Comment by Dylan16807

> there is no way external media should have anything to do with the encryption process.

Does this exploit have external media having anything to do with the encryption process? If yes, how do we know that? Remember that the OS normally unlocks the drive on boot, when no exploits are happening.

> Even if the OS chose to read a USB drive, to also delete the magical files is ridiculously suspect.

It's files in System Volume Information describing a transaction or something. It makes sense for it to resolve that transaction when mounting the external drive, and to then delete the files. And that's if it's even windows itself triggering the deletion.