How so? Everything that's interacted with by a computer can be exploited - in case of media files, here's[0] one example that gets talked about. I understand your frustration about flagging your harmless files as malicious, but it really shows just how difficult is to properly detect malware.
Are they? Compared to other forms (eg. trojans or browser/os 0days) they're not really common. I suspect you have a better chance of getting infected from a site asking you to download a "codec", than you have of the site serving you a malformed media file.
But how many of those are actually exploited, and how does that compare to the other vectors I mentioned? Media file exploits seem in same class of exploits as spectre/rowhammer. You hear about them often (not as often as spectre/rowhammer, but I frequently see security fixes being mentioned in media player changelogs), but you rarely hear about attacks that use them.
I think running pledge(2) on Windows is quite difficult. :)
(At least, I'm assuming the question here is "What should Windows Defender do?" I agree that the answer to "What should OpenBSD's built-in antivirus do?" is "Literally not even exist," which it already does.)
[0] https://security.stackexchange.com/questions/97856/can-simpl...