I have an electron app built with electron forge and @electron-forge/maker-appx. In the output appxmanifest.xml it reads <Application EntryPoint="Windows.FullTrustApplication"..., and according to here it is equivalent to uap10:RuntimeBehavior="packagedClassicApp", uap10:TrustLevel="mediumIL". Therefore I'm very surprised when all my write to %LOCALAPPDATA% is instead redirected to the "per-app per-user private folder" i.e. %LOCALAPPDATA%\Packages\<APP_ID> when the document here states that only TrustLevel="appContainer" has virtualization. How so?
here is incorrect:
Runs in a lightweight app container (and is therefore isolated using file system and registry virtualization).
File system + registration virtualization (aka "i/o virtualization") is a feature of RuntimeBehavior="packagedClassicApp", regardless of security context. That's because i/o virtualization is a compatibility feature (NOT a security feature).
All packagedClassicApp packaged processes get this virtualization behavior, unless explicitly disabled (in whole or in part). See https://learn.microsoft.com/en-us/windows/msix/desktop/flexible-virtualization for more details.
P.S. I've passed along word to correct the documentation.