Yup I’ve been there. Was reading about elevated privilege access and the layersSimple fix - don't run consumer windows. The Store shit is much more deep than "I've got process hooked on my files", it is isolated and inaccessible to Administrator under a OS session. Imagine FreeBSD executing a chain of services and programs under a 'limited' user account from rc.d per default, where the files/sockets/process tables are protected by a rootkit.
On a Server 2022 installation the defender can interfere with imaging. It won't happen with FreeBSD but it might happen with imaging older Windows/DOS where some binary may be flagged as a virus. My workaround is to clean the disk using diskpart, before imaging.
/boot/loader.conf