I created a local mounting point with the STGMP_LOCAL and STGMP_NETWORK flags. Why is this drive visible in Windows Explorer's "Network" area?

A mounting point created with the STGMP_NETWORK flag consists of two parts: an optional drive name (either a drive letter, or a "hidden" mounting point name), and a UNC name (a mandatory network path that consists of the server name and the share name). The STGMP_LOCAL flag only affects the former of the two, the drive name. If this flag is set, the drive name will be only be visible to the specified user session.

The UNC name, on the other hand, is always globally visible and accessible to all sessions. That said, you can "hide" it from Windows Explorer by including the STGMP_NETWORK_HIDDEN_SHARE flag when creating the mounting point. That said, even a "hidden" network share can still be accessed directly by users/applications that know its UNC name; to prevent such access, check the session Id (with the help of the GetOriginatorToken method) during the CreateFile and OpenFile events, and if the user session shouldn't be allowed to access the drive, return the Windows error code ERROR_ACCESS_DENIED.