Restoring system drive or System State fails on Windows Server when Windows Defender is enabled.

Article: 100049387
Last Published: 2022-11-13
Ratings: 0 0
Product(s): Appliances, NetBackup


When performing a full system restore of Windows Server where Windows Defender is enabled, the job fails with Status 2808 or 1.


Error Message

Job Details in Activity Monitor shows the following warnings/errors when restoring the system drive:

2019/04/17 11:13:17 - Warning bpbrm (pid=12784) from client nbclient1: WRN - can't create file: C:\Program Files\Windows Defender\en-US (WIN32 5: Access is denied. )

2019/04/17 11:13:18 - Warning bpbrm (pid=12784) from client nbclient1: WRN - can't create file: C:\Program Files\Windows Defender\Offline (WIN32 5: Access is denied. )

2019/04/17 11:15:43 - Warning bpbrm (pid=12784) from client nbclient1: WRN - can't create file: C:\Windows\System32\drivers\wd (WIN32 5: Access is denied. )


2019/04/17 11:17:40 - Error bpbrm (pid=12784) client restore EXIT STATUS 5: the restore failed to recover the requested files

2019/04/17 11:17:41 - restored from image nbclient1_1555464240; restore time: 0:08:29

2019/04/17 11:17:41 - Warning bprd (pid=11532) Restore must be resumed prior to first image expiration on INFINITY

2019/04/17 11:17:42 - end Restore; elapsed time 0:08:32 Windows File System policy restore error  (2808)


Job Details in Activity Monitor shows the following errors/warnings when restoring System State:

2019/04/17 11:33:43 - Warning bpbrm (pid=12836) from client nbclient1: WRN - error writing object: System State:\System Files\System Files

2019/04/17 11:33:43 - Warning bpbrm (pid=12836) from client nbclient1: WRN - error writing byte: -2146096128

2019/04/17 11:33:43 - Warning bpbrm (pid=12836) from client nbclient1: WRN - desired byte count: 65536

2019/04/17 11:33:43 - Warning bpbrm (pid=12836) from client nbclient1: WRN - actual byte count: 52653


2019/04/17 11:41:03 - Error bpbrm (pid=12836) client restore EXIT STATUS 1: the requested operation was partially successful

2019/04/17 11:41:03 - Warning bprd (pid=11784) Restore must be resumed prior to first image expiration on INFINITY

2019/04/17 11:41:03 - end Restore; elapsed time 0:15:29 The requested operation was partially successful  (1)



As Windows Defender protects the system files and directories, they are not allow to be overwritten.



Before initiating a full system restore, turn off Windows Defender on the restore target client.

How to turn off Windows Defender

1. Login as an administrator. Type gpedit.msc on Run box and hit Enter.

2. Go to Local Computer Policy > Computer Configuration > Administrative templates > Windows Components > Windows Defender Antivirus.

In the right-hand panel, you’ll see the option Turn off Windows Defender Antivirus. Double-click to open it.

 Note: Setting name is "Microsoft Defender Antivirus" on Windows Server 2022.

3. In the new window > select Enable > click OK to save the settings.

4. Close the Local Group Policy Editor and run gpupdate/force in command prompt to update the group policy.


How to use NetBackup to perform a complete restore of Windows Server 2008 R2 and above without IDR or BMR

Was this content helpful?