Yes, +1 for Process Hacker, it's basically an open source alternative to Sysinternals Process Explorer[0]. The service alerts noted in this article in particular led me to getting spooked and discovering that Windows Defender likes creating fun malware-like driver service names like MpKslasdfas3.sys. I'm at the point where it's always open to increase system awareness, and for quick filehandle views when I forget what application is stopping me from ejecting a USB.

[0] https://docs.microsoft.com/en-us/sysinternals/downloads/proc...

I find it weird that Windows doesn't already tell you what app is holding a file/directory/USB locked when you try to move/delete/eject something.

Is there some common use case that makes this hard?

Yeah I don't believe windows tells you in the pop-up at all. Spawning questions like https://superuser.com/questions/87364/can-windows-tell-me-wh...

For me sometimes it's something as simple as a "rogue" notepad I lost track of on another monitor.

I agree it doesn't tell you.

Your link has some great pointers, even the event log will straight up tell you.

So why doesn't the popup tell you?

It doesn't seem like a complicated issue, hence my query as I feel like I am missing something here.