This project has moved and is read-only. For the latest updates, please go here.

VeraCrypt files accessible via Quick Access/ Recent files

Topics: Users Discussion
Jul 10, 2016 at 4:45 PM
I am having two issues on my new computer that I'm hoping the community here can help me out with.

First, is there any way to prevent Microsoft Windows (10) from saving a file opened via a VeraCrypt mount to the Quick Access of recent files in the File Explorer? I cannot recall of my previous computer with Windows 8 did this; it may have.

Second and more worrisome, after dismounting my VeraCrypt partition/ folder. the items I've opened up from this mount not only show up in the Quick Access list of recent files, but some files will actually open up, even though I have dismounted my VeraCrypt folder! To me, this defeats a large part of having this encrypted folder, if I also have to make sure that I go to the Quick Access files and remove from the list each time. This was never an issue on my old computer. This seems to happen only with photos, while word documents and videos will not open saying that the location directory cannot be found.

Can anyone please help me to ensure that my sensitive photos are not accessible to anyone on my computer, once I have closed out of VeraCrypt?

By the way, I have selected the option in the VeraCrypt window not to save history. I would really appreciate the communities help with this!! Thanks.
Jul 10, 2016 at 6:13 PM
Edited Jul 11, 2016 at 2:56 AM
Many applications leak data during their usage and the OS will keep track of when a volume is mounted and by which user account on Windows. Hence, system encryption is the only solution to these issues.

Regarding the issue of being able to access VeraCrypt volumes when you dismount might be related to Fast Boot option in Windows.

What type of VeraCrypt encryption did you create? Drive, partition or file container?

Do you have Fast Boot enabled for Windows 10 (also exists in Windows 8.1, and 8)? If yes, disable Fast Boot.

Fast Startup issues I am aware of are:
  • Prevents System Favorites from working.
  • Windows does not shutdown completely leaving security issues by not prompting password for VeraCrypt volumes and leaving VeraCrypt volumes mounted.
I have a feature request to warn users when they have Fast Boot enabled at the link below that you can vote-up.
Jul 11, 2016 at 1:27 AM
Edited Jul 11, 2016 at 1:47 AM
Search this site and you'll find a lot of information on this sort of thing.
For every info leak you find in Windows there are probably 3 you didn't
find. And soon an update will change the details of what is kept where
and introduce NEW leaks. So, while it probably isn't hard to plug this
particular leak (meaning recently used files), the total problem is far too
large, too complex, and too CHANGING, to use a piecemeal approach. The
best windows solutions are either:
-whole drive encryption as Enigma2Illusion suggests, with or without a
hidden OS, which is a option you should study if you go that route.
-put your Windows in a virtual machine, put the VM in a crypt, and use
a 'nix (linux, BSD, or something of that sort), either conventional or
live disk, preferably the latter, to run the VM. If you have
adequate hardware for it, there is a lot to be said for this approach.
-abandon Windows and use a linux live disk. You can customize one
with something like Respin or Pinguy if you use a Debian family linux,
like Ubuntu. If you use a Mandrake family linux, there is a similar tool,
actually a little better in my limited experience with it, but I forget the
name. PClinuxOS comes with it already installed.

One thing you said I found surprising:
"but some files will actually open up, even though I have dismounted
my VeraCrypt folder!"
Practically speaking, the answer is still the same. Figuring this out is an
example of the piecemeal approach which is no good in the end, as
already explained. But still, it IS interesting. Perhaps it is being cached
somwhere. For example, back in the neolithic I used to use a utility suite
called PCKwik which cached Disk reads in RAM, dynamically allocating
RAM as needed so the cache disappeared if the RAM was needed for
something else. Something like that might do it. Does the effect persist
across a reboot? Are you sure the file is actually open? Or, for example,
is it that a copy is held in RAM by the program you opened it with, which
hasn't been shut down? I have an ebook reader for example that will read
an entire epub file, holding the data in RAM, and CLOSE the file. The epub
is still readable as long as the program is open, even though the file is
closed. You could edit it, delete it, or dismount the filesystem it is on and
the reader wouldn't know it, nor would Veracrypt complain about a
file in use when you dismounted the crypt it is on, because the file is closed.
But you'd still be able to read the copy in RAM.