It also happens from image preview caches created by explorer. I see this get hung up for some time with SMB shares and the like that have images.
Something is still interacting with the photos on your device, and although it may be mundane… do you really know every single service and process running on your device, all the time? Could we ever know? Just takes one dependency for one thing you installed to be bogus… it could even be from a rootkit installed in bios that installs whatever software on bootup so even if you wipe your system it’s there, ever monitoring, ever feeding your data away.
There’s just no user friendly tooling on windows that’s built-in which would ever pick this stuff up. AV doesn’t know what is desired or undesired behavior when it comes to stuff like this either. Sure, it won’t send up stuff protected by UAC from a non-admin request… but thumb drives, CF cards, SD cards etc all have no restrictions.
It also happens from image preview caches created by explorer. I see this get hung up for some time with SMB shares and the like that have images.
Something is still interacting with the photos on your device, and although it may be mundane… do you really know every single service and process running on your device, all the time? Could we ever know? Just takes one dependency for one thing you installed to be bogus… it could even be from a rootkit installed in bios that installs whatever software on bootup so even if you wipe your system it’s there, ever monitoring, ever feeding your data away.
There’s just no user friendly tooling on windows that’s built-in which would ever pick this stuff up. AV doesn’t know what is desired or undesired behavior when it comes to stuff like this either. Sure, it won’t send up stuff protected by UAC from a non-admin request… but thumb drives, CF cards, SD cards etc all have no restrictions.