On top of this, it’s usually because the local cache hasn’t actually written all the data to the drive and if you go yanking the drive in this state, your most recent chunk of data would be missing or corrupt. The eject button forces your OS to clear its write cache before unmounting the file system.
It also happens from image preview caches created by explorer. I see this get hung up for some time with SMB shares and the like that have images.
Something is still interacting with the photos on your device, and although it may be mundane… do you really know every single service and process running on your device, all the time? Could we ever know? Just takes one dependency for one thing you installed to be bogus… it could even be from a rootkit installed in bios that installs whatever software on bootup so even if you wipe your system it’s there, ever monitoring, ever feeding your data away.
There’s just no user friendly tooling on windows that’s built-in which would ever pick this stuff up. AV doesn’t know what is desired or undesired behavior when it comes to stuff like this either. Sure, it won’t send up stuff protected by UAC from a non-admin request… but thumb drives, CF cards, SD cards etc all have no restrictions.
On top of this, it’s usually because the local cache hasn’t actually written all the data to the drive and if you go yanking the drive in this state, your most recent chunk of data would be missing or corrupt. The eject button forces your OS to clear its write cache before unmounting the file system.
But that’s a lot less of an exciting answer.
Hm, the way I remember it is that the cache being flushed showed a spinner before ejecting the drive. GP is referring to an actual error being shown.
It also happens from image preview caches created by explorer. I see this get hung up for some time with SMB shares and the like that have images.
Something is still interacting with the photos on your device, and although it may be mundane… do you really know every single service and process running on your device, all the time? Could we ever know? Just takes one dependency for one thing you installed to be bogus… it could even be from a rootkit installed in bios that installs whatever software on bootup so even if you wipe your system it’s there, ever monitoring, ever feeding your data away.
There’s just no user friendly tooling on windows that’s built-in which would ever pick this stuff up. AV doesn’t know what is desired or undesired behavior when it comes to stuff like this either. Sure, it won’t send up stuff protected by UAC from a non-admin request… but thumb drives, CF cards, SD cards etc all have no restrictions.