Win10 Temp .evtx Flood Revisited

Executive summary of this bug: To curb rapid free space loss to %Windir%\Temp\*.evtx , do this:

• Regedit, HKLM\System\CCS\Services\AppXSvc, chrange Start from 3 to 4 (Disable)
• "Lifeboat" batch file to Del %WinDir%\Temp\*.evtx every 15 secs, loop forever
• "Run As Admin" desktop shortcut to batch file, for rapid emergency access

This is a workaround, not a cure; the cure must come from Microsoft as a meta-level bugfix of the Microsoft Store and App subsystem present in Windows 8.x and 10.  It's not enough to "step on ants" on a case-by-case basis via Feedback, Help or Support - and it's not a matter of fixing particular Apps that trigger the problem, as the bug lies not in what causes this error handling response, but in the error handling logic itself; endless, rapid, and uncotrolled retries and logging.

Why has this bug persisted for years?

Current Troubleshooters miss the issue entirely, making it harder to visualize the problem.  Storage Sense may launch appropriately, and show a massive Temporary Files footprint, but the bulk of this is not shown within the sub-categories that are offered to be cleared.

Space management utilities such as TreeSize or Windows Directory Statistics can't normally "see" into %WinDir%\Temp due to permissions issues that require "Run As Admin", making it harder for even tech-literate users to track down the problem.

Because the bug is in code that is infrequently invoked, there hasn't been a massive single outbreak of cases to attract the vendor attention we need.  As a "blind spot" to both vendor (not handled by Storage Sense) and user ("As Admin" blocks on inspecting %WinDir%\Temp), it's both under- and inadequately-reported; most threads run for pages before the .evtx files are seen, so that an accurate description of the bug is slower to surface As the usual end-point is "I dunno, just try re-installing Windows, maybe that will fix it", no "clean cure" emerges, so new victims may just give up.

However, when you do find threads on this problem, you see hundreds of "I have the same question" victims, so it's not so rare that we can forget about it.  As an unexpected bug in an exposed surface, it may be an exploitable vulnerability as well.

Metro, Modern, UWP...

When a vendor keeps shuffling the branding of a feature or product, it suggests attempts to re-launch it after initially being rejected in the marketplace.  We've seen that with MSN, and we're seeing that with "Metro", "Modern", "Universal Windows Platform" and evolving drifts from there.

UWP is a new subset platform added to Windows 8 to bridge the UI and platform divide between PCs and sub-PC mobile devices, so that programs could run both on large screens with keyboard and mouse, and tiny screens prodded by fat fingers.

The original form as added to Windows 8 was a grotesque throwback to Windows before 3.x, i.e. before there really was "windows".  Apps ran full-screen, with no visible UI to close them, and screen space was wasted on massive UI elements to work on tiny touch screens.  The first Apps didn't do anything better than properly-behaved Windows "desktop" programs, so there was nothing to attract PC users, and everything "called home" all the time, pushing you into losing anonymity and accepting the increased risks of being permanently logged into a Microsoft online Account.  Just why does a Calculator App need to access the Internet, anyway?

By Windows 10, Apps can at least be windowed, finally catching up with the Windows 3.yuk UI feature set, but UWP still feels like an unwanted blob stuck on what we'd rather use instead.

The UWP installer/updater subsystem 

The nature of UWP seems to be to run underfoot, similar to the way it's not UI-obvious on a smartphone as to what apps are still running in the background.

In particular, UWP appears to have a separate installer and updater subsystem, outside Windows Update and related user controls.  Compare installation and update activity as shown in Reliability, with what you see in Windows Update History, to see what I mean.

So in effect, Windows 10 has the Windows "desktop" .exe and .msi installation system, the UWP App system, and added to that by MS Office, "Click To Run".  The last two appear to be not only the least documented for our troubleshooting purposes, but the most invasive and buggiest as well.

It's "coding 101" to never fall into an endless loop, exhaust resources such as storage space, or lack situational awareness such as how often you are doing something, how long it takes to do, and whether it is worked.  The ".evtx flood bug" is such an embarrassing failure at so many of these points, undermining confidence in the UWP App system for developers, techs, and users.