Regarding desktop.ini:
As far as I know, when some antivirus programs detect something suspicious (for example, the samples that you download from the malware hub), they will perform their repair routine, no matter whether it is essential or not.
One step they like to take in their repair routine is to
disable the option "
Hide Protected Operating System Files (Recommended)". This will make many protected OS files become visible, including
desktop.ini.
In my own tests, the following antivirus programs have this issue:
In addition, I ever heard the following antivirus programs also have this issue, but I have not reproduced it:
To solve this problem, we only need to enable the option "
Hide Protected Operating System Files (Recommended)". More specifically, we only need to check the bottom checkbox in the following screenshot: