usoclient.exe in Windows 10 wakes up my PC with Wake Source: Unknown

So for a few weeks now, I've been dismissing this new Windows 10 Creators Update nag dialog. Some days I wake up to find that my PC is already awake. It turns out that Microsoft's been doing something sneaky behind the scenes. I thought I'd done all the usual methods to prevent that scenario, such as disabling the mouse from being able to wake up Windows.  Looking in Event Viewer (eventvwr), I see the wake source is Unknown.

We can run a command in Windows Powershell to list all Scheduled Tasks that could wake the PC:

Windows PowerShell
Copyright (C) 2015 Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> Get-ScheduledTask | where {$_.settings.waketorun}

TaskPath                                       TaskName                          State
--------                                       --------                          -----
\Microsoft\Windows\.NET Framework\             .NET Framework NGEN v4.0.30319... Disabled
\Microsoft\Windows\.NET Framework\             .NET Framework NGEN v4.0.30319... Disabled
\Microsoft\Windows\rempl\                      shell                             Ready
\Microsoft\Windows\UpdateOrchestrator\         Reboot                            Disabled

Next, we can look in the Task Scheduler to locate this task.  Based on the above TaskPath of \Microsoft\Windows\rempl\, we can navigate from the Task Scheduler tree:  Task Scheduler Library > Microsoft > Windows > rempl.  Click on the Conditions tab and you'll see the culprit!  "Wake the computer to run this task".

You'll notice that the options for Power are most likely greyed out.  You should be able to make changes by right-clicking on the task name and selecting Properties.  This should bring up a dialog window where you can switch to the Conditions tab and un-check the Wake capability.

Hopefully your PC will now stay asleep until you actually wake it from the keyboard or power button.

As to what this script actually does, I looked through the Scheduled Task action executable and directory.  It looks like it starts some kind of Windows Update scan (usoscan?) and may be related to the Windows 10 Creators Update dialog.

Here's the contents of Unlock.xml that references "rempl" and "remsh.exe", which we saw in the Powershell "Get-ScheduledTask" output:

C:\Program Files\rempl>type Unlock.xml
<Task version="1.4" xmlns="">
    <Description>USO Scan upon Unlock</Description>
    <Principal id="LocalSystem">
  <Actions Context="LocalSystem">

The following is a really good reference I used to help determine my culprit:


Popular posts from this blog

How to block the Admiral anti ad-block detection message

Domain registrar pricing comparison (2014)