Windows superfetch file may causing privacy leak

[0x391F]

Describe the bug
Windows superfetch file (*.pf) may causing privacy leak

To Reproduce
Steps to reproduce the behavior:

1. Run bdcamsetup.exe in Sandboxie
2. Complete installation
3. Satrt Bandicam
4. Exit it
5. Delete contents
6. Open C:\Windows\Prefetch
7. BDCAM.EXE-XXXXXXXX.pf, BDCAMSETUP.EXE-XXXXXXXX.pf and BDMPEG1SETUP.EXE-XXXXXXXX.pf appear in C:\Windows\Prefetch

Expected behavior
I think the pf files blong to Sandboxed program shouldn't write to real system

System details and installed software (please provide the following information):

• What is your Windows edition and version?
  Windows 10 Enterprise LTSC 2019 x64 (1809).
• What is your current Sandboxie edition and version?
  Sandboxie 5.51.3 and Sandboxie-Plus 0.9.3).
• Please mention in which version this bug got introduced, because it acts as a guide for testers and developers.
• Please mention any security software running in the background, even if the real-time protection is disabled.

[bastik-1001]

At least that is something that is known, as it is mentioned in the documentation under Privacy Concerns.

[Dyras]

Maybe there should be info about this in the program? Or maybe even an option to disable Superfetch in Sandboxie?

It can easily be done with a registry file:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000000
"EnableSuperfetch"=dword:00000000

Edit: This doesn't seem to work. Hmmm.

[Shadowized]

@Dyras

Edit: This doesn't seem to work. Hmmm.

services.msc > SysMain = the Win10 name for superfetch, just disable that service and you're good.

[Dyras]

Yup, disabled SysMain definitely works. Was kind of hoping you could do it with a registry file though. Oh well.