third-party applications or user error). And of course, this leads to the question posed in the afore-linked thread: What is WCIFS anyway?
This acronym stands for Windows Container Isolation file system, and refers to a file system driver for Windows Containers (a relatively new addition to the Windows OS, which hints at some reason(s) why it might be experiencing difficulties). A Google search on “windows container isolation filesystem” turns up lots of interesting hits, too. It looks like container support started making its way into Windows 10 and Windows Server 2016 earlier this year (sometime in April, perhaps). It’s a way to isolate a container from the host OS, so that file system changes inside the container don’t affect that OS. I’d have to guess that something has gone wrong with this somewhere, or that the context for Volume Shadow copies has somehow gotten mishandled, and that efforts to restore are violating container boundaries.
What to Do About Broken Restore Points?
This is an interesting set of problems whose resolution will be worth watching. I’ve filed a detailed report with the Windows 10 Feedback Hub, and hope it will lead to some action. In the meantime, I’m also no longer relying on restore points to haul my fat from the fire. I’ve upped my backup frequency to nightly using Macrium Reflect, and remain pretty sure I’ll be able to put myself back in action with no more than a day’s work lost. I’d suggest others think about the same or similar strategies, until this matter is resolved.