This project has moved. For the latest updates, please go here.

File remains in 'Recent Files' in Win10

Topics: Technical Issues, Users Discussion
Mar 21 at 1:18 PM
Edited Mar 21 at 1:28 PM
I've looked around the forums before posting this but I have noticed that when you mount a drive/folder in VeraCrypt and you open picture files then unmount the drive/folder, the name of the picture file etc. that you have just viewed says in the Recent Files section in Windows 10.

If you then try and open the file you get a very brief flash of the file contents followed by the message that it is no longer available. You have to remove it manually from Recent Files. Windows is caching the file regardless of what VeraCrypt does..!

I've tried using the Encryption function that comes with Kaspersky Total Security to compare and I have to say that the Kaspersky leaves no trace, sure the name of the file is in Recent Files but when you open it the message is that the file has been moved or deleted. As it should...

Is there a way around this does anyone know. No point in encryption when the cached file is still viewable albeit briefly....

Many thanks

Mar 29 at 12:00 AM
The difference you're seeing between Veracrypt and Kaspersky is that with Kaspersky there is no mount, so the file location doesn't change. Windows recognizes that it can find the file but can't open it, rather than not being able to find it. The content was cached either way and could be recovered easily, you're just not seeing it with Kaspersky because Windows takes a few extra seconds/retries when it can't find a file vs. can't open it.

If you've concerns about thumbnails being viewed or other caching, you'll want to use full disk encryption. If you can't use full disk encryption, you can:
  1. Disable thumbnail caching
  2. Disable paging file.
  3. Disable hibernation file.
  4. Disable memory dumps.
It's not perfect - NTFS is still a journeling system so file names can be recovered, and programs may maintain their own cache that could be viewed. Full disk encryption is really recommended in this case. (Or, an encrypted VM on an unencrypted system can work as well if performance/space isn't a huge concern.)