usoclient.exe in Windows 10 wakes up my PC with Wake Source: Unknown

So for a few weeks now, I've been dismissing this new Windows 10 Creators Update nag dialog. Some days I wake up to find that my PC is already awake. It turns out that Microsoft's been doing something sneaky behind the scenes. I thought I'd done all the usual methods to prevent that scenario, such as disabling the mouse from being able to wake up Windows.  Looking in Event Viewer (eventvwr), I see the wake source is Unknown.




We can run a command in Windows Powershell to list all Scheduled Tasks that could wake the PC:

Windows PowerShell
Copyright (C) 2015 Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> Get-ScheduledTask | where {$_.settings.waketorun}

TaskPath                                       TaskName                          State
--------                                       --------                          -----
\Microsoft\Windows\.NET Framework\             .NET Framework NGEN v4.0.30319... Disabled
\Microsoft\Windows\.NET Framework\             .NET Framework NGEN v4.0.30319... Disabled
\Microsoft\Windows\rempl\                      shell                             Ready
\Microsoft\Windows\UpdateOrchestrator\         Reboot                            Disabled

Next, we can look in the Task Scheduler to locate this task.  Based on the above TaskPath of \Microsoft\Windows\rempl\, we can navigate from the Task Scheduler tree:  Task Scheduler Library > Microsoft > Windows > rempl.  Click on the Conditions tab and you'll see the culprit!  "Wake the computer to run this task".




You'll notice that the options for Power are most likely greyed out.  You should be able to make changes by right-clicking on the task name and selecting Properties.  This should bring up a dialog window where you can switch to the Conditions tab and un-check the Wake capability.



Hopefully your PC will now stay asleep until you actually wake it from the keyboard or power button.

As to what this script actually does, I looked through the Scheduled Task action executable and directory.  It looks like it starts some kind of Windows Update scan (usoscan?) and may be related to the Windows 10 Creators Update dialog.




Here's the contents of Unlock.xml that references "rempl" and "remsh.exe", which we saw in the Powershell "Get-ScheduledTask" output: 


C:\Program Files\rempl>type Unlock.xml
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Author>Sediment</Author>
    <Description>USO Scan upon Unlock</Description>
  </RegistrationInfo>
  <Triggers>
    <SessionStateChangeTrigger>
      <Enabled>true</Enabled>
      <StateChange>SessionUnlock</StateChange>
    </SessionStateChangeTrigger>
  </Triggers>
  <Principals>
    <Principal id="LocalSystem">
        <UserId>S-1-5-18</UserId>
        <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>false</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>6</Priority>
  </Settings>
  <Actions Context="LocalSystem">
    <Exec>
      <Command>%ProgramFiles%\rempl\remsh.exe</Command>
      <Arguments>/RunUsoScanOnly</Arguments>
    </Exec>
  </Actions>
</Task>

The following is a really good reference I used to help determine my culprit:
https://superuser.com/questions/973009/conclusively-stop-wake-timers-from-waking-windows-10-desktop/973029#973029

Comments

Post a Comment

Popular posts from this blog

Domain registrar pricing comparison (2014)

Registering a domain name is like trying to sign-up for and find the real cost of a cell phone plan. I couldn't find a good, unbiased and up-to-date domain price comparison (some try to funnel you to sign up for a particular registrar so they can earn a commission; I have affiliate links, but my chart is sorted by price alone!). This was pretty comprehensive, but out-of-date.   Now, this one is pretty close (Sept. 2012) , but didn't include pricing. So after personally visiting a bunch of registrar sites, I came up with the price list below. For today's post, I'm reserving comment about the quality or morality of most of these registrars, but I highly recommend doing an online search or checking a site like Better Business Bureau to make sure you're not going with a bait-and-switch type of company. These are all for a .com name, 1-year registration ignoring the introductory pricing (in other words, these are the year 2 and onward prices). These were checked
Read more

How to block the Admiral anti ad-block detection message

Image
I don't mind seeing the occasional banner or text ad while browsing web sites. What I do mind is malvertising, auto-playing videos (despite steps taken by browsers to stop auto-play) and excessive ads that slow down my browser to the point where it affects the user experience. This is on a modern quad-core desktop PC with 16 GB of RAM.  To that end, I gave in and installed uBlock Origin a few years ago. If ads and third-party tracking hadn't gotten so bad, I would not have had to resort to an ad-blocker. These days, sites are fighting back. They're using ad-block detection scripts in order to request that you whitelist their site. In some cases, I am happy to do this. Recently, I've seen a new one with the logo "Powered by Admiral", which pops up a modal and asks you to whitelist.  These are usually on sites that have a ton of auto-play videos and Taboola ads ("Doctors hate this one weird trick!"). I get it. Sites need ad revenue to fund thei
Read more