This folder, filled with 25 .3mf files, showed up suddenly and without my consent:
According to file/folder properties, the folder and its files were created on 16 September 2015:
The file extension .3mf is associated with a Windows Store app called Microsoft 3D Builder, which I have never heard of before today.
WinStore.Mobile.exe (the Windows Store app) does not reveal when Microsoft 3D Builder was installed, but the file properties on C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.9.6.0_x64__8wekyb3d8bbwe\Builder3D.exe show that it was installed on 16 September 2015 at 06:04:01.
On that day, my computer was powered on, but I had been away for eight hours at the time the program was installed and would not be back for another three hours.
When I checked Windows Store for Microsoft 3D Builder, I saw this notice:
This app has permission to do the following:
- Use your webcam
- Use your microphone
- Access your Internet connection
So this suspicious app, Microsoft 3D Builder, was installed without my permission and presumably executed five hours later to create the "3D Objects" folder. It even has permission to use my peripherals. For all I know, it could have phoned home with information collected from my webcam and microphone!
I am not okay with this. Why was this unwanted software installed?
Other Details
- According to my Windows Update history, the only update installed on 16 September 2015 was
Definition Update for Windows Defender - KB2267602 (Definition 1.205.2644.0). - Event Viewer (
Event Viewer (Local) » Windows Logs » System) revealed that WindowsUpdateClient started downloading an update on 16 September 2015 at 06:03:55, just six seconds before the Windows 3D Builder executable was created. (Event XML shown further below) - Event Viewer also revealed
Installation Started: Windows has started installing the following update: 3D Builderon 16 September 2015 at 06:04:10. - Five seconds later:
Installation Successful: Windows successfully installed the following update: 3D Builder - 3D Builder does not show up under "Your Apps" in my Windows Store profile, but it shows as installed when I explicitly search for it.
Upon seeing this, I unchecked "Give me updates for other Microsoft products when I update Windows." in Settings » Update & security » Windows Update » Advanced options.
Still, the folder C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.9.6.0_x64__8wekyb3d8bbwe and all its contents inside look like it was created the same minute that Windows Update began "updating" 3D Builder.
Event Viewer XML
This Event Viewer entry shows that Windows Update was responsible for initiating the installation of 3D Builder, but it doesn't explain why.
44
1
4
1
12
0x8000000000002004
3451
System
Deltique-Win10
3D Builder
{1463A1FD-95AA-499F-8F4A-96B5D742D909}
1
Answer
Microsoft 3D Builder is a Windows 10 built-in app.
I had it all along, but the update silently triggered the creation of the 3D Objects sample folder.
Since there was no documentation on or notification about the update, I did a time range search around 16 September 2015 and found this news article by Softpedia published the same day:
Microsoft Releases Updates for Several Windows 10 Apps
Sure enough, 3D Builder was one of the updates shown in the Softpedia screenshot:
The Softpedia article noted that there are "no change logs", but in the version notes of 3D Builder, the publisher Microsoft Corporation wrote, "This release contains bug fixes and UI tweaks."
No comments:
Post a Comment