Peter2150 et al, So, #6348 having to retrieve one of the files from the crypto folder will remain as one off. So, #6337 will remain as one off unless I can duplicate. Curious we both had an autorollback event that didn't really work Curious, how c:\windows\cryptoguard found it's way into Direct Access. As I extrapolate ... c:\windows\cryptoguard Direct Access degraded autorollback...or, Start Run restrictions degraded autorollback. Hmm.... Edit: Do I need c:\windows\cryptoguard Exclusion in Shadow Mode. Are the contents of cryptoguard folder needed after an autorollback event while in Shadow. By your test Sandbox #6349. Do you have Drop rights checked.